[MaraDNS list] Deadwood usage guide

Sam Trenholme maradns at gmail.com
Tue Nov 22 17:23:36 EST 2011


Deadwood, MaraDNS 2.0's recursive resolver, has a number of useful
features that resolves routine DNS headaches.

One DNS headache is that a number of Linux applications request an
IPv6 DNS record before falling back to an IPv4 record.  There is no
way to disable this in the system; each application that does this has
to be patched.  Or, one can use Deadwood to resolve IPs and have the
following line in one's Deadwood configuration file:

reject_aaaa = 1

Another *NIX annoyance are applications that perform a reverse DNS
lookup, which can cause some applications to make you wait over a
minute before there is a DNS timeout. These kinds of lookups can be
stopped dead in their tracks with Deadwood:

reject_ptr = 1

Another issue is malware.  For example, a family member's computer has
been infected with a virus that redirects Google results to
spam-filled pages.  The people responsible for this malware use a
large number of different domains that all resolve to the same IP.

Deadwood has support for having up to 1,000 different IPs in one's
results black-listed; if we get a DNS reply with a black-listed IP,
the reply is not sent to us.  For example, the malware authors are
currently using the IP 64.111.199.250 to host these unwanted
redirects.  To blacklist this, one can add this to one's dwood3rc
file:

ip_blacklist = "64.111.199.250"

Once this is added, remove Deadwood's cache file (to do: Warn the user
if the timestamp for the cache file is newer than the timestamp for
the dwood3rc file), restart Deadwood, and malware domains listed by
the IP will no longer work.

These IPs are in a hash, so there is no slowdown having only one or
having 900 such blacklisted IPs.

Just some ways Deadwood, despite being a tiny 64k binary, can be useful.

- Sam


More information about the list mailing list