From m.ferlitsch at gmail.com Thu Aug 9 17:00:45 2012 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Thu, 9 Aug 2012 23:00:45 +0200 Subject: [MaraDNS list] isolate DNS-requests Message-ID: Hi, I want to run a recursive DNS-Server but it only should resolve some domains I want to allow. I only want to allow some domains to be resolved. Can maradns do this? Regards, Markus From m.ferlitsch at gmail.com Thu Aug 16 15:45:22 2012 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Thu, 16 Aug 2012 21:45:22 +0200 Subject: [MaraDNS list] whitelist for DNS-requests... Message-ID: Hi, I want to run a recursive DNS-Server but it only should resolve some domains I want to allow. I only want to allow some domains to be resolved. Can maradns do this? Regards, Markus From test24 at mail.ru Fri Aug 17 00:22:01 2012 From: test24 at mail.ru (test24) Date: Fri, 17 Aug 2012 07:22:01 +0300 Subject: [MaraDNS list] whitelist for DNS-requests... In-Reply-To: References: Message-ID: <148188551.20120817072201@mail.ru> ????????????, Markus. ?? ?????? 16 ?????? 2012 ?., 22:45:22: > Hi, > I want to run a recursive DNS-Server but it only should resolve some > domains I want to allow. > I only want to allow some domains to be resolved. Can maradns do this? > Regards, Markus upstream_servers = {} upstream_servers["domain1."] = "ip1" # NS for domain1 upstream_servers["domain2.com."] = "ip2" # NS for domain2.com # upstream_servers["."] = "128.0.0.1" # Any other requests go to unknown ip # The IP this program has bind_address="127.0.0.1, ..." # The IPs allowed to connect and use the cache and load balancer recursive_acl = "127.0.0.1/16," recursive_acl += ".../24," # Network 1 recursive_acl += ".../24" # Network 2 num_retries = 1 timeout_seconds = 3 timeout_seconds_tcp = 4 -- ? ?????????, test24 mailto:test24 at mail.ru From m.ferlitsch at gmail.com Sat Aug 18 17:23:36 2012 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sat, 18 Aug 2012 23:23:36 +0200 Subject: [MaraDNS list] whitelist for DNS-requests... In-Reply-To: <148188551.20120817072201@mail.ru> References: <148188551.20120817072201@mail.ru> Message-ID: Thanks, I will try it! :-) 2012/8/17 test24 : > ????????????, Markus. > > ?? ?????? 16 ?????? 2012 ?., 22:45:22: > >> Hi, > >> I want to run a recursive DNS-Server but it only should resolve some >> domains I want to allow. >> I only want to allow some domains to be resolved. Can maradns do this? > >> Regards, Markus > > upstream_servers = {} > upstream_servers["domain1."] = "ip1" # NS for domain1 > upstream_servers["domain2.com."] = "ip2" # NS for domain2.com > # > upstream_servers["."] = "128.0.0.1" # Any other requests go to unknown ip > > # The IP this program has > bind_address="127.0.0.1, ..." > > # The IPs allowed to connect and use the cache and load balancer > recursive_acl = "127.0.0.1/16," > recursive_acl += ".../24," # Network 1 > recursive_acl += ".../24" # Network 2 > > num_retries = 1 > timeout_seconds = 3 > timeout_seconds_tcp = 4 > > > -- > ? ?????????, > test24 mailto:test24 at mail.ru > From maradns at gmail.com Thu Aug 23 10:27:51 2012 From: maradns at gmail.com (Sam Trenholme) Date: Thu, 23 Aug 2012 10:27:51 -0400 Subject: [MaraDNS list] isolate DNS-requests In-Reply-To: References: Message-ID: Have upstream_servers["."] point to a non-responsive IP, and have upstream_servers["example.com."] point to another recursive DNS server. Look at http://maradns.org/deadwood/doc/dwood3rc-all for an example of the syntax. - Sam On Thu, Aug 9, 2012 at 5:00 PM, Markus Ferlitsch wrote: > Hi, > > I want to run a recursive DNS-Server but it only should resolve some > domains I want to allow. > I only want to allow some domains to be resolved. Can maradns do this? > > Regards, Markus From maradns at gmail.com Thu Aug 23 10:30:27 2012 From: maradns at gmail.com (Sam Trenholme) Date: Thu, 23 Aug 2012 10:30:27 -0400 Subject: [MaraDNS list] MaraDNS update Message-ID: ==MaraDNS update== I have finished up porting all of MaraDNS 2.0's SQA tests to work in CentOS 6 (RHEL6/Oracle Linux 6/Scientific Linux 6). MaraDNS 2.0 is now fully RHEL6 compatible. There is a bug somewhere in CentOS 6 that causes Valgrind to report a 24-byte fixed-size leak when MaraDNS is compiled with '-O2'; since the leak goes away when MaraDNS is compiled with '-g', it's an error with the compiler and/or Valgrind. I'm not going to waste time chasing ghosts that change with different compiler flags. I have added a couple of documents to the MaraDNS tarball: TESTING.PROCEDURE, which describes how to compile and run MaraDNS so it passes all SQA regressions in CentOS 6, as well as README.malloc, which spells out how MaraDNS and Deadwood act on systems where malloc() fails. If anyone wishes MaraDNS/Deadwood to handle malloc differently, show me the money and we will talk. I would need a five-figure sum (in US dollars or Euros) on the table to even consider looking at the issue. ==OS Support== The version of Linux that MaraDNS officially supports has been under a lot of flux. Last year, CentOS was really slow with security updates so I moved over to Scientific Linux. This year, CentOS has finally caught up and Scientific continues to have issues with routine security updates breaking things (I had an issue last year where a security-only update broke wireless networking; just this week a security-only update in Scientific Linux broke X on one of my virtual machines). If CentOS ever lags with security updates again, I will try out Oracle Linux. The point being, the next MaraDNS release is supported on any RHEL6-compatible clone of Linux. Right now, I develop it on CentOS 6, but that can become Oracle Linux 6 or Scientific Linux 6 depending on which RHEL clone is most up-to-date with security fixes. I am no longer using Windows XP and will change the official version of Windows supported to be Windows 7 when I make my Deadwood release next month. I have updated the operating systems MaraDNS supports in 2012; I will not update them again until 2017 (both RHEL6 and Windows 7 will be supported by their vendors until 2020). ==Current plans== Now that both MaraDNS and Deadwood have been updated for CentOS 6, my plan is to release a new Deadwood release in September, followed by a new MaraDNS release in October. I plan to work on MaraDNS/Deadwood again one day next month (September), after the 20th, unless a critical security bug with a CVE number is found. This will be--barring a CVE report--my last posting to the mailing list until then.