From maradns at gmail.com Sun Feb 12 01:41:30 2012 From: maradns at gmail.com (Sam Trenholme) Date: Sun, 12 Feb 2012 01:41:30 -0500 Subject: [MaraDNS list] MaraDNS 2.0.05 released Message-ID: I have released MaraDNS 2.0.05 today. This release updates the recursive code to use Deadwood 3.2.01 and fixes CVE-2011-5056. All users of MaraDNS are encouraged to update to 2.0.05, unless one has a really compelling reason to still use a 1.4 release (MaraDNS 1.x users should be using 1.4.10). It can be downloaded here: http://www.maradns.org/download.html http://sourceforge.net/projects/maradns - Sam From remco at webconquest.com Sun Feb 12 01:52:30 2012 From: remco at webconquest.com (Remco Rijnders) Date: Sun, 12 Feb 2012 07:52:30 +0100 Subject: [MaraDNS list] MaraDNS 2.0.05 released In-Reply-To: References: Message-ID: On Sun, Feb 12, 2012 at 01:41:30AM -0500, Sam wrote in : >I have released MaraDNS 2.0.05 today. This release updates the >recursive code to use Deadwood 3.2.01 and fixes CVE-2011-5056. > >All users of MaraDNS are encouraged to update to 2.0.05, unless one >has a really compelling reason to still use a 1.4 release (MaraDNS 1.x >users should be using 1.4.10). Hi Sam, Thank you for the continued releases and updates to MaraDNS. Something I've been wondering, are you aware of any Linux distributions that offer MaraDNS 2.* instead of 1.4.* ? Are there any special things one should be aware of when upgrading an existing installation to the 2.* series? The reason I'm asking is that I'm hoping to package 2.* for Mageia Linux. Thanks! Remmy From maradns at gmail.com Sun Feb 12 02:08:30 2012 From: maradns at gmail.com (Sam Trenholme) Date: Sun, 12 Feb 2012 02:08:30 -0500 Subject: [MaraDNS list] MaraDNS 2.0.05 released In-Reply-To: References: Message-ID: > Something I've been wondering, are you aware of any Linux distributions that > offer MaraDNS 2.* instead of 1.4.* ? Nicholas Bamber has worked really hard and has updated the Debian package to use MaraDNS 2: http://packages.debian.org/source/experimental/maradns > Are there any special things one should be aware of when upgrading an > existing installation to the 2.* series? The big thing to keep in mind when updating from 1.x to 2.0.05 is that MaraDNS and Deadwood can not use the same IP. MaraDNS only serves local (authoritative) records; all recursion (records on other machines) is handled by Deadwood. I have some hints on updating from MaraDNS 1.x to 2.0 here: http://maradns.org/tutorial/update.html#2.0 - Sam - Sam From remco at webconquest.com Sun Feb 12 02:14:57 2012 From: remco at webconquest.com (Remco Rijnders) Date: Sun, 12 Feb 2012 08:14:57 +0100 Subject: [MaraDNS list] MaraDNS 2.0.05 released In-Reply-To: References: Message-ID: <20120212071457.GA14865@winter.webconquest.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Feb 12, 2012 at 02:08:30AM -0500, Sam wrote in : >> Something I've been wondering, are you aware of any Linux distributions that >> offer MaraDNS 2.* instead of 1.4.* ? > >Nicholas Bamber has worked really hard and has updated the Debian >package to use MaraDNS 2: > >http://packages.debian.org/source/experimental/maradns > >> Are there any special things one should be aware of when upgrading an >> existing installation to the 2.* series? > >The big thing to keep in mind when updating from 1.x to 2.0.05 is that >MaraDNS and Deadwood can not use the same IP. MaraDNS only serves >local (authoritative) records; all recursion (records on other >machines) is handled by Deadwood. > >I have some hints on updating from MaraDNS 1.x to 2.0 here: > >http://maradns.org/tutorial/update.html#2.0 Thanks, that's very useful! Nicholas, I am interested in hearing how you are handling existing configurations that used both recursive and authorative on the same IP, as well as any options which are no longer supported. Or are you leaving those for the end user to solve? Thanks, Remmy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJPN2bxAAoJEOsuQJrxVIpn9yoQAJs+zqC6RGfk2XbE1ns0nxk1 9i8QZjbC8b9esp4o1cPsHCFEqqu1uvgK6Naoe+RG/1eW/2kKGE+62hxqiEH6TSGv crQRO0b3TvijyUlYE16tqx8o30DPvsdEveeyLT75emMNDE+9J/8hVMHsO8icMklr xh2jtSQOs9wezbvKIwc12V6xp2pCj9iPDM6d2sCS5AfEnypsVB96s9tWfC/BsY/P FZLY+vtlXWNzrIIKCU/0K6VHlKlSBpHefmPOL/mXxsd935SNqSC+Xa3c/RmH5ylX uqb9tyYk2k8mI0jgHCr6NVOU7yNFna0AQW2Eeivluwa7kbZsNc01Sd4vFTDtj08z EQvp7R2CFdwSw9784WdDANcw1ivk+FfB+HNZVAHH0U9OfrXdcdr/DsdFtBzKd3vV HH1s/+Y+M/VoYmMMvoEXrtRDlbZVQel55V9mcEQN3g+KtUZtYRLcC46YXYObSDEI N5KqPsQTEiwTPEeDenzPWUa84gB6a5EAe2bdmK3bpa6rVXiw0afgukqEwJ0XH7oy NvKKNDep0O8CzeMJh8SUqW1pSy3C6Vu6r2A0CUMZOtF+KYshWObs8ItUErLH+ISJ U1QbBixuATyrF6pSYpO4LuQnqR5xmWVlOGbOFVAzpQCKuMdD8KTJJdlqHHXvmAUV s7m1l/gc9uWEafl2q13e =+9oe -----END PGP SIGNATURE----- From nicholas at periapt.co.uk Sun Feb 12 05:51:30 2012 From: nicholas at periapt.co.uk (Nicholas Bamber) Date: Sun, 12 Feb 2012 10:51:30 +0000 Subject: [MaraDNS list] MaraDNS 2.0.05 released In-Reply-To: <20120212071457.GA14865@winter.webconquest.com> References: <20120212071457.GA14865@winter.webconquest.com> Message-ID: <4F3799B2.4030506@periapt.co.uk> Remmy, Yes I am the maintainer for maradns on Debian. At the moment if you just keep doing 'apt-get upgrade' you will never get out of the 1.4.x series on Debian. (On Ubuntu they messed up the version numbers but the same is true). The 2.x series is packaged however. To get it you have to add "experimental" to souces in '/etc/apt/sources.list'. Then what you get is that the maradns package only gives you the authoritative server. The maradns-deadwood will give you the recursive server but you have to do all the configuration itself. To get the 2.x backwards compatible with 1.4.x cannot be done without asking the user about IP addresses. So the debconf system needs to be brought in. Even if I go for the really cheap option of usuing ucf I need to devote soem time to my other DEbian packages and other work. I will of course be picking up 2.0.05 shortly. On 12/02/12 07:14, Remco Rijnders wrote: > On Sun, Feb 12, 2012 at 02:08:30AM -0500, Sam wrote in > : >>> Something I've been wondering, are you aware of any Linux distributions that >>> offer MaraDNS 2.* instead of 1.4.* ? > >> Nicholas Bamber has worked really hard and has updated the Debian >> package to use MaraDNS 2: > >> http://packages.debian.org/source/experimental/maradns > >>> Are there any special things one should be aware of when upgrading an >>> existing installation to the 2.* series? > >> The big thing to keep in mind when updating from 1.x to 2.0.05 is that >> MaraDNS and Deadwood can not use the same IP. MaraDNS only serves >> local (authoritative) records; all recursion (records on other >> machines) is handled by Deadwood. > >> I have some hints on updating from MaraDNS 1.x to 2.0 here: > >> http://maradns.org/tutorial/update.html#2.0 > > Thanks, that's very useful! > > Nicholas, I am interested in hearing how you are handling existing > configurations that used both recursive and authorative on the same IP, as > well as any options which are no longer supported. Or are you leaving > those for the end user to solve? > > Thanks, > > Remmy -- Nicholas Bamber | http://www.periapt.co.uk/ PGP key 3BFFE73C from pgp.mit.edu From maradns at gmail.com Sun Feb 12 11:39:05 2012 From: maradns at gmail.com (Sam Trenholme) Date: Sun, 12 Feb 2012 11:39:05 -0500 Subject: [MaraDNS list] MaraDNS 2.0.05 released In-Reply-To: <4F3799B2.4030506@periapt.co.uk> References: <20120212071457.GA14865@winter.webconquest.com> <4F3799B2.4030506@periapt.co.uk> Message-ID: > ? ? ? ?To get the 2.x backwards compatible with 1.4.x cannot be done without > asking the user about IP addresses. So the debconf system needs to be > brought in. Even if I go for the really cheap option of usuing ucf I > need to devote soem time to my other DEbian packages and other work. Making 2.x backwards compatible with 1.4.x is non-trivial. MaraDNS's versioning scheme is, unlike a lot of software (As just one example, Firefox *cough* *cough*) [1], the traditional scheme that increasing the major version number means that old configurations will break. I originally had the intention of having Deadwood support all of MaraDNS' parameters, so that a mararc file would parse in Deadwood without problem. Alas, as I was getting engaged with my girlfriend I realized that spending a lot of time working hard on software without getting paid was no longer a reasonable life choice for me to make, so I had to discard a lot of big plans I had for Deadwood. :( However, since the plan was at one point to be 100% compatible with a MaraDNS 1.x mararc file, Deadwood's file configuration format is remarkably similar. I do not think making a Perl script or what not to make a MaraDNS 1.x configuration file MaraDNS 2 compatible would be too difficult. Some points: * The authoritative parts of the conversion file will stay in mararc. The recursive bits would go to Deadwood. * A mararc 1.x file will work with the authoritative half of MaraDNS 2 if the "recursive_acl" line is commented out (other recursion-based parameters are just ignored in MaraDNS 2) * Any leading white space will need to be removed when converting a MaraDNS 1.x configuration file in to a Deadwood configuration file. * MaraDNS and Deadwood use line-based formats, so simple line-based processing (such as "perl -pe") can convert the configuration files. * verbose_level should be multiplied by 20 in a maradns -> deadwood conversion * retry_cycles should be multiplied by three and converted in to num_retries (retry_cycles was the number of times we tried contacting all name servers for a given answer; num_retries is the total number of times we try contacting a name server) * http://maradns.org/tutorial/update.html#2.0 claims that Deadwood does not support "reject_ptr". This is no longer true; Deadwood 3.2 has reject_ptr support. Unfortunately, I am no longer in a position to implement a Perl or whatever script to do this conversion, but I will gladly host the work of anyone who wants to tackle this. I will not add the script to the MaraDNS/Deadwood tree because I can not take responsibility for any bugs the script may have. - Sam [1] Deadwood uses a different numbering scheme: Each increase in the major number means the addition of a significant new feature. It follows the plan I had back in October of 2007 [2]: Deadwood 1 is a non-caching, non-recursive DNS forwarder, Deadwood 2 is a non-recursive caching DNS forwarder, and Deadwood 3 is a fully recursive DNS cache. Deadwood 3.2 implements some things I meant to get in to Deadwood 3.0 (better CNAME handling and finer time stamps), but didn't have the time to. [2] http://maradns.blogspot.com/2007/10/groundbreaking-of-deadwood-project.html From info at rickvanderzwet.nl Mon Feb 13 15:39:18 2012 From: info at rickvanderzwet.nl (Rick van der Zwet) Date: Mon, 13 Feb 2012 21:39:18 +0100 Subject: [MaraDNS list] MaraDNS2 and FreeBSD Message-ID: Hi Sam, After running MaraDNS1 on our Open Source Wireless Community/Region Network (http://wirelessleiden.nl - 100+ nodes) for almost 2 years, it is time to move one to MaraDNS2. I have been trying to get MaraDNS2 to be packaged up, so that I can also submit it to FreeBSD ports. The current progress is found here: http://svn.wirelessleiden.nl/svn/code/ports/dns/maradns2 Just a few questions I run into to get it going and packaged: 1) Do you like to package deadwood and maradns2 together or do you rather like to see them as two separate packages? I would personally vote for the second option as one could now use Deadwood without running MaraDNS, but it is your call to make. 2) I am currently hacking ./configure to get rid of the not-supported-os warning; see the attached configure.patch Do I need to run some test-suites to mark it officially supported under FreeBSD? 3) The FreeBSD default location for add-on packages is /usr/local/sbin/maradns, how-ever this is rather lengthy in the syslog. Maybe the patch as found in the dns/maradns port of FreeBSD (credits to n j [1] ), to trim the path off is interesting to look at. It is attached as tools_duende.c.patch 4) Do you want your website to be the default mirror or the SF one? Thanks for MaraDNS! We love it for it's low-memory footprint, stable operation, less-cpu hungry, authoritative abilities and recursive resolving abilities. Br. /Rick [1] http://www.freebsd.org/cgi/cvsweb.cgi/ports/dns/maradns/files/patch-tools_duende.c?rev=1.3 From nino80 at gmail.com Tue Feb 14 03:16:06 2012 From: nino80 at gmail.com (n j) Date: Tue, 14 Feb 2012 09:16:06 +0100 Subject: [MaraDNS list] MaraDNS2 and FreeBSD In-Reply-To: References: Message-ID: Hello Rick, On Mon, Feb 13, 2012 at 9:39 PM, Rick van der Zwet wrote: > ... > ?3) The FreeBSD default location for add-on packages is > /usr/local/sbin/maradns, how-ever this is rather lengthy in the > syslog. Maybe the patch as found in the dns/maradns port of FreeBSD > (credits to ?n j [1] ), to trim the path off is > interesting to look at. It is attached as tools_duende.c.patch > ... The porting effort for MaraDNS v2 was practically done, but the port maintainer had been busy at the time porting virtualbox (indeed an important effort) so it never got committed. You can find the last set of patches at http://home.bluelife.at/patches/maradns-2.0.02.diff (port maintainer's private repository), maybe it can help you. Some of those changes I did myself, so feel free to ask if you need help. Additionally, there was some discussion on this list about FreeBSD support which resulted in commits to MaraDNS source, see http://woodlane.webconquest.com/pipermail/list/2012-January/001031.html. Regards, -- Nino From nicholas at periapt.co.uk Tue Feb 14 04:45:28 2012 From: nicholas at periapt.co.uk (Nicholas Bamber) Date: Tue, 14 Feb 2012 09:45:28 +0000 Subject: [MaraDNS list] MaraDNS2 and FreeBSD In-Reply-To: References: Message-ID: <4F3A2D38.1020607@periapt.co.uk> Ooh that's me! I have to make a big disclaimer. I am the Debian mainrainer for maradns. Obviously Debian is primarily known for being built around a linux kernel. But it also supports freebsd and hurd kernels. Maradns has always built perfectly well on Debian FreeBSD. So when Sam dropped the FreeBSD makefile from te 2.0.x series I had to recinstruct it somhow. However as we have a few and gowing number of patches on the makefiles and what with the deadwood changes this was not a simple matter of copying the file to Sam. Furthermore in working on 2.0.x I spotted some mistakes at least from my perspective. So altogether I would feel relieved if you FreeBSD guys would treat that makefile with due suspicion. Since I mentioned hurd, I only recently got maradns to compile on that platform but it only requied a very small patch and the normal linux makefile works for hurd: http://patch-tracker.debian.org/patch/series/view/maradns/2.0.05-1/hurd.patch On 14/02/12 08:16, n j wrote: > Hello Rick, > > On Mon, Feb 13, 2012 at 9:39 PM, Rick van der Zwet > wrote: >> ... >> 3) The FreeBSD default location for add-on packages is >> /usr/local/sbin/maradns, how-ever this is rather lengthy in the >> syslog. Maybe the patch as found in the dns/maradns port of FreeBSD >> (credits to n j [1] ), to trim the path off is >> interesting to look at. It is attached as tools_duende.c.patch >> ... > > The porting effort for MaraDNS v2 was practically done, but the port > maintainer had been busy at the time porting virtualbox (indeed an > important effort) so it never got committed. > > You can find the last set of patches at > http://home.bluelife.at/patches/maradns-2.0.02.diff (port maintainer's > private repository), maybe it can help you. Some of those changes I > did myself, so feel free to ask if you need help. > > Additionally, there was some discussion on this list about FreeBSD > support which resulted in commits to MaraDNS source, see > http://woodlane.webconquest.com/pipermail/list/2012-January/001031.html. > > Regards, -- Nicholas Bamber | http://www.periapt.co.uk/ PGP key 3BFFE73C from pgp.mit.edu From maradns at gmail.com Tue Feb 14 23:01:20 2012 From: maradns at gmail.com (Sam Trenholme) Date: Tue, 14 Feb 2012 23:01:20 -0500 Subject: [MaraDNS list] MaraDNS2 and FreeBSD In-Reply-To: References: Message-ID: > Just a few questions I run into to get it going and packaged: You know, I'm really pleased that you're using MaraDNS and that it's useful for you. I do plan on answering your questions this weekend--It's important for me to keep a partition between when I'm working on my day job (during the week) and when I'm working on MaraDNS (weekends when I'm free). (The "official" answer is that MaraDNS is only supported on RedHat Enterprise Linux derived systems and partially supported on Microsoft Windows, but this is open source so there's a little more leeway) Anyway, Nino (?should we say Ni?o?) and Nicholas Bamber have given you some pointers that you can look at in the meantime. I would like to thank them for their contributions to the MaraDNS mailing list. And, an extra, extra special thanks to Nicholas Bamber for putting up with the Debian bureaucracy and keeping the Debian MaraDNS package up to date. - Sam From nino80 at gmail.com Wed Feb 15 02:17:59 2012 From: nino80 at gmail.com (n j) Date: Wed, 15 Feb 2012 08:17:59 +0100 Subject: [MaraDNS list] MaraDNS2 and FreeBSD In-Reply-To: References: Message-ID: On Wed, Feb 15, 2012 at 5:01 AM, Sam Trenholme wrote: > Anyway, Nino (?should we say Ni?o?) and Nicholas Bamber have given you No, actually. I'm not Spanish :-). -- Nino From maradns at gmail.com Sun Feb 19 20:37:57 2012 From: maradns at gmail.com (Sam Trenholme) Date: Sun, 19 Feb 2012 20:37:57 -0500 Subject: [MaraDNS list] MaraDNS2 and FreeBSD In-Reply-To: References: Message-ID: > ?1) Do you like to package deadwood and maradns2 together or do you > rather like to see them as two separate packages? I would personally > vote for the second option as one could now use Deadwood without > running MaraDNS, but it is your call to make. I agree--they really are two separate packages. The main reason that I bundle Deadwood with MaraDNS 2 is so MaraDNS 2 has the same level of functionality as MaraDNS 1 (albeit across two separate programs) > ?2) I am currently hacking ./configure to get rid of the > not-supported-os warning; see the attached configure.patch Do I need > to run some test-suites to mark it officially supported under FreeBSD? To paraphrase "The Princess Bride": "Support". You keep using that word. I do not think it means what you think it means. Support has two distinct definitions: 1) The program compiles and runs on a given OS. 2) I am responsible for answering any and all questions someone may have about running MaraDNS/Deadwood on said OS. I am willing to add a separate Makefile to compile MaraDNS in FreeBSD. Actually, Nicholas Bamber has already done so; I added it to MaraDNS 2.0.05. What I am not willing to do is answer questions people may have about FreeBSD on this mailing list, because, well, I don't run FreeBSD. [2] The only supported OSes for MaraDNS are Windows and Red Hat Enterprise Linux derivatives. > ?3) The FreeBSD default location for add-on packages is > /usr/local/sbin/maradns, how-ever this is rather lengthy in the > syslog. Maybe the patch as found in the dns/maradns port of FreeBSD > (credits to ?n j [1] ), to trim the path off is > interesting to look at. It is attached as tools_duende.c.patch The version of Duende you should patch is Nicholas Bamber's version, which is tools/duende-ng.c. He may or may not accept your match; when he does, I will patch that version of Duende. > ?4) Do you want your website to be the default mirror or the SF one? My website http://maradns.org/ > Thanks for MaraDNS! We love it for it's low-memory footprint, stable > operation, less-cpu hungry, authoritative abilities and recursive > resolving abilities. Thank you for the kind words. I will gladly include a file with MaraDNS to get MaraDNS to work under FreeBSD as a single patch file with the name "unsupported" in it, such as "unsupported-FreeBSD-compile.patch". This will be placed in the "build" directory. The only thing I ask is that I will forward you any FreeBSD questions people may ask on the MaraDNS mailing list; it will be your responsibility to answer them. Or not answer them, as the case may be. - Sam [2] Linux makes more sense for me because the kinds of Virtual Private Servers that fall within my budget (in other words nodes that are the cheapest, most overloaded, frequently down because someone else on the same node is getting a DDOS attack nodes) generally run as OpenVZ nodes in Linux: http://lowendstock.com From maradns at gmail.com Wed Feb 29 03:41:38 2012 From: maradns at gmail.com (Sam Trenholme) Date: Wed, 29 Feb 2012 03:41:38 -0500 Subject: [MaraDNS list] Deadwood 3.2.02 released Message-ID: Now that I have gotten a raise at work, there are a few things that will change with MaraDNS: * I will not have annoying funding drives for the foreseeable future. Yeah, I got some pocket change from those drives, but my day job is keeping me busy enough these days. * I will only fix critical and security bugs for MaraDNS; I will probably only check my MaraDNS email once a month or so. If you have found a critical security hole in MaraDNS, please go to http://samiam.org/mailme.php and let me know about it. * I finally got a Flattr account; since I am no longer seeking big donations, getting pocket change from Flattr users makes sense. My Flattr page is here: http://flattr.com/thing/543259/MaraDNS-a-tiny-security-aware-DNS-server ; I also have a Flattr link near the bottom on http://maradns.org. Let's see how long it will take before the first Flattr user decides they like MaraDNS. * I have placed non-intrusive text ads on MaraDNS.org again. It's not a lot of money, but it covers hosting expenses should the page ever become viral. Since it will (hopefully) be a while before another Deadwood release, I have released Deadwood 3.0.02 today. Should everything go well, I will not need to make another Deadwood release until February 29 rolls around again. :) It can be downloaded here: http://www.maradns.org/deadwood/stable/ A changelog is here: http://www.maradns.org/deadwood/doc/CHANGELOG I plan on updating the version of Deadwood bundled with MaraDNS to be 3.2.02 sometime next month. This will be my last work on MaraDNS for a while, barring a critical and/or security bug being found. - Sam