[MaraDNS list] How to get MaraDNS and Deadwood to talk to each other?

Joshua Kinard kumba at gentoo.org
Sat Mar 3 04:34:21 EST 2012 

On 03/03/2012 00:43, Joshua Kinard wrote:

> 
> I am looking at migrating a small, internal DNS server on my home network
> over to MaraDNS-2.x from PowerDNS (only because PowerDNS 3.0 no longer
> supports the LDAP backend module), but I am puzzled over how MaraDNS and
> Deadwood talk to each other (if they do at all).
> 
> Being that MaraDNs is the authoritative server and Deadwood the recursive
> server, what's the correct way to run both on the same host such that A/AAAA
> queries for an internal host get answered by MaraDNS and queries for
> everything else are answered by Deadwood?
> 
> Under PowerDNS, you point pdns to the "recursor" (precursor) via IP, and
> pdns will use the recursor to query for any domain that it is not
> authoritative for.  I cannot find the equivalent configuration for this in
> MaraDNS/Deadwood, or I am not configuring it correctly.  Having used
> PowerDNS for so long, I am not sure what MaraDNS' equivalent terminology for
> this setup is in the documentation.
> 
> It's also possible that because the documentation attempts to service both
> MaraDNS 1.4 and MaraDNS 2.0 questions simultaneously, where one did both
> authoritative/recursive and the other does authoritative only, that this
> adds to the confusion.
> 
> Current setup:
>  - MaraDNS listening on an internal IP for DNS queries.
>  - Deadwood listening on Loopback for recursive queries.
> 
> Actions:
>  - Queries for internal hosts to MaraDNS resolve correctly.
>  - Queries for external hosts to Deadwood resolve correctly.
>  - Queries for external hosts (e.g., Google) to MaraDNS do NOT resolve.
> 
> For item #3, my thinking is that MaraDNS should first look to see if it can
> answer the external query, then if not, have some way to kick the query over
> to Deadwood.  Once Deadwood determines if it can answer, then it should
> either return an answer or NXDOMAIN back to MaraDNS, which then forwards it
> back to the client.

Okay, I found the thread from October that partially clarified the way to
make MaraDNS and Deadwood talk to each other:

Make MaraDNS bound to loopback (127.0.0.1) and make Deadwood listen on the
private internal interface (I have already disabled filtering of RFC1918
addresses).  Then configure Deadwood to treat my local "root" domain as
different from the ICANN roots and fire the request to 127.0.0.1 so MaraDNS
can answer.

That works, but....

Deadwood will report back that the lookup is non-authoritative, which is
correct, but since it asked MaraDNS for the query, can't it speak "on behalf
of"?  Maybe I am missing something in my understanding here, because I've
used PowerDNS for so long.  It seems like having Deadwood and MaraDNS talk
directly to each other, perhaps via UNIX socket or some other internal
messaging mechanism might be more appropriate, versus having to query one
server for the Internet, and a second server for the local network.

Also, for Deadwood, how can I have it listen on both IPv4 and IPv6
simultaneously?  MaraDNS has indepdent variables for ipv4 and ipv6
addresses, but Deadwood only has "bind_address", which only appears to
accept a single value.

Thanks!

-- 
Joshua Kinard
Gentoo/MIPS
kumba at gentoo.org
4096R/D25D95E3 2011-03-28

"The past tempts us, the present confuses us, the future frightens us.  And
our lives slip away, moment by moment, lost in that vast, terrible in-between."

--Emperor Turhan, Centauri Republic

More information about the list mailing list