From maradns at gmail.com Tue Aug 20 04:20:56 2013 From: maradns at gmail.com (Sam Trenholme) Date: Tue, 20 Aug 2013 01:20:56 -0700 Subject: [MaraDNS list] August 2013 report: No news is good news Message-ID: I have been using MaraDNS-2.0.07c (Deadwood 3.2.03c) for a month now and it is working really nicely; I haven't found a single DNS name out there which this release can't solve after a month of "dogfood" testing. My plan is to make MaraDNS-2.0.07c the stable release in another month if I encounter no problems. I encourage users to use this release and report here any DNS names which resolve with other DNS server but not with Deadwood 3.2.03c. Downloads: http://maradns.org/download/2.0/snap/ http://maradns.org/deadwood/snap/ - Sam From aschorr at telemetry-investments.com Tue Aug 27 13:47:48 2013 From: aschorr at telemetry-investments.com (Andrew J. Schorr) Date: Tue, 27 Aug 2013 13:47:48 -0400 Subject: [MaraDNS list] how do I configure separate servers for internal and external DNS on the same host in version 2.0? Message-ID: <20130827174748.GA2700@ti119.telemetry-investments.com> Hi, I'm trying to migrate from maradns 1.4 to maradns 2.0, and I'd appreciate some help with the configuration. I have a perhaps unusual setup with version 1.4. I have a server with two ethernet interfaces: one faces our internal network, and the other faces the ethernet. With maradns 1.4, I run two copies of maradns ("internal" and "external") on this host. The internal copy binds to port 53 on the loopback and internal NIC IP addresses. Here are the interesting parts of the mararc file for the internal server: ipv4_bind_addresses = "127.0.0.1,192.168.58.74,192.168.58.1" chroot_dir = "/var/maradns/internal" csv2 = {} csv2["telemetry-investments.com."] = "db.telemetry-investments.com" recursive_acl = "127.0.0.1/32,192.168.0.0/16" admin_acl = "127.0.0.1/32" This server provides recursive internet lookups for our local hosts, and it serves up internal DNS entries for our local RFC 1918 network. The external server acts as an authoritative server for our domain. It binds to the IP addresses on the internet-facing NIC. Here is the start of its mararc file: ipv4_bind_addresses = "38.76.0.54,38.76.0.58,38.76.0.61" chroot_dir = "/var/maradns/external" csv2 = {} csv2["telemetry-investments.com."] = "db.telemetry-investments.com" These 2 servers can coexist on the same host without conflicting, since they bind to different addresses. To upgrade to version 2, I think I'd need to run 3 servers on the machine: one instance of deadwood to provide recursive lookups for my local hosts, one copy of maradns to serve our internal intranet DNS lookups, and another copy facing the external world. I think the configuration of the internet-facing maradns server should be just about the same. But I'm at a loss for how to configure the internal side. In order for me to run the internal maradns server, I think I would need to bind it to a port other than 53, since deadwood will bind to port 53 on localhost and on the internal NIC addresses, and the external maradns binds to port 53 on the internet NIC addresses. The deadwood config file has an upstream_port variable, but I don't see a way to have different port values for different upstream servers. In other words, I think I want to have the internal maradns bind to localhost on a port other than 53 (by setting dns_port to some other value), and then I want to tell deadwood to contact that instance of maradns on a non-standard port. But if I set upstream_port to some other value, I assume it will then fail on its recursive lookups for normal internet addresses. The easy solution is to run the internal copy of maradns on a different host, but I'd prefer to keep it on the same host if possible. Sorry for the length of this question. Does anybody know how to solve this? I think if upstream_port were a dictionary variable that allowed me to set a different value only for the "telemetry-investments.com."] domain, then that would solve my problems. I could try patching the code to do this, but I'm wondering if there's a better way that I'm missing. Thanks in advance, Andy From maradns at gmail.com Wed Aug 28 05:42:09 2013 From: maradns at gmail.com (Sam Trenholme) Date: Wed, 28 Aug 2013 02:42:09 -0700 Subject: [MaraDNS list] how do I configure separate servers for internal and external DNS on the same host in version 2.0? In-Reply-To: <20130827174748.GA2700@ti119.telemetry-investments.com> References: <20130827174748.GA2700@ti119.telemetry-investments.com> Message-ID: > To upgrade to version 2, I think I'd need to run 3 servers on the machine: one > instance of deadwood to provide recursive lookups for my local hosts, one copy > of maradns to serve our internal intranet DNS lookups, and another copy facing > the external world. That is correct. > In order for me to run the internal maradns server, I think > I would need to bind it to a port other than 53, since deadwood will bind to > port 53 on localhost and on the internal NIC addresses, and the external > maradns binds to port 53 on the internet NIC addresses. If using Linux, the way to do this is to have the authoritative MaraDNS instance bind to a localhost IP like 127.0.0.2; Linux very nicely correctly gives localhost an entire /8 [1], and a server on, say, 127.0.0.2 can be a different server than the one on 127.0.0.1. > The deadwood config > file has an upstream_port variable, but I don't see a way to have different > port values for different upstream servers. There, alas, isn't one. > The easy solution is to run the internal > copy of maradns on a different host, but I'd prefer to keep it on the same > host if possible. If using, say Windows, or FreeBSD, localhost only has one IP, so this is the only way to go about this. - Sam From maradns at gmail.com Wed Aug 28 07:38:21 2013 From: maradns at gmail.com (Sam Trenholme) Date: Wed, 28 Aug 2013 04:38:21 -0700 Subject: [MaraDNS list] maradns.samiam.org Message-ID: Just a quick heads-up that I have moved the maradns.org webpage to maradns.samiam.org. maradns.org is still up and redirects all maradns.org links to their corresponding maradns.samiam.org locations. maradns.org is still used to host MaraDNS?s mailing list. I have no plans to bring the maradns.org domain down. The reason I have done this is to connect MaraDNS more closely to myself; so that people are less likely to see MaraDNS as an anonymous free program and more likely to see it as my project. I plan to work on MaraDNS/Deadwood again one day in late September unless a critical security bug with a CVE number is found. - Sam