[MaraDNS list] how do I configure separate servers for internal and external DNS on the same host in version 2.0?

Andrew J. Schorr aschorr at telemetry-investments.com
Tue Aug 27 13:47:48 EDT 2013


Hi,

I'm trying to migrate from maradns 1.4 to maradns 2.0, and I'd appreciate
some help with the configuration.  I have a perhaps unusual setup with
version 1.4.  I have a server with two ethernet interfaces: one faces
our internal network, and the other faces the ethernet.  With maradns 1.4,
I run two copies of maradns ("internal" and "external") on this host.  
The internal copy binds to port 53 on the loopback and internal NIC IP
addresses.  Here are the interesting parts of the mararc file for
the internal server:

ipv4_bind_addresses  = "127.0.0.1,192.168.58.74,192.168.58.1"
chroot_dir = "/var/maradns/internal"
csv2 = {}
csv2["telemetry-investments.com."] = "db.telemetry-investments.com"
recursive_acl = "127.0.0.1/32,192.168.0.0/16"
admin_acl = "127.0.0.1/32"

This server provides recursive internet lookups for our local hosts, and
it serves up internal DNS entries for our local RFC 1918 network.

The external server acts as an authoritative server for our domain.  It
binds to the IP addresses on the internet-facing NIC.  Here is the start
of its mararc file:

ipv4_bind_addresses = "38.76.0.54,38.76.0.58,38.76.0.61"
chroot_dir = "/var/maradns/external"
csv2 = {}
csv2["telemetry-investments.com."] = "db.telemetry-investments.com"

These 2 servers can coexist on the same host without conflicting, since
they bind to different addresses.

To upgrade to version 2, I think I'd need to run 3 servers on the machine: one
instance of deadwood to provide recursive lookups for my local hosts, one copy
of maradns to serve our internal intranet DNS lookups, and another copy facing
the external world.  I think the configuration of the internet-facing maradns
server should be just about the same.  But I'm at a loss for how to configure
the internal side.  In order for me to run the internal maradns server, I think
I would need to bind it to a port other than 53, since deadwood will bind to
port 53 on localhost and on the internal NIC addresses, and the external
maradns binds to port 53 on the internet NIC addresses.  The deadwood config
file has an upstream_port variable, but I don't see a way to have different
port values for different upstream servers.  In other words, I think I want to
have the internal maradns bind to localhost on a port other than 53 (by setting
dns_port to some other value), and then I want to tell deadwood to contact that
instance of maradns on a non-standard port.  But if I set upstream_port
to some other value, I assume it will then fail on its recursive lookups
for normal internet addresses.  The easy solution is to run the internal
copy of maradns on a different host, but I'd prefer to keep it on the same
host if possible.

Sorry for the length of this question.  Does anybody know how to solve this?
I think if upstream_port were a dictionary variable that allowed me to
set a different value only for the "telemetry-investments.com."] domain,
then that would solve my problems.  I could try patching the code to do
this, but I'm wondering if there's a better way that I'm missing.

Thanks in advance,
Andy


More information about the list mailing list