From strenholme.usenet at gmail.com Mon Jun 4 13:41:28 2007 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 4 Jun 2007 11:41:28 -0600 Subject: bind_star_handling with wildcards that match multiple labels In-Reply-To: <20070528204154.GE7674@ai.sri.com> References: <20070426180613.GA1914@andrewagno.com> <200705030527.30763.remco@webconquest.com> <7bd685720705071206r2fb61e77tf0a0b1e1ead51bca@mail.gmail.com> <20070508155150.GB15175@ai.sri.com> <7bd685720705081036w28004152g957553816897bfb2@mail.gmail.com> <20070508182236.GC15175@ai.sri.com> <7bd685720705141145w1c96c23dkac298e235a907e0@mail.gmail.com> <20070528204154.GE7674@ai.sri.com> Message-ID: <7bd685720706041041tf142ac1td1123618857679ff@mail.gmail.com> Thank you for the patch. I will review this patch and will probably incorporate it in to the next version of MaraDNS. The only reason I couldn't integrate your last patch is because I had already patched that code in the stable branch of MaraDNS. As an aside, do *not* set bind_star_handling to 2 in MaraDNS 1.2.12.06 unless you use this patch: http://hotaru.chaosring.org/~sam/maradns-1.2.12.06/maradns-1.2.12.06-star_collision_memleak.patch Otherwise MaraDNS will leak memory. As a sense of the time scale, I only update MaraDNS 1.2 once every three months unless there is a critical security hole. This particular memleak is not ciritcal since it only happens if someone sets bind_star_handling to 2. The last update was around May 18th; the next update will be around August 18th. So far, there are two changes for this release: The memleak patch and your proposed patch. - Sam From strenholme.usenet at gmail.com Mon Jun 4 15:17:05 2007 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 4 Jun 2007 19:17:05 +0000 Subject: MaraDNS stops resolving In-Reply-To: <99dd28530705301127m5f766ccbwcf121a5c2db40422@mail.gmail.com> References: <464E1492.50307@rogers.com> <073C36BE-2E5F-4C8F-BE13-4CBCFE89FA10@hfk-bremen.de> <7bd685720705241813q4df779d5y14ab5b60a1349f27@mail.gmail.com> <99dd28530705301127m5f766ccbwcf121a5c2db40422@mail.gmail.com> Message-ID: <7bd685720706041217y54eee08fyb269f8c5cd53ef1@mail.gmail.com> > I'm experiencing what Lars is talking about on NetBSD > as well. So I do not believe it's a Linux Kernel specific > issue. Hmmm...again, I'm not seeing it. How many client computers use your server running MaraDNS? But we may have a real probelm here. The last time we saw something like this, I was at a loss what was going on. Finally, Albert Lee out of the blue sent me a patch with the fix. The problem was the Linux kernel does not follow the POSIX spec with regard to the select() call, and would hang programs when getting certain UDP packets unless you did the right Linux-specific incantation. So, as you can imagine, this problem is going to take a while to find and fix. It may be something simple or it may be something unsolvable, such as "Many Unix kernels hang processes after spawning 1,000,000 threads" or some such. Now, what I do have in order to help reproduce the bug is some tools for seeing what is going on. I developed these tools when getting other similar reports. From zilli.daniel at gmail.com Tue Jun 5 09:07:09 2007 From: zilli.daniel at gmail.com (Daniel Zilli) Date: Tue, 5 Jun 2007 10:07:09 -0300 Subject: Free MaraDNS secondary host Message-ID: <7deb82e40706050607l37d75129s3e0baee222d80197@mail.gmail.com> Hi everyone. We see in this web, some free seconday dns host, but no one using MaraDNS. I would like to know if is there a way to offer this service with quality and for free ? In other words. Does someone here has the condition to setup a service like that ? Bests, Daniel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://woodlane.webconquest.com/pipermail/list/attachments/20070605/d561a867/attachment.htm From S.Wilson at eris.qinetiq.com Wed Jun 6 07:49:01 2007 From: S.Wilson at eris.qinetiq.com (Steve Wilson) Date: Wed, 6 Jun 2007 12:49:01 +0100 Subject: Delegating subdomains using maradns?? Message-ID: <200706061249.11028.S.Wilson@eris.qinetiq.com> Hi all, I've been running various versions of maradns for a year or two now without any real problems. Recently I had a request from one of my users to delegate control of a subdomain to him. I'm having some problems getting it working - but I think it's probably down to my lack of understanding than any actual problem with maradns. So, as a sanitised example, I have up and running already records for: --- mydomain.com www.mydomain.com ns0.mydomain.com mail.mydomain.com fred.mydomain.com --- What I want to do is modify my config so that I have a fredsdomain.mydomain.com subdomain so that anyone requesting *.fredsdomain.mydomain.com gets pointed off to fred's own nameserver (fred.mydomain.com) rather than talking to mine. My first attempt to get this working was to add the following to my db file: --- Nfredsdomain.mydomain.com.|86400|fred.mydomain.com. Afred.mydomain.com.|86400|1.2.3.4 --- With this - I can resolve the address for fred.mydomain.com without any problem. However, if I try to resolve *.fredsdomain.mydomain.com I just get a blank "A" record back and the authority section points back at my SOA record: --- # dig @127.0.0.1 123.fredsdomain.mydomain.com ; <<>> DiG 9.3.4 <<>> @127.0.0.1 123.fredsdomain.mydomain.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55404 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;123.fredsdomain.mydomain.com. IN A ;; AUTHORITY SECTION: 123.fredsdomain.mydomain.com. 86400 IN SOA mydomain.com. root.mydomain.com. 20071702 7200 3600 604800 1800 ;; Query time: 4244 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 6 11:48:25 2007 ;; MSG SIZE rcvd: 80 --- So, do I need to set up a new db file purely for the domain fredsdomain.mydomain.com which has an appropriate SOA record that points at fred.mydomain.com? Or is there some other trick to get the subdomain delegation working from within the one db file? (since I'm probably going to end up doing a lot of this sort of delegation, I'm hoping it's the latter) Cheers, Steve. -- -------------------------------------------------------------- Steve Wilson Senior Security Consultant QinetiQ, St Andrews Road Malvern, ?WR14 3PS Tel: (01684 89) 4153 Fax: (01684 89) 7417 --------------------------------------------------------------- 'The views expressed herein are entirely those of the writer and do not represent the views, policy or understanding of any other person or official body.' --------------------------------------------------------------- 'The information contained in this e-mail and any subsequent correspondence is private and is intended solely for the intended recipient(s). ?For those other than the intended recipient any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be unlawful.' --------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://woodlane.webconquest.com/pipermail/list/attachments/20070606/fb42e86d/attachment.pgp From strenholme.usenet at gmail.com Tue Jun 12 18:01:20 2007 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 12 Jun 2007 22:01:20 +0000 Subject: bind_star_handling with wildcards that match multiple labels In-Reply-To: <20070528204154.GE7674@ai.sri.com> References: <20070426180613.GA1914@andrewagno.com> <200705030527.30763.remco@webconquest.com> <7bd685720705071206r2fb61e77tf0a0b1e1ead51bca@mail.gmail.com> <20070508155150.GB15175@ai.sri.com> <7bd685720705081036w28004152g957553816897bfb2@mail.gmail.com> <20070508182236.GC15175@ai.sri.com> <7bd685720705141145w1c96c23dkac298e235a907e0@mail.gmail.com> <20070528204154.GE7674@ai.sri.com> Message-ID: <7bd685720706121501j8f13c9ev26a6185e656d219b@mail.gmail.com> First of all, I wasn't able to apply Andrew's patch. So, I looked at the bug report and made my own patch. I have copied the following zone file: ns.example.net. 127.0.0.1 a.example.net. 127.0.0.2 *.example.net. 127.0.0.3 Then I did a number of tests: askmara Aa.example.net. askmara Ab.example.net. askmara Ac.example.net. askmara Aa.a.example.net. askmara Aa.b.example.net. askmara Aa.a.a.example.net. askmara Aa.a.b.example.net. askmara @a.example.net. askmara @b.example.net. askmara @c.example.net. askmara @a.a.example.net. askmara @a.b.example.net. askmara @a.a.a.example.net. askmara @a.a.b.example.net. The behaviour, which is broken in 1.2.12.06, works fine in the 1.3 snapshot with the patch applied. Attached to this message is both the patch that fixes this bug, and a patch to fix a memory leak in 1.2.12.06 that is *ONLY* triggered when bind_star_handling has a value of 2. A version of MaraDNS with these patches applied is also available here: http://www.maradns.org/download/1.3/snap/200706 - Sam -------------- next part -------------- A non-text attachment was scrubbed... Name: maradns-1.3.05-star_collision_memleak.patch Type: application/octet-stream Size: 447 bytes Desc: not available Url : http://woodlane.webconquest.com/pipermail/list/attachments/20070612/25dedc73/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: maradns-1.3.05-star_handling.patch Type: application/octet-stream Size: 3679 bytes Desc: not available Url : http://woodlane.webconquest.com/pipermail/list/attachments/20070612/25dedc73/attachment-0001.obj From strenholme.usenet at gmail.com Wed Jun 20 15:15:47 2007 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 20 Jun 2007 19:15:47 +0000 Subject: Delegating subdomains using maradns?? In-Reply-To: <200706061249.11028.S.Wilson@eris.qinetiq.com> References: <200706061249.11028.S.Wilson@eris.qinetiq.com> Message-ID: <7bd685720706201215k74903083k54aa61870b2d6f11@mail.gmail.com> Subdelegating a domain is easy: In the example.com zonefile: sub.example.com. NS ns1.sub.example.com. sub.example.com. NS ns2.sub.example.com. ns1.sub.example.com. A 10.1.2.3 ns2.sub.example.com. A 10.1.2.4 In the sub.example.com zonefile: sub.example.com. NS ns1.sub.example.com. sub.example.com. NS ns2.sub.example.com. ns1.sub.example.com. A 10.1.2.3 ns2.sub.example.com. A 10.1.2.4 *HOWEVER*, MaraDNS acts a little unusual when: * A MaraDNS server is both authoritative and recursive * MaraDNS is serving subdomains From sam+i7tq5rg at chaosring.org Thu Jun 21 16:27:37 2007 From: sam+i7tq5rg at chaosring.org (Sam Trenholme) Date: Thu, 21 Jun 2007 20:27:37 +0000 (UTC) Subject: [MARA] MaraDNS 1.3.07.01 release (betatest release) Message-ID: <20070621202738.0881CD7532E@mail.literati.org> I generally release major new versions of MaraDNS on solstices. I released MaraDNS 1.0.00 on June 21, 2002; MaraDNS 1.2.00 on December 21, 2005, and MaraDNS 1.3.01 (Starting with 1.3, there are no longer .00 releases) on December 21, 2006. In keeping with this tradition, I release the first betatest release of the 1.3 branch of MaraDNS today: 1.3.07.01. This is a betatest release. No, not "beta" the way Google means "beta" ("beta", in Google parlance, seems to mean "we're too lazy to have a real release cycle for our web apps"). This means that no new features will be added to the MaraDNS 1.3 code before it is declared stable. The only changes before I declare 1.3 stable will be more SQA tests added, documentation improvments, and bug fixes. The two big features added to the 1.3 branch are: * It is now possible to have djbdns-style delegation of subdomains with the recursive resolver * BIND zone files are now supported, via a Python script that converts BIND zone files in to MaraDNS-1.3-compatible zone files In terms of the MaraDNS 1.0 branch, the only changes that will be done with that branch are "typo-bugfixes" and security fixes. When a say a "typo bugfix", I mean a bugfix that requires changing 10 lines or less of code. MaraDNS 1.0 "how do I" questions have not been answered by me for about a year (but you may be able to get support on the mailing list). Typo-bugfixes will only be applied with the MaraDNS 1.0 code for six more months. After that, only security bug fixes will be applied to MaraDNS 1.0. On December 21, 2010, I will stop supplying security fixes to MaraDNS 1.0. In terms of the MaraDNS 1.2 branch, this is still the stable branch of MaraDNS. Since, however, 1.3 is now frozen, I will start to phase out the kinds of bugs I will fix in 1.2. Security, bugs, of course, will continue to be fixed. As will typo-bugs. However, any other bugs will need a compelling reason for me to fix. For example, I will no longer fix RFC-compliance bugs in 1.2 unless you can show me a serious real-world problem the lack of RFC compliance is causing. Anyway, MaraDNS 1.3.07.01 is available for download here: www.maradns.org/download.html I encourage people to help me beta-test and find bugs in the 1.3 branch. From sberry at northlc.com Fri Jun 29 19:58:22 2007 From: sberry at northlc.com (Scott Berry) Date: Fri, 29 Jun 2007 18:58:22 -0500 Subject: a question about creating a name server for a router Message-ID: <000801c7baa9$65b24610$c701a8c0@yellobow> Helloo there, I have a question concerning maradns for a Wrt54G router. I need to make some name servers because I want to forward my www.pilotalk.com to a server here in my house. The question I have concerns does the name servers actually have to be two different machines or can it all be on my router and it routes it out? I am using Open Wrt with Xwrt on top. Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: http://woodlane.webconquest.com/pipermail/list/attachments/20070629/40aea80e/attachment.htm