From strenholme.usenet at gmail.com Tue Nov 4 16:00:19 2008 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 4 Nov 2008 15:00:19 -0600 Subject: I'm forwarding a MaraDNS question Message-ID: <7bd685720811041300t4f7a0a7dxd8675d27dc0b1371@mail.gmail.com> Since I don't have time to support MaraDNS anymore, I'm forwarding a question someone sent me via private email (with their permission): Hi, I have been using and pimping MaraDNS for a while now, so a quick thanks for a good alternative DNS resolver. Now onto a problem I have stumbled on. If I use MaraDNS as a resolver for a TXT lookup on '25.78.125.74.sa-trusted.bondedsender.org' I get, after waiting some time, a SERVFAIL...if I use a BIND 'powered' DNS server I get a NXDOMAIN. Digging deeping it turns out that bondedsender.org might be doing something fruity with its answers and MaraDNS is receiving those responses but are dropping them as they are considered invalid. Alternatively MaraDNS might be being a pain :) -- alex at woodchuck:~$ dig +trace TXT 25.78.125.74.sa-trusted.bondedsender.org ; <<>> DiG 9.3.4-P1.1 <<>> +trace TXT 25.78.125.74.sa-trusted.bondedsender.org ;; global options: printcmd . 57960 IN NS A.ORSN-SERVERS.NET. . 57960 IN NS B.ORSN-SERVERS.NET. . 57960 IN NS C.ORSN-SERVERS.NET. . 57960 IN NS D.ORSN-SERVERS.NET. . 57960 IN NS E.ORSN-SERVERS.NET. . 57960 IN NS F.ORSN-SERVERS.NET. . 57960 IN NS G.ORSN-SERVERS.NET. . 57960 IN NS H.ORSN-SERVERS.NET. . 57960 IN NS I.ORSN-SERVERS.NET. . 57960 IN NS J.ORSN-SERVERS.NET. . 57960 IN NS K.ORSN-SERVERS.NET. . 57960 IN NS L.ORSN-SERVERS.NET. . 57960 IN NS M.ORSN-SERVERS.NET. ;; Received 488 bytes from 127.0.0.1#53(127.0.0.1) in 7 ms org. 172800 IN NS D0.ORG.AFILIAS-NST.org. org. 172800 IN NS TLD1.ULTRADNS.NET. org. 172800 IN NS TLD2.ULTRADNS.NET. org. 172800 IN NS A0.ORG.AFILIAS-NST.INFO. org. 172800 IN NS B0.ORG.AFILIAS-NST.org. org. 172800 IN NS C0.ORG.AFILIAS-NST.INFO. ;; Received 448 bytes from 2a02:60:ffff:1::2#53(B.ORSN-SERVERS.NET) in 38 ms bondedsender.org. 86400 IN NS s0.returnpath.net. bondedsender.org. 86400 IN NS s1.returnpath.net. ;; Received 106 bytes from 2001:500:f::1#53(D0.ORG.AFILIAS-NST.org) in 10 ms sa-trusted.bondedsender.org. 2700 IN NS ltns2.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS xlns2.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS spns4.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS xlns1.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS spns3.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS spns2.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS xlns3.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS spns1.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS ltns3.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS ltns4.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS xlns12.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS spns5.returnpath.net. sa-trusted.bondedsender.org. 2700 IN NS xlns11.returnpath.net. ;; Received 510 bytes from 216.24.130.19#53(s0.returnpath.net) in 168 ms ;; Received 58 bytes from 64.92.165.122#53(ltns2.returnpath.net) in 114 ms alex at woodchuck:~$ -- Any ideas, what trivial thing have I missed. A packet capture shows MaraDNS getting NXDOMAIN from all the authoritive servers, but then after she has gone through the lot she hits us with a SERVFAIL :-/ Cheers Alex From paragasu at gmail.com Tue Nov 4 22:40:18 2008 From: paragasu at gmail.com (paragasu) Date: Tue, 4 Nov 2008 19:40:18 -0800 Subject: setting up NS record Message-ID: <89b35b8d0811041940t35f10974q2417dfd22dccef5c@mail.gmail.com> let say i have domain example.com and i did setup ns1.anotherdomain.com and ns2.anotherdomain.com as my name server. on the domain root server. i add ns1.anotherdomain.com and ns2.anotherdomain.com, on mara configuration i add example.com. 67.167.27.34 example.com. ns1.anotherdomain.com example.com. ns2.anotherdomain.com ns1.anotherdomain.com 67.75.144.103 ns2.anotherdomain.com 67.75.144.104 it works fine. except .. it return different ns record if i do $ns example.com the data returned is synth-ip-4649a790.example.com and synth-ip-4649a790.example.com but sometime it return ns1.anotherdomain.com and ns2.anotherdomain.com but synth mostly come up (9 out of 10) i suspect my configuration problem. how to config to make it return the ns record ns1.anotherdomain.com? From remco at webconquest.com Tue Nov 4 23:12:47 2008 From: remco at webconquest.com (Remco Rijnders) Date: Wed, 5 Nov 2008 05:12:47 +0100 Subject: setting up NS record In-Reply-To: <89b35b8d0811041940t35f10974q2417dfd22dccef5c@mail.gmail.com> References: <89b35b8d0811041940t35f10974q2417dfd22dccef5c@mail.gmail.com> Message-ID: Op 5 nov 2008, om 04:40 heeft paragasu het volgende geschreven: > let say i have domain example.com and i did setup > ns1.anotherdomain.com and ns2.anotherdomain.com as my name server. > > on the domain root server. i add ns1.anotherdomain.com and > ns2.anotherdomain.com, > > on mara configuration i add > > example.com. 67.167.27.34 > example.com. ns1.anotherdomain.com > example.com. ns2.anotherdomain.com > ns1.anotherdomain.com 67.75.144.103 > ns2.anotherdomain.com 67.75.144.104 > > it works fine. except .. it return different ns record > if i do $ns example.com > the data returned is > synth-ip-4649a790.example.com and > synth-ip-4649a790.example.com > but sometime it return ns1.anotherdomain.com and ns2.anotherdomain.com > but synth mostly come up (9 out of 10) > > i suspect my configuration problem. how to config to make it return > the > ns record ns1.anotherdomain.com? Your zone file actually isn't serving any NS records at all. Just by including ns1 and ns2 records does not magically turn them into nameserver records. At the absence of such records, maradns will try to construct NS records itself (the synth-ip ones you see). You probably want to do something like: example.com. NS ns1.anotherdomain.com. example.com. NS ns2.anotherdomain.com. example.com. 67.167.27.34 and put the records for anotherdomain.com in a zone file of its own (don't forget the dot at the end of your hostnames!) Hope this helps. Kind regards, Remco From paragasu at gmail.com Wed Nov 5 03:13:45 2008 From: paragasu at gmail.com (paragasu) Date: Wed, 5 Nov 2008 00:13:45 -0800 Subject: setting up NS record In-Reply-To: References: <89b35b8d0811041940t35f10974q2417dfd22dccef5c@mail.gmail.com> Message-ID: <89b35b8d0811050013y38fd89e4q835ef35dd2816283@mail.gmail.com> anotherdomain.com currently hosted on free dns server - everydns.net do i need to setup maradns as a recrusive dns in order to avoid maradns to construct ns record by itself (synth-ip) ? On 11/4/08, Remco Rijnders wrote: > > Op 5 nov 2008, om 04:40 heeft paragasu het volgende geschreven: > >> let say i have domain example.com and i did setup >> ns1.anotherdomain.com and ns2.anotherdomain.com as my name server. >> >> on the domain root server. i add ns1.anotherdomain.com and >> ns2.anotherdomain.com, >> >> on mara configuration i add >> >> example.com. 67.167.27.34 >> example.com. ns1.anotherdomain.com >> example.com. ns2.anotherdomain.com >> ns1.anotherdomain.com 67.75.144.103 >> ns2.anotherdomain.com 67.75.144.104 >> >> it works fine. except .. it return different ns record >> if i do $ns example.com >> the data returned is >> synth-ip-4649a790.example.com and >> synth-ip-4649a790.example.com >> but sometime it return ns1.anotherdomain.com and ns2.anotherdomain.com >> but synth mostly come up (9 out of 10) >> >> i suspect my configuration problem. how to config to make it return >> the >> ns record ns1.anotherdomain.com? > > Your zone file actually isn't serving any NS records at all. Just by > including ns1 and ns2 records does not magically turn them into > nameserver records. At the absence of such records, maradns will try > to construct NS records itself (the synth-ip ones you see). > > You probably want to do something like: > > example.com. NS ns1.anotherdomain.com. > example.com. NS ns2.anotherdomain.com. > example.com. 67.167.27.34 > > and put the records for anotherdomain.com in a zone file of its own > (don't forget the dot at the end of your hostnames!) > > Hope this helps. > > Kind regards, > > Remco > From remco at webconquest.com Wed Nov 5 04:03:14 2008 From: remco at webconquest.com (Remco Rijnders) Date: Wed, 5 Nov 2008 10:03:14 +0100 (CET) Subject: setting up NS record Message-ID: <17985.167.202.222.228.1225875794.squirrel@webmail.xs4all.nl> > anotherdomain.com currently hosted on free dns server - everydns.net > > do i need to setup maradns as a recrusive dns in order to avoid > maradns to construct > ns record by itself (synth-ip) ? Hi, If ns1.anotherdomain.com and ns2.anotherdomain.com are hosted on a computer you do not control and you want them to answer for example.com you need to set up an example.com zone file with everydns.net and do not need to run your own authorative nameserver. DNS queries will automatically go to the everydns servers if the listed nameservers on your domain registration matches ns1.anotherdomain.com and ns2.anotherdomain.com. If ns1.anotherdomain.com and ns2.anotherdomain.com are under your control and listed on your domain registration as the nameservers for example.com then you need to load the zone file for example.com as I illustrated in my previous email. In that case you do not need to have any address records in your zone file for anotherdomain.com other than the two NS entries I gave. I hope this clarifies. Kind regards, Remmy From paragasu at gmail.com Wed Nov 5 08:54:54 2008 From: paragasu at gmail.com (paragasu) Date: Wed, 5 Nov 2008 05:54:54 -0800 Subject: setting up NS record In-Reply-To: <17985.167.202.222.228.1225875794.squirrel@webmail.xs4all.nl> References: <17985.167.202.222.228.1225875794.squirrel@webmail.xs4all.nl> Message-ID: <89b35b8d0811050554i45d57eb1i7b2489ca635ca032@mail.gmail.com> hi thanks Remmy.. it works now.. On 11/5/08, Remco Rijnders wrote: >> anotherdomain.com currently hosted on free dns server - everydns.net >> >> do i need to setup maradns as a recrusive dns in order to avoid >> maradns to construct >> ns record by itself (synth-ip) ? > > Hi, > > If ns1.anotherdomain.com and ns2.anotherdomain.com are hosted on a > computer you do not control and you want them to answer for example.com > you need to set up an example.com zone file with everydns.net and do not > need to run your own authorative nameserver. DNS queries will > automatically go to the everydns servers if the listed nameservers on your > domain registration matches ns1.anotherdomain.com and > ns2.anotherdomain.com. > > If ns1.anotherdomain.com and ns2.anotherdomain.com are under your control > and listed on your domain registration as the nameservers for example.com > then you need to load the zone file for example.com as I illustrated in my > previous email. In that case you do not need to have any address records > in your zone file for anotherdomain.com other than the two NS entries I > gave. > > I hope this clarifies. > > Kind regards, > > Remmy > > > > From bejnet at yahoo.com Wed Nov 5 10:31:29 2008 From: bejnet at yahoo.com (Bejoy Abraham Mathews) Date: Wed, 5 Nov 2008 21:01:29 +0530 (IST) Subject: dynDNS updates Message-ID: <993695.20608.qm@web95404.mail.in2.yahoo.com> Hi http://en.opensuse.org/Howto_setup_SUSE_as_SAMBA_PDC_with_OpenLDAP,_DYNDNS_and_CLAM The above site shows an integration between DHCP3 and Bind9 using keys, which helps in dynamic DNS name and IP address updates. Is this possible for MaraDNS also? With Regards Bejoy Connect with friends all over the world. Get Yahoo! India Messenger at http://in.messenger.yahoo.com/?wm=n/ From GregPlatt at ix.netcom.com Thu Nov 13 14:06:16 2008 From: GregPlatt at ix.netcom.com (Greg Platt - Platt Consultants) Date: Thu, 13 Nov 2008 12:06:16 -0700 Subject: URGENT: Server is down... 2nd Name Server reported lame. How do I find cause and fix? Message-ID: <6E059A20432946D6B60C85F4530A63C6@gregsrocket> After 3 months of my dedicated running without problems under mara, I suddenly have a problem where all my domains have gone dead. They all show the same Apache, cpanel, WHM setup screen that begins with: Great Success! Apache is working on your cPanelR and WHMT Server. I don't HAVE either cpanel or WHM on my Debian Etch 4.0r3 server and never have. That suggests this message isn't coming from my server at all. My research shows this is occurring because our second DNS server (ns2.myhost.com) - the one associated with the second IP address for our server is being detected as "lame" and for some reason that name server is presently receiving ALL our domain requests. Not sure why that's happening. But if I reboot the server and try to access any of its domains while it's still rebooting I can see in my browser's that all domain requests are being directed to the second IP address and not the first one. (as configured, Mara uses both). When I check any of my domains with intodns I find the second IP address is being reported as lame. I assume that means all our requests are being redirected to the upstream server's default apache page. That would explain why I'm seeing the cpanel and WHM message when I know those programs don't exist on our server. I have 2 name servers. The server has 2 IP addresses. In mararc, each name server is associated with a different server IP address. I know that's not ideal but it was the best I could manage when setting up the server. Our server host does not provide DNS hosting. But they DO provide upstream DNS server support. 1. why would my requests suddenly all be directed to the second IP ONLY? 2. Any suggestions for how to figure out why intodns is reporting our second IP as lame? AFAIK, it's setup the same way as the first one. From alijawad1 at gmail.com Sun Nov 23 08:28:02 2008 From: alijawad1 at gmail.com (Ali Jawad) Date: Sun, 23 Nov 2008 15:28:02 +0200 Subject: Filter recursive DNS requests Message-ID: Hi What I need done is the following, XP clients request DNS queries from a MaraDNS Linux server, the Linux server should only return requests for roughly 50 sites and the rest should all resolve to the same IP. I did check MaraDNS FAQ + Documentation, but I did not get how to get this done. Any example configs or hints please ? Thanks From strenholme.usenet at gmail.com Sun Nov 23 10:17:53 2008 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 23 Nov 2008 09:17:53 -0600 Subject: Filter recursive DNS requests In-Reply-To: References: Message-ID: <7bd685720811230717q53b0e315ma4387b89c16134f9@mail.gmail.com> MaraDNS doesn't do whitelist filtering. She does blacklist filtering of upstream DNS servers, where certain IPs of DNS servers will not resolve. In addition, MaraDNS does not synthesize IPs (or any other record type). If you really want something like this, and are willing to talk money, I could use some more work. Especially in this economy. - Sam 2008/11/23 Ali Jawad : > Hi > What I need done is the following, XP clients request DNS queries from a > MaraDNS Linux server, the Linux server should only return requests for > roughly 50 sites and the rest should all resolve to the same IP. > I did check MaraDNS FAQ + Documentation, but I did not get how to get this > done. > > Any example configs or hints please ? > > Thanks > From alijawad1 at gmail.com Sun Nov 23 10:39:32 2008 From: alijawad1 at gmail.com (Ali Jawad) Date: Sun, 23 Nov 2008 17:39:32 +0200 Subject: Filter recursive DNS requests In-Reply-To: <7bd685720811230717q53b0e315ma4387b89c16134f9@mail.gmail.com> References: <7bd685720811230717q53b0e315ma4387b89c16134f9@mail.gmail.com> Message-ID: I tried something like this and it seems to work, it is not the optimal solution I am looking for but it works: In db.example.net www.google.com ip.of.google. *.com other.ip.for.all.com.domains On Sun, Nov 23, 2008 at 5:17 PM, Sam Trenholme wrote: > MaraDNS doesn't do whitelist filtering. She does blacklist filtering > of upstream DNS servers, where certain IPs of DNS servers will not > resolve. In addition, MaraDNS does not synthesize IPs (or any other > record type). > > If you really want something like this, and are willing to talk money, > I could use some more work. Especially in this economy. > > - Sam > > 2008/11/23 Ali Jawad : > > Hi > > What I need done is the following, XP clients request DNS queries from a > > MaraDNS Linux server, the Linux server should only return requests for > > roughly 50 sites and the rest should all resolve to the same IP. > > I did check MaraDNS FAQ + Documentation, but I did not get how to get > this > > done. > > > > Any example configs or hints please ? > > > > Thanks > > > From alex at digriz.org.uk Sun Nov 23 11:34:23 2008 From: alex at digriz.org.uk (Alexander Clouter) Date: Sun, 23 Nov 2008 16:34:23 +0000 Subject: Filter recursive DNS requests References: Message-ID: Ali Jawad wrote: > > What I need done is the following, XP clients request DNS queries from a > MaraDNS Linux server, the Linux server should only return requests for > roughly 50 sites and the rest should all resolve to the same IP. > I did check MaraDNS FAQ + Documentation, but I did not get how to get this > done. > > Any example configs or hints please ? > The following works for us: --- mararc --- csv2 = {} csv2_default_zonefile = "db.teh-world" # The address this DNS server runs on. If you want to bind # to all addresses a given machine has, use "0.0.0.0". bind_address = "172.16.183.1" [snipped] -------------- --- db.teh-world --- * SOA example.com. hostmaster at soas.ac.uk. 1 7200 3600 604800 1800 * +60 NS punisher.it.soas.ac.uk. * +60 A 172.16.183.1 * +60 MX 0 localhost. * +60 TXT 'Damn crazze foo! Murdock, is this your chicken?' support.it.soas.ac.uk. A 212.219.139.222 fog.it.soas.ac.uk. A 212.219.138.234 wsus.it.soas.ac.uk. A 212.219.138.235 -------------------- Of course when you say 'sites' do you mean DNS lookups that you have blessed (as I have done above) or do you mean for DNS lookups to a particular domain? If it's the later you would be much better off with a HTTP/application proxy server; it's more appropriate too. Cheers Alex -- Alexander Clouter .sigmonster says: Many people write memos to tell you they have nothing to say.