From remco at webconquest.com Sat Aug 1 00:52:26 2009 From: remco at webconquest.com (Remco Rijnders) Date: Sat, 1 Aug 2009 06:52:26 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7148005cef82688113991db74810ab47@localhost> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> Message-ID: Op 31 jul 2009, om 23:54 heeft Alexandre Lepage het volgende geschreven: > And about the reverse question... ZoneCheck is te software used by the > AFNIC (the association in charge of .fr registration) and I'm pretty > sure > I'm doing something wrong, because I just get the error since they > announced security increasement at the AFNIC. Maybe it's also an > incoherence in my zonefile, I must admit I'm not an expert. Here it > is : > > % SOA ns1.difuzer.com. alexbad at videotron.ca. 2009060701 7200 3600 > 604800 > 1800 > % +60 NS ns1.difuzer.com. > % +60 NS ns2.difuzer.com. > % +60 91.121.92.210 > *.% +60 91.121.92.210 > *.% +60 CNAME % > % mx 10 % > mail.% +86400 IN A 91.121.92.210 > % txt 'v=spf1 mx ip4:91.121.92.210 ip4:213.251.161.162 -all' Is this still the same zonefile as you are currently using on ns1? The page http://www.afnic.fr/outils/zonecheck/zc.cgi? zone=difuzer.fr&lang=en gives only one warning and one error now: The 'refresh' period should be between 1H and 2D ? ns1.difuzer.com./91.121.92.210 The 'retry' period must be lower than the 'refresh' period ? ns1.difuzer.com./91.121.92.210 Looking at the above zone file and its SOA record I'd say the warning and error are incorrect. Kind regards, Remco Rijnders From strenholme.usenet at gmail.com Sat Aug 1 00:54:30 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 31 Jul 2009 23:54:30 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7148005cef82688113991db74810ab47@localhost> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> Message-ID: <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> > > > And about the reverse question... ZoneCheck is te software used by the > AFNIC (the association in charge of .fr registration) and I'm pretty sure > I'm doing something wrong DJB mumbles darkly about the things you need to do to make domains work with the .fr domain: http://cr.yp.to/djbdns/dot-fr.html I will have to translate it in to MaraDNS config data. From a.lepage at difuzer.com Sat Aug 1 00:57:47 2009 From: a.lepage at difuzer.com (Alexandre Lepage) Date: Sat, 01 Aug 2009 06:57:47 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> Message-ID: <3a1dd876bced8b1b92ae718797853f00@localhost> Actually I'm making changes as I read more and more topics on the internet... I know about short refresh and retry, I just changed them to test something, but now they're ok. On Sat, 1 Aug 2009 06:52:26 +0200, Remco Rijnders wrote: > Op 31 jul 2009, om 23:54 heeft Alexandre Lepage het volgende geschreven: > >> And about the reverse question... ZoneCheck is te software used by the >> AFNIC (the association in charge of .fr registration) and I'm pretty >> sure >> I'm doing something wrong, because I just get the error since they >> announced security increasement at the AFNIC. Maybe it's also an >> incoherence in my zonefile, I must admit I'm not an expert. Here it >> is : >> >> % SOA ns1.difuzer.com. alexbad at videotron.ca. 2009060701 7200 3600 >> 604800 >> 1800 >> % +60 NS ns1.difuzer.com. >> % +60 NS ns2.difuzer.com. >> % +60 91.121.92.210 >> *.% +60 91.121.92.210 >> *.% +60 CNAME % >> % mx 10 % >> mail.% +86400 IN A 91.121.92.210 >> % txt 'v=spf1 mx ip4:91.121.92.210 ip4:213.251.161.162 -all' > > Is this still the same zonefile as you are currently using on ns1? The > page http://www.afnic.fr/outils/zonecheck/zc.cgi? > zone=difuzer.fr&lang=en gives only one warning and one error now: > > The 'refresh' period should be between 1H and 2D > ? ns1.difuzer.com./91.121.92.210 > > The 'retry' period must be lower than the 'refresh' period > ? ns1.difuzer.com./91.121.92.210 > > Looking at the above zone file and its SOA record I'd say the warning > and error are incorrect. > > Kind regards, > > Remco Rijnders -- Cordialement, Alexandre Lepage Difuzer Enr. a.lepage at difuzer.com 418.554.0113 From a.lepage at difuzer.com Sat Aug 1 01:44:12 2009 From: a.lepage at difuzer.com (Alexandre Lepage) Date: Sat, 01 Aug 2009 07:44:12 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> Message-ID: If you could, would be nice I could try it. I searched on my side too, and I found the detailed list of tests performed by ZoneCheck for the .fr domains : http://www.afnic.fr/outils/zonecheck/tests The error comes from this test : Test "correct_recursive_flag" (MANDATORY) Serveur de nom r?ellement r?cursif (Name server really recursive) Here is my mararc file, in case it could come from it : http://su2.difuzer.com/alex/mararc.txt Thanks On Fri, 31 Jul 2009 23:54:30 -0500, Sam Trenholme wrote: >> >> >> And about the reverse question... ZoneCheck is te software used by the >> AFNIC (the association in charge of .fr registration) and I'm pretty sure >> I'm doing something wrong > > > DJB mumbles darkly about the things you need to do to make domains work > with > the .fr domain: > > http://cr.yp.to/djbdns/dot-fr.html > > I will have to translate it in to MaraDNS config data. -- Cordialement, Alexandre Lepage Difuzer Enr. a.lepage at difuzer.com 418.554.0113 From strenholme.usenet at gmail.com Sat Aug 1 04:00:51 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 1 Aug 2009 03:00:51 -0500 Subject: maradns server on internet for my domains In-Reply-To: <1900c9640907311516w4b32d83ahec93c887964ee91d@mail.gmail.com> References: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> <1900c9640907311440t335f5ea8ndee68a5818148303@mail.gmail.com> <7bd685720907311449n45fdbc1cm675779c2e0b1bf9f@mail.gmail.com> <1900c9640907311454i1abcf8c3l2c4d059d0181b678@mail.gmail.com> <1900c9640907311516w4b32d83ahec93c887964ee91d@mail.gmail.com> Message-ID: <7bd685720908010100r3e2ebd6ctb7c98f411c5bb986@mail.gmail.com> > > f: Loopback is not resolvable > Add this to a zone file: localhost FQDN4 127.0.0.1 - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From strenholme.usenet at gmail.com Sat Aug 1 04:02:32 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 1 Aug 2009 03:02:32 -0500 Subject: maradns server on internet for my domains In-Reply-To: <1900c9640907311454i1abcf8c3l2c4d059d0181b678@mail.gmail.com> References: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> <1900c9640907311440t335f5ea8ndee68a5818148303@mail.gmail.com> <7bd685720907311449n45fdbc1cm675779c2e0b1bf9f@mail.gmail.com> <1900c9640907311454i1abcf8c3l2c4d059d0181b678@mail.gmail.com> Message-ID: <7bd685720908010102u3557521exc57eb0243c3e5973@mail.gmail.com> > Or is this not important for running a dns server? Should I let set > the reverse entry at my provider? > In most cases, your ISP controls the appropriate in-addr.arpa. PTR records. It's something you shouldn't worry about unless you have a situation like your registrar refusing to register your domain. More info: http://www.maradns.org/faq.html#rdns (I just posted this link earlier today) - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From strenholme.usenet at gmail.com Sat Aug 1 04:07:23 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 1 Aug 2009 03:07:23 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> Message-ID: <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> Does afnic require that all DNS servers are recursive? Arrrrrrgggggghhhhhhhh! Actually, this may be a case of checking the RA flag. RD/RA has always been a hack with MaraDNS' code; I'll look at it tomorrow. Time to go to bed, it has been a very long day. - Sam 2009/8/1 Alexandre Lepage > > If you could, would be nice I could try it. > > I searched on my side too, and I found the detailed list of tests performed > by ZoneCheck for the .fr domains : > http://www.afnic.fr/outils/zonecheck/tests > > The error comes from this test : > Test "correct_recursive_flag" (MANDATORY) > Serveur de nom r?ellement r?cursif (Name server really recursive) > > Here is my mararc file, in case it could come from it : > http://su2.difuzer.com/alex/mararc.txt > > Thanks > > On Fri, 31 Jul 2009 23:54:30 -0500, Sam Trenholme > wrote: > >> > >> > >> And about the reverse question... ZoneCheck is te software used by the > >> AFNIC (the association in charge of .fr registration) and I'm pretty > sure > >> I'm doing something wrong > > > > > > DJB mumbles darkly about the things you need to do to make domains work > > with > > the .fr domain: > > > > http://cr.yp.to/djbdns/dot-fr.html > > > > I will have to translate it in to MaraDNS config data. > > -- > Cordialement, > Alexandre Lepage > Difuzer Enr. > a.lepage at difuzer.com > 418.554.0113 > From strenholme.usenet at gmail.com Sat Aug 1 04:26:58 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 1 Aug 2009 03:26:58 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> Message-ID: <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> > Actually, this may be a case of checking the RA flag. RD/RA has always > been a hack with MaraDNS' code; I'll look at it tomorrow. Time to go to > bed, it has been a very long day. > OK, before signing off: The RA (Recursion Available) bit echoes the RD (Recursion desired) bit; this is needed so MaraDNS works with some brain-dead DNS code when running as a recursive DNS server. Can you recompile MaraDNS? The patch to change things so RA is always zero is pretty small, but you need to be able to recompile MaraDNS to use it. What I can do is fix some issues and release MaraDNS 1.3.14: * Change js_str code to use type fixed-length integers (this is the only way to use those type of integers and have the code compile on multiple platforms) * Have it, so if MaraDNS is compiled as an authoritative-only DNS server, RA is always set to zero. This will fix the problem with the anal and annoying French registrar who wastes their time caring about what this bit says, and refusing to register domains who have this set to 1 but don't have recursion. Timeframe: Whenever I get around to it. If you can't wait, just change one line in MaraDNS.c and one line in udpsuccess.c that say "header.ra = rd_val" to say "header.ra = 0". - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From strenholme.usenet at gmail.com Sat Aug 1 10:42:19 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 1 Aug 2009 09:42:19 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> Message-ID: <7bd685720908010742w354c0d2dsb51a49bb40a2665d@mail.gmail.com> > * Have it, so if MaraDNS is compiled as an authoritative-only DNS server, > RA is always set to zero. This will fix the problem with the anal and > annoying French registrar who wastes their time caring about what this bit > says, and refusing to register domains who have this set to 1 but don't have > recursion. > Actually, looking at the code this morning, this is almost always true. If the remote server sends a query, and are not allowed to make recursive queries -or- MaraDNS is compiled as an authoritative-only DNS server, the RA bit will always be set to zero except when giving out "this host is not here" replies. Since the RA bit is still causing problems, what I can do is make the heuristics even better; if recursive_acl isn't set (or MaraDNS is compiled with "./configure --authonly ; make", the RA bit should *always* be zero. This will be a non-issue in MaraDNS 2.0; in that release, I am going to have the authoritative part of MaraDNS always return a RA of 0, and have RD generally be a reflection of the RD bit sent to the server. The big issue in MaraDNS 2.0 is that it won't be possible, in that release, to have the same IP make both authoritative and recursive DNS queries. MaraDNS 2.0 will have a complete rewrite of the recursive code; it's currently a non-recursive caching DNS server (you can use upstream_servers but not root_servers in the code) and I'm actively developing it: http://maradns.blogspot.com/search/label/Deadwood - Sam From m.ferlitsch at gmail.com Sat Aug 1 12:36:33 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sat, 1 Aug 2009 18:36:33 +0200 Subject: maradns server on internet for my domains In-Reply-To: <7bd685720908010102u3557521exc57eb0243c3e5973@mail.gmail.com> References: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> <1900c9640907311440t335f5ea8ndee68a5818148303@mail.gmail.com> <7bd685720907311449n45fdbc1cm675779c2e0b1bf9f@mail.gmail.com> <1900c9640907311454i1abcf8c3l2c4d059d0181b678@mail.gmail.com> <7bd685720908010102u3557521exc57eb0243c3e5973@mail.gmail.com> Message-ID: <1900c9640908010936t12c16008q3498d623d0e8d050@mail.gmail.com> Hi, hmmmm. I want to see a nameserver configuration which do not have any error when executing a zonecheck and then I want to see it's mararc and zonefiles. Where do I find such an full example? 2009/8/1, Sam Trenholme : >> Or is this not important for running a dns server? Should I let set >> the reverse entry at my provider? >> > > In most cases, your ISP controls the appropriate in-addr.arpa. PTR records. > > It's something you shouldn't worry about unless you have a situation like > your registrar refusing to register your domain. > > More info: > > http://www.maradns.org/faq.html#rdns > > (I just posted this link earlier today) > > - Sam > > I do not answer MaraDNS support requests sent by private email without being > compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. > From a.lepage at difuzer.com Sat Aug 1 15:56:38 2009 From: a.lepage at difuzer.com (Alexandre Lepage) Date: Sat, 01 Aug 2009 21:56:38 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> Message-ID: <5c02e76a3c51eee38771df3ce65b9f99@localhost> I made the two little changes you suggested, recompiled maradns, and it works just fine. As you see there I don't get the error anymore : http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en Thanks a lot for your precious help, and I want you to know that I share your opinion about .fr registrars ^^ (and I think a lot of people do) On Sat, 1 Aug 2009 03:26:58 -0500, Sam Trenholme wrote: >> Actually, this may be a case of checking the RA flag. RD/RA has always >> been a hack with MaraDNS' code; I'll look at it tomorrow. Time to go to >> bed, it has been a very long day. >> > > OK, before signing off: The RA (Recursion Available) bit echoes the RD > (Recursion desired) bit; this is needed so MaraDNS works with some > brain-dead DNS code when running as a recursive DNS server. > > Can you recompile MaraDNS? The patch to change things so RA is always zero > is pretty small, but you need to be able to recompile MaraDNS to use it. > > What I can do is fix some issues and release MaraDNS 1.3.14: > > * Change js_str code to use type fixed-length integers (this is > the only way to use those type of integers and have the code compile on > multiple platforms) > > * Have it, so if MaraDNS is compiled as an authoritative-only DNS server, > RA > is always set to zero. This will fix the problem with the anal and > annoying > French registrar who wastes their time caring about what this bit says, and > refusing to register domains who have this set to 1 but don't have > recursion. > > Timeframe: Whenever I get around to it. If you can't wait, just change one > line in MaraDNS.c and one line in udpsuccess.c that say "header.ra = > rd_val" > to say "header.ra = 0". > > - Sam > > I do not answer MaraDNS support requests sent by private email without > being > compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. -- Cordialement, Alexandre Lepage Difuzer Enr. a.lepage at difuzer.com 418.554.0113 From strenholme.usenet at gmail.com Sat Aug 1 16:18:00 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 1 Aug 2009 15:18:00 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <5c02e76a3c51eee38771df3ce65b9f99@localhost> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> Message-ID: <7bd685720908011318v1653002aof752d4167bf79542@mail.gmail.com> > > > I made the two little changes you suggested, recompiled maradns, and it > works just fine. As you see there I don't get the error anymore : > http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en > > Thanks a lot for your precious help, and I want you to know that I share > your opinion about .fr registrars ^^ (and I think a lot of people do) > > Thanks a lot for the kind words. So other people don't need to recompile MaraDNS, what I started work on this morning is fixing things so the RA bit which makes AFNIC upset won't ever be set if the user hasn't enabled recursion (recusive_acl being set in the mararc file). I will also make sure the RA bit never has a value of 0 if MaraDNS is compiled with "./configure--authonly ; make". The reason why the RA bit needs to be set for recursive queries is because some brain-dead embedded DNS servers won't accept recursive packets unless RA is turned on. Before doing that, though, I updated the MaraDNS snapshot to have its internal copy of the web page and changed things so the main code now uses for fixed-sized integers. This sould fix the Solaris compile problems someone saw a couple of months ago: http://woodlane.webconquest.com/pipermail/list/2009-June/000323.html More information is here: http://maradns.blogspot.com - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From m.ferlitsch at gmail.com Sat Aug 1 16:58:36 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sat, 1 Aug 2009 22:58:36 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <5c02e76a3c51eee38771df3ce65b9f99@localhost> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> Message-ID: <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> Hi, what did you change to the configuration from yesterday (error to today (success)??? Could you please post your mararc and zonefiles? I also have now the same problem like you yesterday. :-( Thanks a lot! 2009/8/1, Alexandre Lepage : > > I made the two little changes you suggested, recompiled maradns, and it > works just fine. As you see there I don't get the error anymore : > http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en > > Thanks a lot for your precious help, and I want you to know that I share > your opinion about .fr registrars ^^ (and I think a lot of people do) > > On Sat, 1 Aug 2009 03:26:58 -0500, Sam Trenholme > wrote: >>> Actually, this may be a case of checking the RA flag. RD/RA has always >>> been a hack with MaraDNS' code; I'll look at it tomorrow. Time to go to >>> bed, it has been a very long day. >>> >> >> OK, before signing off: The RA (Recursion Available) bit echoes the RD >> (Recursion desired) bit; this is needed so MaraDNS works with some >> brain-dead DNS code when running as a recursive DNS server. >> >> Can you recompile MaraDNS? The patch to change things so RA is always > zero >> is pretty small, but you need to be able to recompile MaraDNS to use it. >> >> What I can do is fix some issues and release MaraDNS 1.3.14: >> >> * Change js_str code to use type fixed-length integers (this > is >> the only way to use those type of integers and have the code compile on >> multiple platforms) >> >> * Have it, so if MaraDNS is compiled as an authoritative-only DNS server, >> RA >> is always set to zero. This will fix the problem with the anal and >> annoying >> French registrar who wastes their time caring about what this bit says, > and >> refusing to register domains who have this set to 1 but don't have >> recursion. >> >> Timeframe: Whenever I get around to it. If you can't wait, just change > one >> line in MaraDNS.c and one line in udpsuccess.c that say "header.ra = >> rd_val" >> to say "header.ra = 0". >> >> - Sam >> >> I do not answer MaraDNS support requests sent by private email without >> being >> compensated for my time. I will discuss rates if you want this kind of >> support. Thank you for your understanding. > > -- > Cordialement, > Alexandre Lepage > Difuzer Enr. > a.lepage at difuzer.com > 418.554.0113 > From a.lepage at difuzer.com Sat Aug 1 17:50:42 2009 From: a.lepage at difuzer.com (Alexandre Lepage) Date: Sat, 01 Aug 2009 23:50:42 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> Message-ID: Hi, As Sam explained it, the problem is not coming from your mararc file. Read his last emails if you're ready to recompile your maradns installation (which just take a few minutes), or you can wait his fix as he said on http://maradns.blogspot.com On Sat, 1 Aug 2009 22:58:36 +0200, Markus Ferlitsch wrote: > Hi, > > what did you change to the configuration from yesterday (error to > today (success)??? > > Could you please post your mararc and zonefiles? > > I also have now the same problem like you yesterday. :-( > > Thanks a lot! > > > 2009/8/1, Alexandre Lepage : >> >> I made the two little changes you suggested, recompiled maradns, and it >> works just fine. As you see there I don't get the error anymore : >> http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en >> >> Thanks a lot for your precious help, and I want you to know that I share >> your opinion about .fr registrars ^^ (and I think a lot of people do) >> >> On Sat, 1 Aug 2009 03:26:58 -0500, Sam Trenholme >> wrote: >>>> Actually, this may be a case of checking the RA flag. RD/RA has always >>>> been a hack with MaraDNS' code; I'll look at it tomorrow. Time to go >>>> to >>>> bed, it has been a very long day. >>>> >>> >>> OK, before signing off: The RA (Recursion Available) bit echoes the RD >>> (Recursion desired) bit; this is needed so MaraDNS works with some >>> brain-dead DNS code when running as a recursive DNS server. >>> >>> Can you recompile MaraDNS? The patch to change things so RA is always >> zero >>> is pretty small, but you need to be able to recompile MaraDNS to use it. >>> >>> What I can do is fix some issues and release MaraDNS 1.3.14: >>> >>> * Change js_str code to use type fixed-length integers (this >> is >>> the only way to use those type of integers and have the code compile on >>> multiple platforms) >>> >>> * Have it, so if MaraDNS is compiled as an authoritative-only DNS >>> server, >>> RA >>> is always set to zero. This will fix the problem with the anal and >>> annoying >>> French registrar who wastes their time caring about what this bit says, >> and >>> refusing to register domains who have this set to 1 but don't have >>> recursion. >>> >>> Timeframe: Whenever I get around to it. If you can't wait, just change >> one >>> line in MaraDNS.c and one line in udpsuccess.c that say "header.ra = >>> rd_val" >>> to say "header.ra = 0". >>> >>> - Sam >>> >>> I do not answer MaraDNS support requests sent by private email without >>> being >>> compensated for my time. I will discuss rates if you want this kind of >>> support. Thank you for your understanding. >> >> -- >> Cordialement, >> Alexandre Lepage >> Difuzer Enr. >> a.lepage at difuzer.com >> 418.554.0113 >> -- Cordialement, Alexandre Lepage Difuzer Enr. a.lepage at difuzer.com 418.554.0113 From m.ferlitsch at gmail.com Sun Aug 2 04:53:28 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sun, 2 Aug 2009 10:53:28 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> Message-ID: <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> Hi, ok, I recompiled the last patched version (maradns-Q.20090801.1.tar.bz2) and I disabled RA (#recursive_acl="0.0.0.0/0") but the error still exists ([TEST check if server is really recursive]: answer refused from server (IN/SOA: net.)) I also tried to compile with --authonly @ Alexandre Lepage: How did you compile the patched version? authonly or default? 2009/8/1, Alexandre Lepage : > > Hi, > > As Sam explained it, the problem is not coming from your mararc file. Read > his last emails if you're ready to recompile your maradns installation > (which just take a few minutes), or you can wait his fix as he said on > http://maradns.blogspot.com > > On Sat, 1 Aug 2009 22:58:36 +0200, Markus Ferlitsch > wrote: >> Hi, >> >> what did you change to the configuration from yesterday (error to >> today (success)??? >> >> Could you please post your mararc and zonefiles? >> >> I also have now the same problem like you yesterday. :-( >> >> Thanks a lot! >> >> >> 2009/8/1, Alexandre Lepage : >>> >>> I made the two little changes you suggested, recompiled maradns, and it >>> works just fine. As you see there I don't get the error anymore : >>> http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en >>> >>> Thanks a lot for your precious help, and I want you to know that I share >>> your opinion about .fr registrars ^^ (and I think a lot of people do) >>> >>> On Sat, 1 Aug 2009 03:26:58 -0500, Sam Trenholme >>> wrote: >>>>> Actually, this may be a case of checking the RA flag. RD/RA has > always >>>>> been a hack with MaraDNS' code; I'll look at it tomorrow. Time to go >>>>> to >>>>> bed, it has been a very long day. >>>>> >>>> >>>> OK, before signing off: The RA (Recursion Available) bit echoes the RD >>>> (Recursion desired) bit; this is needed so MaraDNS works with some >>>> brain-dead DNS code when running as a recursive DNS server. >>>> >>>> Can you recompile MaraDNS? The patch to change things so RA is always >>> zero >>>> is pretty small, but you need to be able to recompile MaraDNS to use > it. >>>> >>>> What I can do is fix some issues and release MaraDNS 1.3.14: >>>> >>>> * Change js_str code to use type fixed-length integers (this >>> is >>>> the only way to use those type of integers and have the code compile on >>>> multiple platforms) >>>> >>>> * Have it, so if MaraDNS is compiled as an authoritative-only DNS >>>> server, >>>> RA >>>> is always set to zero. This will fix the problem with the anal and >>>> annoying >>>> French registrar who wastes their time caring about what this bit says, >>> and >>>> refusing to register domains who have this set to 1 but don't have >>>> recursion. >>>> >>>> Timeframe: Whenever I get around to it. If you can't wait, just change >>> one >>>> line in MaraDNS.c and one line in udpsuccess.c that say "header.ra = >>>> rd_val" >>>> to say "header.ra = 0". >>>> >>>> - Sam >>>> >>>> I do not answer MaraDNS support requests sent by private email without >>>> being >>>> compensated for my time. I will discuss rates if you want this kind of >>>> support. Thank you for your understanding. >>> >>> -- >>> Cordialement, >>> Alexandre Lepage >>> Difuzer Enr. >>> a.lepage at difuzer.com >>> 418.554.0113 >>> > > -- > Cordialement, > Alexandre Lepage > Difuzer Enr. > a.lepage at difuzer.com > 418.554.0113 > From strenholme.usenet at gmail.com Sun Aug 2 12:17:23 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 2 Aug 2009 11:17:23 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> Message-ID: <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> > > ok, I recompiled the last patched version > (maradns-Q.20090801.1.tar.bz2) and I disabled RA > (#recursive_acl="0.0.0.0/0") but the error still exists ([TEST check > if server is really recursive]: answer refused from server (IN/SOA: > net.)) > Markus, I just released a new MaraDNS snapshot which should fix your issue. There is a bug in MaraDNS with how RA is set which I'm working on fixing so French users can register with the AFNIC using MaraDNS as a server. To download: http://www.maradns.org/download/1.3/snap/200908/maradns-Q.20090802.1.tar.bz2 Expand the tarball ("tar -xjf maradns-Q.20090802.1.tar.bz2"), enter the maradns-Q-20090802.1 directory, then type in "./configure ; make". Take the resulting "maradns" binary located at maradns-Q-20090802.1/server/maradns and replace the copy of MaraDNS on your server with this new binary. Next, make sure recursion is disabled ("recursive_acl" is not set in your mararc file), and run this version of MaraDNS. At this point, you should be able to register your domain with AFNIC without any issues stopping the registration. Now that I've helped you, I would like to get some help. I would like help with making a FAQ entry for people who will have this AFNIC issue in the future before I release MaraDNS 1.3.14 later on this week. Is there anything besides the "you have recursion enabled but we can't recurse with your DNS server" issue that stops people using MaraDNS from registering their .fr domain? I will add a pointer to http://www.maradns.org/faq.html#rdns because that's another issue people have reported here. OK, here's my plan to release MaraDNS 1.3.14: * If there's anyone here with a Solaris box handy or an account on a Solaris machine, please let me know if the maradns-Q-20090802.1 snapshot (download instructions above) compiles on Solaris. While I don't actively support Solaris, I do want my program to be cross-platform enough to compile on various OSes for people willing to get things to work without people holding their hand. * I need to set up some automated tests to make sure RA has reasonable values. It should be 0 if MaraDNS doesn't have recursion enabled for people who have to deal with AFNIC's nonsense; it should be 1 for recursive replies for people who have to deal with brain-dead DNS servers that won't accept recursive replies if RA isn't 1. * Add a FAQ entry for people having to deal with AFNIC's nonsense. People dealing with AFNIC can help me here; just let me know what you had to do to get your domain to be happy with AFNIC. I think the only blocker is the RA issue. At the same time, I will continue working on MaraDNS 2.0. Deadwood (the name for MaraDNS 2.0's recursive resolver) right now has RR rotation work; I will get TTL aging to work, then will update the automated tests to handle RR rotation/TTL aging, make it possible to disable RR rotation and TTL aging, and release Deadwood 2.4.05. - Sam Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From m.ferlitsch at gmail.com Sun Aug 2 12:35:55 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sun, 2 Aug 2009 18:35:55 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> Message-ID: <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> Hi, so I tried the new version from 02.08.2009. I compiled it with ./configure; make here is my mararc: bind_address="ip of ns3" chroot_dir = "/etc/maradns" default_rrany_set = 3 csv2 = {} csv2["mydomain.com."] = "db.mydomain.com" tcp_convert_acl = "0.0.0.0/0" tcp_convert_server = "ip of ns3" verbose_level = 3 But the error from zonecheck still exists: [TEST check if server is really recursive]: answer refused from server (IN/SOA: net.) * ns2.mydomain.com./ip ns2 * ns3.mydomain.com./ip ns3 * ns1.mydomain.com./ip ns1 If I try a NsLookup (http://network-tools.com/nslook/Default.asp) I only get answers for domains my dns server manage. If I try to ask data for google.com I get a Query refused, which signs that RA is really disabled! Do you have any other idea? What else did Alexandre change? Is this your latest mararc? http://su2.difuzer.com/alex/mararc.txt 2009/8/2, Sam Trenholme : >> >> ok, I recompiled the last patched version >> (maradns-Q.20090801.1.tar.bz2) and I disabled RA >> (#recursive_acl="0.0.0.0/0") but the error still exists ([TEST check >> if server is really recursive]: answer refused from server (IN/SOA: >> net.)) >> > > Markus, > > I just released a new MaraDNS snapshot which should fix your issue. There > is a bug in MaraDNS with how RA is set which I'm working on fixing so French > users can register with the AFNIC using MaraDNS as a server. > > To download: > > http://www.maradns.org/download/1.3/snap/200908/maradns-Q.20090802.1.tar.bz2 > > Expand the tarball ("tar -xjf maradns-Q.20090802.1.tar.bz2"), enter the > maradns-Q-20090802.1 directory, then type in "./configure ; make". Take the > resulting "maradns" binary located at maradns-Q-20090802.1/server/maradns > and replace the copy of MaraDNS on your server with this new binary. > > Next, make sure recursion is disabled ("recursive_acl" is not set in your > mararc file), and run this version of MaraDNS. At this point, you should be > able to register your domain with AFNIC without any issues stopping the > registration. > > Now that I've helped you, I would like to get some help. > > I would like help with making a FAQ entry for people who will have this > AFNIC issue in the future before I release MaraDNS 1.3.14 later on this > week. Is there anything besides the "you have recursion enabled but we > can't recurse with your DNS server" issue that stops people using MaraDNS > from registering their .fr domain? > > I will add a pointer to http://www.maradns.org/faq.html#rdns because that's > another issue people have reported here. > > OK, here's my plan to release MaraDNS 1.3.14: > > * If there's anyone here with a Solaris box handy or an account on a Solaris > machine, please let me know if the maradns-Q-20090802.1 snapshot (download > instructions above) compiles on Solaris. While I don't actively support > Solaris, I do want my program to be cross-platform enough to compile on > various OSes for people willing to get things to work without people holding > their hand. > > * I need to set up some automated tests to make sure RA has reasonable > values. It should be 0 if MaraDNS doesn't have recursion enabled for people > who have to deal with AFNIC's nonsense; it should be 1 for recursive replies > for people who have to deal with brain-dead DNS servers that won't accept > recursive replies if RA isn't 1. > > * Add a FAQ entry for people having to deal with AFNIC's nonsense. People > dealing with AFNIC can help me here; just let me know what you had to do to > get your domain to be happy with AFNIC. I think the only blocker is the RA > issue. > > At the same time, I will continue working on MaraDNS 2.0. Deadwood (the > name for MaraDNS 2.0's recursive resolver) right now has RR rotation work; I > will get TTL aging to work, then will update the automated tests to handle > RR rotation/TTL aging, make it possible to disable RR rotation and TTL > aging, and release Deadwood 2.4.05. > > - Sam > > Note: I do not answer MaraDNS support requests sent by private email without > being compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. > From m.ferlitsch at gmail.com Sun Aug 2 12:40:06 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sun, 2 Aug 2009 18:40:06 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> Message-ID: <1900c9640908020940g158dea2fg5d73e8d221919413@mail.gmail.com> Addon: Alexandre mararc: #recursive_acl = "91.121.92.210" and down in the file I found: ipv4_alias["mynetwork"] = "213.251.161.162,91.121.92.210" recursive_acl = "mynetwork" Also he seems to have enabled RA between his zwo nameservers From m.ferlitsch at gmail.com Sun Aug 2 12:50:56 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sun, 2 Aug 2009 18:50:56 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> <7148005cef82688113991db74810ab47@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> Message-ID: <1900c9640908020950q12c457b1odcb18844ab4b68f9@mail.gmail.com> Hi, could you please post your latest mararc again? Thanks! 2009/8/1, Alexandre Lepage : > > If you could, would be nice I could try it. > > I searched on my side too, and I found the detailed list of tests performed > by ZoneCheck for the .fr domains : > http://www.afnic.fr/outils/zonecheck/tests > > The error comes from this test : > Test "correct_recursive_flag" (MANDATORY) > Serveur de nom r?ellement r?cursif (Name server really recursive) > > Here is my mararc file, in case it could come from it : > http://su2.difuzer.com/alex/mararc.txt > > Thanks > > On Fri, 31 Jul 2009 23:54:30 -0500, Sam Trenholme > wrote: >>> >>> >>> And about the reverse question... ZoneCheck is te software used by the >>> AFNIC (the association in charge of .fr registration) and I'm pretty > sure >>> I'm doing something wrong >> >> >> DJB mumbles darkly about the things you need to do to make domains work >> with >> the .fr domain: >> >> http://cr.yp.to/djbdns/dot-fr.html >> >> I will have to translate it in to MaraDNS config data. > > -- > Cordialement, > Alexandre Lepage > Difuzer Enr. > a.lepage at difuzer.com > 418.554.0113 > From a.lepage at difuzer.com Sun Aug 2 12:58:10 2009 From: a.lepage at difuzer.com (Alexandre Lepage) Date: Sun, 02 Aug 2009 18:58:10 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> Message-ID: <25f8f1a97ac2a7ce7a47c9bca1b485e0@localhost> Tests performed by ZoneCheck sucks a lot, so the error may be coming from another one. Do you have other errors/warnings ? Show us your mararc file and the zone concerned. On Sun, 2 Aug 2009 18:35:55 +0200, Markus Ferlitsch wrote: > Hi, > > so I tried the new version from 02.08.2009. > > I compiled it with ./configure; make > > here is my mararc: > > bind_address="ip of ns3" > chroot_dir = "/etc/maradns" > default_rrany_set = 3 > csv2 = {} > csv2["mydomain.com."] = "db.mydomain.com" > tcp_convert_acl = "0.0.0.0/0" > tcp_convert_server = "ip of ns3" > verbose_level = 3 > > But the error from zonecheck still exists: > > [TEST check if server is really recursive]: answer refused from server > (IN/SOA: net.) > > * ns2.mydomain.com./ip ns2 > * ns3.mydomain.com./ip ns3 > * ns1.mydomain.com./ip ns1 > > If I try a NsLookup (http://network-tools.com/nslook/Default.asp) I > only get answers for domains my dns server manage. If I try to ask > data for google.com I get a Query refused, which signs that RA is > really disabled! > > Do you have any other idea? > > What else did Alexandre change? Is this your latest mararc? > http://su2.difuzer.com/alex/mararc.txt > > > 2009/8/2, Sam Trenholme : >>> >>> ok, I recompiled the last patched version >>> (maradns-Q.20090801.1.tar.bz2) and I disabled RA >>> (#recursive_acl="0.0.0.0/0") but the error still exists ([TEST check >>> if server is really recursive]: answer refused from server (IN/SOA: >>> net.)) >>> >> >> Markus, >> >> I just released a new MaraDNS snapshot which should fix your issue. >> There >> is a bug in MaraDNS with how RA is set which I'm working on fixing so >> French >> users can register with the AFNIC using MaraDNS as a server. >> >> To download: >> >> http://www.maradns.org/download/1.3/snap/200908/maradns-Q.20090802.1.tar.bz2 >> >> Expand the tarball ("tar -xjf maradns-Q.20090802.1.tar.bz2"), enter the >> maradns-Q-20090802.1 directory, then type in "./configure ; make". Take >> the >> resulting "maradns" binary located at maradns-Q-20090802.1/server/maradns >> and replace the copy of MaraDNS on your server with this new binary. >> >> Next, make sure recursion is disabled ("recursive_acl" is not set in your >> mararc file), and run this version of MaraDNS. At this point, you should >> be >> able to register your domain with AFNIC without any issues stopping the >> registration. >> >> Now that I've helped you, I would like to get some help. >> >> I would like help with making a FAQ entry for people who will have this >> AFNIC issue in the future before I release MaraDNS 1.3.14 later on this >> week. Is there anything besides the "you have recursion enabled but we >> can't recurse with your DNS server" issue that stops people using MaraDNS >> from registering their .fr domain? >> >> I will add a pointer to http://www.maradns.org/faq.html#rdns because >> that's >> another issue people have reported here. >> >> OK, here's my plan to release MaraDNS 1.3.14: >> >> * If there's anyone here with a Solaris box handy or an account on a >> Solaris >> machine, please let me know if the maradns-Q-20090802.1 snapshot >> (download >> instructions above) compiles on Solaris. While I don't actively support >> Solaris, I do want my program to be cross-platform enough to compile on >> various OSes for people willing to get things to work without people >> holding >> their hand. >> >> * I need to set up some automated tests to make sure RA has reasonable >> values. It should be 0 if MaraDNS doesn't have recursion enabled for >> people >> who have to deal with AFNIC's nonsense; it should be 1 for recursive >> replies >> for people who have to deal with brain-dead DNS servers that won't accept >> recursive replies if RA isn't 1. >> >> * Add a FAQ entry for people having to deal with AFNIC's nonsense. >> People >> dealing with AFNIC can help me here; just let me know what you had to do >> to >> get your domain to be happy with AFNIC. I think the only blocker is the >> RA >> issue. >> >> At the same time, I will continue working on MaraDNS 2.0. Deadwood (the >> name for MaraDNS 2.0's recursive resolver) right now has RR rotation >> work; I >> will get TTL aging to work, then will update the automated tests to >> handle >> RR rotation/TTL aging, make it possible to disable RR rotation and TTL >> aging, and release Deadwood 2.4.05. >> >> - Sam >> >> Note: I do not answer MaraDNS support requests sent by private email >> without >> being compensated for my time. I will discuss rates if you want this kind >> of >> support. Thank you for your understanding. >> -- Cordialement, Alexandre Lepage Difuzer Enr. a.lepage at difuzer.com 418.554.0113 From a.lepage at difuzer.com Sun Aug 2 12:59:11 2009 From: a.lepage at difuzer.com (Alexandre Lepage) Date: Sun, 02 Aug 2009 18:59:11 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908020940g158dea2fg5d73e8d221919413@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907312154p1746fe81l96fccba628915faa@mail.gmail.com> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020940g158dea2fg5d73e8d221919413@mail.gmail.com> Message-ID: Well I did in order to "fake" a recursive server before Sam gave the patch, but now this line is still commented out. On Sun, 2 Aug 2009 18:40:06 +0200, Markus Ferlitsch wrote: > Addon: > > Alexandre mararc: > > #recursive_acl = "91.121.92.210" > > and down in the file I found: > > ipv4_alias["mynetwork"] = "213.251.161.162,91.121.92.210" > recursive_acl = "mynetwork" > > Also he seems to have enabled RA between his zwo nameservers -- Cordialement, Alexandre Lepage Difuzer Enr. a.lepage at difuzer.com 418.554.0113 From strenholme.usenet at gmail.com Sun Aug 2 13:23:06 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 2 Aug 2009 12:23:06 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> Message-ID: <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> > > But the error from zonecheck still exists: > > [TEST check if server is really recursive]: answer refused from server > (IN/SOA: net.) > > * ns2.mydomain.com./ip ns2 > * ns3.mydomain.com./ip ns3 > * ns1.mydomain.com./ip ns1 > Sorry about that; I forgot to make a one-line change so the RA bit is never set unless recursive_acl is set. I think I've fixed it. Try this version of MaraDNS: http://www.maradns.org/download/1.3/snap/200908/maradns-Q.20090802.2.tar.bz2 If you still have problems, let us know. I want a cookbook for getting MaraDNS to work with AFNIC so other people in France don't have these issues. - Sam From m.ferlitsch at gmail.com Sun Aug 2 14:40:54 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sun, 2 Aug 2009 20:40:54 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908010107p57315629h12cdf7a7b2e3518e@mail.gmail.com> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> Message-ID: <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> I tried the latest version this are the fatal errors at zonecheck: f: [TEST check if server is really recursive]: answer refused from server (IN/SOA: net.) * ns2... * ns3... * ns1... f: [TEST loopback is resolvable]: answer refused from server (IN/PTR: 1.0.0.127.in-addr.arpa.) * ns2. * ns1. f: [TEST root-servers list present]: answer refused from server (IN/NS: .) * ns2. * ns3. * ns1. f: [TEST root-servers list identical to ICANN]: answer refused from server (IN/NS: .) * ns2... * ns3... * ns1... I put the latest maradns only to ns3 server. the others are running the older version. 2009/8/2, Sam Trenholme : >> >> But the error from zonecheck still exists: >> >> [TEST check if server is really recursive]: answer refused from server >> (IN/SOA: net.) >> >> * ns2.mydomain.com./ip ns2 >> * ns3.mydomain.com./ip ns3 >> * ns1.mydomain.com./ip ns1 >> > > Sorry about that; I forgot to make a one-line change so the RA bit is never > set unless recursive_acl is set. I think I've fixed it. Try this version > of MaraDNS: > > http://www.maradns.org/download/1.3/snap/200908/maradns-Q.20090802.2.tar.bz2 > > If you still have problems, let us know. I want a cookbook for getting > MaraDNS to work with AFNIC so other people in France don't have these > issues. > > - Sam > From strenholme.usenet at gmail.com Sun Aug 2 19:18:31 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 2 Aug 2009 18:18:31 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908010126i400fb34bif4bcf6acd5dd2a8d@mail.gmail.com> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> Message-ID: <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> >I tried the latest version >this are the fatal errors at zonecheck: OK, which version of MaraDNS are you using? Give us the output of the following: ./maradns --version Also, give us the answer of a query like this for a DNS name you actually serve, e.g.: askmara -v A{domain.com}. {127.0.0.4} | grep Recurs Replace {domain.com} with the name of a domain name you serve with MaraDNS; replace {127.0.0.4} with the IP of your MaraDNS server. - Sam From strenholme.usenet at gmail.com Sun Aug 2 19:26:52 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 2 Aug 2009 18:26:52 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <5c02e76a3c51eee38771df3ce65b9f99@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> Message-ID: <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> > ./maradns --version > > Also, give us the answer of a query like this for a DNS name you actually > serve, e.g.: > > askmara -v A{domain.com}. {127.0.0.4} | grep Recurs > > Replace {domain.com} with the name of a domain name you serve with > MaraDNS; replace {127.0.0.4} with the IP of your MaraDNS server. > Actually, I want to see the output of the following: maradns --version grep recursive /etc/mararc askmara -v Agoogle.com. 127.0.0.1 | grep Recurs askmara -v Aexample.com. 127.0.0.1 | grep Recurs Replace "127.0.0.1" with the IP of your DNS server; replace "example.com" with a name your MaraDNS server actually serves. I won't be able to help you more until you give the this information. - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From m.ferlitsch at gmail.com Mon Aug 3 03:14:28 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Mon, 3 Aug 2009 09:14:28 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908011358t2f34d9dbkf42814d304441780@mail.gmail.com> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> Message-ID: <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> Hi, here is the output: root at OpenWrt:~# maradns --version This is MaraDNS version Q.20090802.2 Compiled on a Linux system at Mon Aug 3 00:25:43 CEST 2009 For usage information, 'man maradns' root at OpenWrt:~# root at OpenWrt:/etc# grep recursive /etc/mararc #recursive_acl="0.0.0.0/0" #recursive_acl = "mynetwork" root at OpenWrt:/etc# root at OpenWrt:/etc# askmara -v Agoogle.com. 85.125.xx.xx | grep Recurs Recurs desired: 1 Recurs available: 0 root at OpenWrt:/etc# root at OpenWrt:/etc# askmara -v Amydomain.com. 85.125.xx.xx | grep Recurs Recurs desired: 1 Recurs available: 1 root at OpenWrt:/etc# 2009/8/3, Sam Trenholme : >> ./maradns --version >> >> Also, give us the answer of a query like this for a DNS name you actually >> serve, e.g.: >> >> askmara -v A{domain.com}. {127.0.0.4} | grep Recurs >> >> Replace {domain.com} with the name of a domain name you serve with >> MaraDNS; replace {127.0.0.4} with the IP of your MaraDNS server. >> > > Actually, I want to see the output of the following: > > maradns --version > > grep recursive /etc/mararc > > askmara -v Agoogle.com. 127.0.0.1 | grep Recurs > > askmara -v Aexample.com. 127.0.0.1 | grep Recurs > > Replace "127.0.0.1" with the IP of your DNS server; replace "example.com" > with a name your MaraDNS server actually serves. > > I won't be able to help you more until you give the this information. > > - Sam > > I do not answer MaraDNS support requests sent by private email without being > compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. > From strenholme.usenet at gmail.com Mon Aug 3 10:11:07 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 3 Aug 2009 09:11:07 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> Message-ID: <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> >root at OpenWrt:~# maradns --version >This is MaraDNS version Q.20090802.2 >Compiled on a Linux system at Mon Aug 3 00:25:43 CEST 2009 >For usage information, 'man maradns' >root at OpenWrt:/etc# askmara -v Amydomain.com. 85.125.xx.xx | grep Recurs >Recurs desired: 1 >Recurs available: 1 OK, add the following two lines to your mararc file: admin_acl = "0.0.0.0/0" debug_msg_level = 1 Once you do this, send the output of the following query to the MaraDNS mailing list: askmara Tversion.maradns. 85.125.xx.xx - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From m.ferlitsch at gmail.com Mon Aug 3 13:10:19 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Mon, 3 Aug 2009 19:10:19 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908020153t3076b133v55492970811e9c7d@mail.gmail.com> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> Message-ID: <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> root at OpenWrt:/# askmara Tversion.maradns. 85.125.xx.xx # Querying the server with the IP 85.125.xx.xx # Question: Tversion.maradns. version.maradns. +770616 txt 'MaraDNS version Q.20090802.2' # NS replies: # AR replies: root at OpenWrt:/# 2009/8/3, Sam Trenholme : >>root at OpenWrt:~# maradns --version >>This is MaraDNS version Q.20090802.2 >>Compiled on a Linux system at Mon Aug 3 00:25:43 CEST 2009 >>For usage information, 'man maradns' > >>root at OpenWrt:/etc# askmara -v Amydomain.com. 85.125.xx.xx | grep Recurs >>Recurs desired: 1 >>Recurs available: 1 > > OK, add the following two lines to your mararc file: > > admin_acl = "0.0.0.0/0" > debug_msg_level = 1 > > Once you do this, send the output of the following query to the MaraDNS > mailing list: > > askmara Tversion.maradns. 85.125.xx.xx > > - Sam > > I do not answer MaraDNS support requests sent by private email without being > compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. > From strenholme.usenet at gmail.com Mon Aug 3 13:24:44 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 3 Aug 2009 12:24:44 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908020917o73bc3f99n426e495ec558fb47@mail.gmail.com> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> Message-ID: <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> All I can say at this point then is "works for me": $ askmara -v Adomain.com. 127.0.0.4 | grep avail Recurs available: 0 $ askmara Tversion.maradns. 127.0.0.4 # Querying the server with the IP 127.0.0.4 # Question: Tversion.maradns. version.maradns. +770616 txt 'MaraDNS version Q.20090802.2' # NS replies: # AR replies: The only way you can get a "Recursion available" from MaraDNS Q.20090802.2 is if you enable it in your mararc file with "recursive_acl". There's something else going on here; make sure there is no maradns binary on your system besides the Q.20090802.2 binary. I'm thinking, at this point, you were using a different version of MaraDNS when the "askmara -v Aname.foo. | grep avail" was run, or the program is using a different mararc file. - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From m.ferlitsch at gmail.com Mon Aug 3 13:51:11 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Mon, 3 Aug 2009 19:51:11 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908020935t5ea0cc89r28cac523765cd1cf@mail.gmail.com> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> Message-ID: <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> hm, strange :) You are right that ns1 and ns2 are running maradns 1.3.?.? but ns3 runs the Q.20090802.2 (maradns-Q.20090802.2.tar.bz2) And the last commands were send only to ns3 (Q.20090802.2) 2009/8/3, Sam Trenholme : > All I can say at this point then is "works for me": > > $ askmara -v Adomain.com. 127.0.0.4 | grep avail > Recurs available: 0 > $ askmara Tversion.maradns. 127.0.0.4 > # Querying the server with the IP 127.0.0.4 > # Question: Tversion.maradns. > version.maradns. +770616 txt 'MaraDNS version Q.20090802.2' > # NS replies: > # AR replies: > > The only way you can get a "Recursion available" from MaraDNS Q.20090802.2 > is if you enable it in your mararc file with "recursive_acl". There's > something else going on here; make sure there is no maradns binary on your > system besides the Q.20090802.2 binary. > > I'm thinking, at this point, you were using a different version of MaraDNS > when the "askmara -v Aname.foo. | grep avail" was run, or the program is > using a different mararc file. > > - Sam > > I do not answer MaraDNS support requests sent by private email without being > compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. > From strenholme.usenet at gmail.com Mon Aug 3 14:03:00 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 3 Aug 2009 13:03:00 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908021023v5f4103f8q1566ac086a9c6f9c@mail.gmail.com> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> Message-ID: <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> >hm, strange :) Yep; the next step is to use a very simple mararc file and start MaraDNS with that mararc file. Use a mararc like this: ipv4_bind_addresses = "10.3.28.79" chroot_dir = "/etc/maradns" csv2 = {} csv2["example.com."] = "db.example.com" admin_acl = "0.0.0.0/0" debug_msg_level = 1 Have this be your *entire* mararc file. Once you do that, again: askmara -v Aexample.com. | grep avail askmara Tversion.maradns. From m.ferlitsch at gmail.com Mon Aug 3 14:48:27 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Mon, 3 Aug 2009 20:48:27 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908021140n58aef793l381d724ef7809670@mail.gmail.com> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> Message-ID: <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> oh shit recursive_acl="192.168.1.1/24" was active from my last trial&errors :) now it's disabled root at OpenWrt:/etc# askmara Tversion.maradns. 85.125.xx.xx # Querying the server with the IP 85.125.xx.xx # Question: Tversion.maradns. version.maradns. +770616 txt 'MaraDNS version Q.20090802.2' # NS replies: # AR replies: root at OpenWrt:/etc# root at OpenWrt:/etc# askmara -v AMyDomainWhichServersMaradns.com. 85.125.xx.xx | grep avail Recurs available: 1 root at OpenWrt:/etc# root at OpenWrt:/etc# askmara -v Agoogle.de. 85.125.xx.xx | grep avail Recurs available: 0 root at OpenWrt:/etc# But Recurs at domains which are managed by the maradns server are still set to 1 Should this not also be 0 like when I ask for google.de? I also will try with your "small" mararc 2009/8/3, Sam Trenholme : >>hm, strange :) > > Yep; the next step is to use a very simple mararc file and start MaraDNS > with that mararc file. Use a mararc like this: > > ipv4_bind_addresses = "10.3.28.79" > chroot_dir = "/etc/maradns" > csv2 = {} > csv2["example.com."] = "db.example.com" > admin_acl = "0.0.0.0/0" > debug_msg_level = 1 > > > Have this be your *entire* mararc file. Once you do that, again: > > askmara -v Aexample.com. | grep avail > > askmara Tversion.maradns. > From m.ferlitsch at gmail.com Mon Aug 3 14:52:52 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Mon, 3 Aug 2009 20:52:52 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> Message-ID: <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> with small mararc same like with my mararc root at OpenWrt:/etc# askmara -v AMyDomainWhichServersMaradns.com. 85.125.xx.xx | grep avail Recurs available: 1 root at OpenWrt:/etc# askmara -v Agoogle.de. 85.125.xx.xx | grep avail Recurs available: 0 root at OpenWrt:/etc# askmara Tversion.maradns. 85.125.xx.xx # Querying the server with the IP 85.125.xx.xx # Question: Tversion.maradns. version.maradns. +770616 txt 'MaraDNS version Q.20090802.2' # NS replies: # AR replies: root at OpenWrt:/etc# 2009/8/3, Markus Ferlitsch : > oh shit recursive_acl="192.168.1.1/24" was active from my last trial&errors > :) > > now it's disabled > > root at OpenWrt:/etc# askmara Tversion.maradns. 85.125.xx.xx > # Querying the server with the IP 85.125.xx.xx > # Question: Tversion.maradns. > version.maradns. +770616 txt 'MaraDNS version Q.20090802.2' > # NS replies: > # AR replies: > root at OpenWrt:/etc# > > root at OpenWrt:/etc# askmara -v AMyDomainWhichServersMaradns.com. > 85.125.xx.xx | grep avail > Recurs available: 1 > root at OpenWrt:/etc# > > > root at OpenWrt:/etc# askmara -v Agoogle.de. 85.125.xx.xx | grep avail > Recurs available: 0 > root at OpenWrt:/etc# > > But Recurs at domains which are managed by the maradns server are > still set to 1 Should this not also be 0 like when I ask for > google.de? > > I also will try with your "small" mararc > > 2009/8/3, Sam Trenholme : >>>hm, strange :) >> >> Yep; the next step is to use a very simple mararc file and start MaraDNS >> with that mararc file. Use a mararc like this: >> >> ipv4_bind_addresses = "10.3.28.79" >> chroot_dir = "/etc/maradns" >> csv2 = {} >> csv2["example.com."] = "db.example.com" >> admin_acl = "0.0.0.0/0" >> debug_msg_level = 1 >> >> >> Have this be your *entire* mararc file. Once you do that, again: >> >> askmara -v Aexample.com. | grep avail >> >> askmara Tversion.maradns. >> > From strenholme.usenet at gmail.com Mon Aug 3 14:59:05 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 3 Aug 2009 13:59:05 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908021618y70f5252arec49a70df38e76be@mail.gmail.com> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> Message-ID: <7bd685720908031159o4aefce2fs8f0c37dd6b640a03@mail.gmail.com> >But Recurs at domains which are managed by the maradns server are >still set to 1 Should this not also be 0 like when I ask for google.de? No, recursive answers should always have Recursion available set to 1; otherwise some brain-dead DNS resolvers reject the recursive queries. - Sam From strenholme.usenet at gmail.com Mon Aug 3 15:00:55 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 3 Aug 2009 14:00:55 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908021626n52871e37mcc8d602537e07c31@mail.gmail.com> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> Message-ID: <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> >Recurs available: 0 OK, looks good. At this point, add the minimum number of lines to your mararc needed to get MaraDNS to serve your zones, and see if "Recurs available" is still 0. If it is, try again with AFNIC to see if they are now happy with your zone. - Sam From m.ferlitsch at gmail.com Mon Aug 3 15:07:57 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Mon, 3 Aug 2009 21:07:57 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> Message-ID: <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> I also tried a askmara to Alexandres server: root at OpenWrt:/etc# askmara -v Agoogle.com. 91.121.92.210 | grep Recurs Recurs desired: 1 Recurs available: 0 root at OpenWrt:/etc# askmara -v Adifuzer.com. 91.121.92.210 | grep Recurs Recurs desired: 1 Recurs available: 0 root at OpenWrt:/etc# askmara -v AMyDomainWhichServersMaradns.com. 85.125.xx.xx | grep Recurs Recurs desired: 1 Recurs available: 1 root at OpenWrt:/etc# askmara -v Agoogle.de. 85.125.xx.xx | grep Recurs Recurs desired: 1 Recurs available: 0 root at OpenWrt:/etc# Why Alexandres server returns by managed domains also Recurs availbele 0? My server return 1! I also tried a zonecheck but sill the same error [TEST check if server is really recursive]: answer refused from server (IN/SOA: net.) * ns2.my.com./80.xxx.xx.xx * ns3.my.com./85.125.xx.xx * ns1.my.com./85.1xx.xx.xx ns1 and ns2 are ok, because there is running older maradns, but ns3 should work now, shouldn't it? 2009/8/3, Sam Trenholme : >>Recurs available: 0 > > OK, looks good. At this point, add the minimum number of lines to your > mararc needed to get MaraDNS to serve your zones, and see if "Recurs > available" is still 0. If it is, try again with AFNIC to see if they are > now happy with your zone. > > - Sam > From m.ferlitsch at gmail.com Mon Aug 3 15:22:38 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Mon, 3 Aug 2009 21:22:38 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> Message-ID: <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> I tried a query via web nslookup http://network-tools.com/nslook/Default.asp domain: difuzer.com ns: ns1.difuzer.com -->recursion desired: True recursion avail: False domain: mydomain.com ns: ns3.my.com --> recursion desired: True recursion avail: False Query type was ANY domain: difuzer.com ns: ns1.difuzer.com -->recursion desired: True recursion avail: False domain: mydomain.com ns: ns3.my.com --> recursion desired: True recursion avail: True Query type was A Adress Also there seems to be a otherproblem!? Alexandres server sends other data (ANY vs A) 2009/8/3, Markus Ferlitsch : > I also tried a askmara to Alexandres server: > > root at OpenWrt:/etc# askmara -v Agoogle.com. 91.121.92.210 | grep Recurs > Recurs desired: 1 > Recurs available: 0 > root at OpenWrt:/etc# askmara -v Adifuzer.com. 91.121.92.210 | grep Recurs > Recurs desired: 1 > Recurs available: 0 > root at OpenWrt:/etc# askmara -v AMyDomainWhichServersMaradns.com. > 85.125.xx.xx | grep Recurs > Recurs desired: 1 > Recurs available: 1 > root at OpenWrt:/etc# askmara -v Agoogle.de. 85.125.xx.xx | grep Recurs > Recurs desired: 1 > Recurs available: 0 > root at OpenWrt:/etc# > > Why Alexandres server returns by managed domains also Recurs availbele > 0? My server return 1! > > I also tried a zonecheck but sill the same error > > [TEST check if server is really recursive]: answer refused from > server (IN/SOA: net.) > > * ns2.my.com./80.xxx.xx.xx > * ns3.my.com./85.125.xx.xx > * ns1.my.com./85.1xx.xx.xx > > ns1 and ns2 are ok, because there is running older maradns, but ns3 > should work now, shouldn't it? > > > 2009/8/3, Sam Trenholme : >>>Recurs available: 0 >> >> OK, looks good. At this point, add the minimum number of lines to your >> mararc needed to get MaraDNS to serve your zones, and see if "Recurs >> available" is still 0. If it is, try again with AFNIC to see if they are >> now happy with your zone. >> >> - Sam >> > From m.ferlitsch at gmail.com Mon Aug 3 15:33:47 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Mon, 3 Aug 2009 21:33:47 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908030014h50fd58bbi3183d4b73a8b339b@mail.gmail.com> <7bd685720908030711q1cecd5b7yb6d71d9f725e055e@mail.gmail.com> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> Message-ID: <1900c9640908031233o6e96fed3m791a5ae4f2a73aa0@mail.gmail.com> Recurs available: 0 was only at google.com and no at domains which are managed by my server So, my server don't return 0 for domains he manages :( 2009/8/3, Sam Trenholme : >>Recurs available: 0 > > OK, looks good. At this point, add the minimum number of lines to your > mararc needed to get MaraDNS to serve your zones, and see if "Recurs > available" is still 0. If it is, try again with AFNIC to see if they are > now happy with your zone. > > - Sam > From strenholme.usenet at gmail.com Mon Aug 3 17:01:51 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 3 Aug 2009 16:01:51 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908031010s2029b388we2e0eadfde3c83f9@mail.gmail.com> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> Message-ID: <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> >do.domain: mydomain.com >ns: ns3.my.co m >--> recursion desired: True recursion avail: True OK, you're not doing something I am telling you to do. Let me make it simpler so it works: * Make sure you are using as version of MaraDNS that can not have the RA set. To do this, make sure you delete every single copy of MaraDNS you may have on your server. Once you do this, recompile MaraDNS as a server WITHOUT recursion: ./configure --authonly ; make This will ensure that the RA bit is ALWAYS cleared. * Make sure there is, nowhere, and I mean NOWHERE in your mararc file a line that says "recursive_acl". If you have any such line in your mararc file, remove it now. Don't comment it out. REMOVE IT. If you need both recursion and authoritative support, use another copy of MaraDNS on another IP. You can't have both authoritative and recursive support in MaraDNS, and have it so AFNIC thinks the server doesn't have recursion. RA simply indicates recursion is available; it doesn't mean recursion is available to AFNIC, but AFNIC has this need to go above and beyond the RFCs and think that, if RA is set, that means anyone on the internet can make recursive queries with their DNS server. Anyway, it's really important you follow all of my directions. I asked you if there were any copies of recursive_acl in your MaraRC file, you told me there weren't, but in truth there was. Again, my AFNIC fix makes it so you need to use another instance of MaraDNS on another IP if you want recursion. - Sam From strenholme.usenet at gmail.com Mon Aug 3 18:19:54 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 3 Aug 2009 17:19:54 -0500 Subject: Proposed AFNIC FAQ entry Message-ID: <7bd685720908031519n6b7196c1pea0b915ad1d15da@mail.gmail.com> Since there has been an issue with AFNIC, I am going to add a new MaraDNS FAQ: -- Q: I am having problems registering my domain with AFNIC (the registrar for .fr domains) A: Because of an issue with AFNIC (who, annoyingly enough, check the RA bit when registering a domain), in order to register a domain with AFNIC using MaraDNS as your DNS server, the following steps needs to be followed: 1) MaraDNS version 1.3.14 or higher needs to be used; if you're using an older version of MaraDNS, upgrade. 2) It is necessary to have recursion disabled. This can be done either by compiling MaraDNS without recursive support (./configure --authonly ; make), or by making sure MaraDNS does not have recursion enabled (by not having recursive_acl set in one's mararc file) If one wishes to both register domains with AFNIC and use MaraDNS as a recursive DNS server, it is required to have the recursive server be a separate instance of MaraDNS on a separate IP. It is not possible to have the same DNS server both send DNS packets in a way that both makes AFNIC happy and allows recursive queries. Note also that AFNIC gives warnings about reverse DNS lookups; more information about this issue can be found in the FAQ entry about reverse DNS mappings: http://www.maradns.org/faq.html#rdns -- Are there any errors in this FAQ entry? - Sam From m.ferlitsch at gmail.com Mon Aug 3 20:27:14 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Tue, 4 Aug 2009 02:27:14 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908031024m4d6682e6n3e202217b47273ea@mail.gmail.com> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> Message-ID: <1900c9640908031727v2d41591n18663a29d21dbb34@mail.gmail.com> ok, but some mails before you wrote I should compile with ./configure ; make also not a authonly version. Because of this unclear info I wanted to know how Alexandre compiled his maradns. I will try it tomorrow - it's time for bed :) (at time the recursive_acl lines were only comment out but the mistake that one line was active came because I tried other configuration - and then I forgot to disable it again - sorry PS: Now I have compiles your last version normally and all recursiv_acl are comment out. Normally it should work, shouldn't? 2009/8/3, Sam Trenholme : >>do.domain: mydomain.com >>ns: ns3.my.co m >>--> recursion desired: True recursion avail: True > > OK, you're not doing something I am telling you to do. Let me make it > simpler so it works: > > * Make sure you are using as version of MaraDNS that can not have the RA > set. > > To do this, make sure you delete every single copy of MaraDNS you may have > on your server. Once you do this, recompile MaraDNS as a server WITHOUT > recursion: > > ./configure --authonly ; make > > This will ensure that the RA bit is ALWAYS cleared. > > * Make sure there is, nowhere, and I mean NOWHERE in your mararc file a line > that says "recursive_acl". If you have any such line in your mararc file, > remove it now. Don't comment it out. REMOVE IT. > > If you need both recursion and authoritative support, use another copy of > MaraDNS on another IP. You can't have both authoritative and recursive > support in MaraDNS, and have it so AFNIC thinks the server doesn't have > recursion. > > RA simply indicates recursion is available; it doesn't mean recursion is > available to AFNIC, but AFNIC has this need to go above and beyond the RFCs > and think that, if RA is set, that means anyone on the internet can make > recursive queries with their DNS server. > > Anyway, it's really important you follow all of my directions. I asked you > if there were any copies of recursive_acl in your MaraRC file, you told me > there weren't, but in truth there was. > > Again, my AFNIC fix makes it so you need to use another instance of MaraDNS > on another IP if you want recursion. > > - Sam > From strenholme.usenet at gmail.com Mon Aug 3 21:02:40 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 3 Aug 2009 20:02:40 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908031727v2d41591n18663a29d21dbb34@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908031051o11fc042aq956db2a2e3f25007@mail.gmail.com> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> <1900c9640908031727v2d41591n18663a29d21dbb34@mail.gmail.com> Message-ID: <7bd685720908031802t5a6382e1w14c56f051b3ada@mail.gmail.com> >will try it tomorrow - it's time for bed :) Sweet dreams...dulces sue?os. :) I too am bilingual, unfortunately my other language is Spanish, not French, because they told me Spanish was easier, and because, in California, there's a lot more Spanish around with 33% of the people there speaking the language >Normally it should work, shouldn't? I hope so. I want to see this issue resolved so I can close this ticket and add a AFNIC FAQ. The reason why I'm not going to have it so one can have both recursion and giving the correct RA for AFNIC is because the next version won't allow recursion and authoritative DNS on the same IP, so the less I have to massage the older soon-to-be-deprecated recursive resolver, the better. - Sam From strenholme.usenet at gmail.com Tue Aug 4 14:00:38 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 4 Aug 2009 13:00:38 -0500 Subject: MaraDNS 1.3.14 released; I'm closing the AFNIC issue Message-ID: <7bd685720908041100n6da61f35w97a0001994397c6c@mail.gmail.com> I have released MaraDNS 1.3.14 today; this should allow people to register their domain with AFNIC if they correctly configure MaraDNS (enabled DNS-over-TCP as per http://maradns.org/tutorial/dnstcp.html ; not enabling recursion as per http://maradns.org/faq.html#afnic ; etc.) That in mind, I am now closing the AFNIC ticket. MaraDNS works with AFNIC's particular anal set of rules; if it doesn't, re-open the ticket. Since I don't have any .fr domains, any information to be added to the AFNIC MaraDNS FAQ entry needs to be contributed by users. The release *should* also fix the Solaris compile issues reported a couple of months ago, and has a few other small patches, such as a patch that allows MaraDNS to compile in OpenBSD. http://www.maradns.org/download.html http://maradns.blogspot.com/ - Sam I do not support MaraDNS via private email. You are free to download and use MaraDNS without paying me, but private email support will cost you money. From m.ferlitsch at gmail.com Tue Aug 4 14:53:32 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Tue, 4 Aug 2009 20:53:32 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908031802t5a6382e1w14c56f051b3ada@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908031103y2edaf718p1f46c12c9a8b9c97@mail.gmail.com> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> <1900c9640908031727v2d41591n18663a29d21dbb34@mail.gmail.com> <7bd685720908031802t5a6382e1w14c56f051b3ada@mail.gmail.com> Message-ID: <1900c9640908041153k15c53583k5e90b7c81a1edd86@mail.gmail.com> Hi, the configure --authonly version works fine But why the nomally compiled version do not work. What is the difference between the authonly and the normal version? The authonly binary is smaller than the other. Why there is not only one version and the authonly configurable via the mararc file? Would this not be better? 2009/8/4, Sam Trenholme : > >will try it tomorrow - it's time for bed :) > Sweet dreams...dulces sue?os. :) I too am bilingual, unfortunately my other > language is Spanish, not French, because they told me Spanish was easier, > and because, in California, there's a lot more Spanish around with 33% of > the people there speaking the language > >>Normally it should work, shouldn't? > I hope so. I want to see this issue resolved so I can close this ticket and > add a AFNIC FAQ. > > The reason why I'm not going to have it so one can have both recursion and > giving the correct RA for AFNIC is because the next version won't allow > recursion and authoritative DNS on the same IP, so the less I have to > massage the older soon-to-be-deprecated recursive resolver, the better. > > - Sam > From m.ferlitsch at gmail.com Tue Aug 4 15:03:44 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Tue, 4 Aug 2009 21:03:44 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908041153k15c53583k5e90b7c81a1edd86@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908031148k629f455cxefaa77b613cf2740@mail.gmail.com> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> <1900c9640908031727v2d41591n18663a29d21dbb34@mail.gmail.com> <7bd685720908031802t5a6382e1w14c56f051b3ada@mail.gmail.com> <1900c9640908041153k15c53583k5e90b7c81a1edd86@mail.gmail.com> Message-ID: <1900c9640908041203n37fe7e7bsb835833651266200@mail.gmail.com> in the normally compiled binary there still seems the bug that when no recursion is enabled in mararc file he sets the Recurs available to 1 instead to 0 (for managed domains) :( 2009/8/4, Markus Ferlitsch : > Hi, the configure --authonly version works fine > > But why the nomally compiled version do not work. > What is the difference between the authonly and the normal version? > The authonly binary is smaller than the other. > Why there is not only one version and the authonly configurable via > the mararc file? Would this not be better? > > 2009/8/4, Sam Trenholme : >> >will try it tomorrow - it's time for bed :) >> Sweet dreams...dulces sue?os. :) I too am bilingual, unfortunately my >> other >> language is Spanish, not French, because they told me Spanish was easier, >> and because, in California, there's a lot more Spanish around with 33% of >> the people there speaking the language >> >>>Normally it should work, shouldn't? >> I hope so. I want to see this issue resolved so I can close this ticket >> and >> add a AFNIC FAQ. >> >> The reason why I'm not going to have it so one can have both recursion >> and >> giving the correct RA for AFNIC is because the next version won't allow >> recursion and authoritative DNS on the same IP, so the less I have to >> massage the older soon-to-be-deprecated recursive resolver, the better. >> >> - Sam >> > From m.ferlitsch at gmail.com Tue Aug 4 18:24:34 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Wed, 5 Aug 2009 00:24:34 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908041203n37fe7e7bsb835833651266200@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908031152p74e0b09auf7a1e2fc70532380@mail.gmail.com> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> <1900c9640908031727v2d41591n18663a29d21dbb34@mail.gmail.com> <7bd685720908031802t5a6382e1w14c56f051b3ada@mail.gmail.com> <1900c9640908041153k15c53583k5e90b7c81a1edd86@mail.gmail.com> <1900c9640908041203n37fe7e7bsb835833651266200@mail.gmail.com> Message-ID: <1900c9640908041524r3851e804n848c3238f98da891@mail.gmail.com> Now it works :) But only with configure --authonly ; make Addon: it would be a good idea to be disable/enable the -authonly mode in the mararc file So it also would be possible to bind maradns to wan ip without recursion and bind it to lan port with recursion then both variantes could run on the same system but for public only one mode and for internal use it would also work! Then the --authonly parameter at compiling could be removed. What do you think about this? 2009/8/4, Markus Ferlitsch : > in the normally compiled binary there still seems the bug that when no > recursion is enabled in mararc file he sets the Recurs available to 1 > instead to 0 (for managed domains) :( > > 2009/8/4, Markus Ferlitsch : >> Hi, the configure --authonly version works fine >> >> But why the nomally compiled version do not work. >> What is the difference between the authonly and the normal version? >> The authonly binary is smaller than the other. >> Why there is not only one version and the authonly configurable via >> the mararc file? Would this not be better? >> >> 2009/8/4, Sam Trenholme : >>> >will try it tomorrow - it's time for bed :) >>> Sweet dreams...dulces sue?os. :) I too am bilingual, unfortunately my >>> other >>> language is Spanish, not French, because they told me Spanish was >>> easier, >>> and because, in California, there's a lot more Spanish around with 33% >>> of >>> the people there speaking the language >>> >>>>Normally it should work, shouldn't? >>> I hope so. I want to see this issue resolved so I can close this ticket >>> and >>> add a AFNIC FAQ. >>> >>> The reason why I'm not going to have it so one can have both recursion >>> and >>> giving the correct RA for AFNIC is because the next version won't allow >>> recursion and authoritative DNS on the same IP, so the less I have to >>> massage the older soon-to-be-deprecated recursive resolver, the better. >>> >>> - Sam >>> >> > From strenholme.usenet at gmail.com Tue Aug 4 19:07:28 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 4 Aug 2009 18:07:28 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <1900c9640908041524r3851e804n848c3238f98da891@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720908031200t742f626cw9ea7c0caa0032637@mail.gmail.com> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> <1900c9640908031727v2d41591n18663a29d21dbb34@mail.gmail.com> <7bd685720908031802t5a6382e1w14c56f051b3ada@mail.gmail.com> <1900c9640908041153k15c53583k5e90b7c81a1edd86@mail.gmail.com> <1900c9640908041203n37fe7e7bsb835833651266200@mail.gmail.com> <1900c9640908041524r3851e804n848c3238f98da891@mail.gmail.com> Message-ID: <7bd685720908041607g448a0f53uee80c4fcc1193e8d@mail.gmail.com> >Now it works :) But only with configure --authonly ; make Not to be rude, but works for me. This is a standard build of MaraDNS 1.3.14 with recursive support: --- maradns & [1] 6750 $ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. To not display this message, add the follwing to your mararc file: hide_disclaimer = "YES" Using default ICANN root servers Log: Root directory changed Log: Binding to address 127.0.0.4 Log: Socket opened on UDP port 53 Log: Root privileges dropped Processing zone domain.com. right now. Filename: db.domain.com MaraDNS proudly serves you 10 DNS records MaraDNS maximum memory allocation set to 1613249536 bytes Log: All RRs have been loaded $ askmara Adomain.com. 127.0.0.4 # Querying the server with the IP 127.0.0.4 # Question: Adomain.com. domain.com. +3600 a 10.1.2.3 # NS replies: domain.com. +3600 ns ns1.nameserver.com. domain.com. +3600 ns ns3.nameserver.com. domain.com. +3600 ns ns2.nameserver.com. # AR replies: $ askmara -v Adomain.com. 127.0.0.4 | grep avail Recurs available: 1 $ kill %1 [1]+ Terminado maradns $ grep -v recursive_acl /etc/mararc > foo $ mv foo /etc/mararc $ maradns & [1] 6769 $ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. To not display this message, add the follwing to your mararc file: hide_disclaimer = "YES" Log: Root directory changed Log: Binding to address 127.0.0.4 Log: Socket opened on UDP port 53 Log: Root privileges dropped Processing zone domain.com. right now. Filename: db.domain.com MaraDNS proudly serves you 10 DNS records MaraDNS maximum memory allocation set to 2636800 bytes Log: All RRs have been loaded $ askmara -v Adomain.com. 127.0.0.4 | grep avail Recurs available: 0 $ maradns --version This is MaraDNS version 1.3.14 Compiled on a Linux system at mar ago 4 17:52:41 CDT 2009 For usage information, 'man maradns' --- Marcus, at this point, I've fixed the bug and you're doing something wrong. I've taken responsibility for fixing the bug MaraDNS had. As long as you use MaraDNS 1.3.14, and don't have recursion enabled (in other words, "grep -v recursive_acl /etc/mararc > foo ; mv foo /etc/mararc" [1]), MaraDNS, as you can see above, has RA set to zero for queries. This is, to be blunt, a problem between chair and keyboard (PBCAK) issue and I don't resolve those without being paid. I'm closing this ticket. The bug has been fixed. I'm not going to teach you how to use nano to find and remove all, not just some, but all references to "recursive_acl" in your mararc file, or how to delete all copies of older releases of MaraDNS from your path, or whatever it is that is causing your problem. Not unless you start paying me for my time. All of this discussion has uncovered a bug MaraDNS had, but the bug has been fixed at this point. Just do the "./configure --authonly ; make" thing; it fixes the problem for you. Thanks for your understanding. Please talk to another UNIX system administrator; don't waste everyone's time on the list with any more discussion about this issue. - Sam [1] If you can't read this but of UNIX scripting, don't do this; it's a little dangerous. From m.ferlitsch at gmail.com Wed Aug 5 04:31:27 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Wed, 5 Aug 2009 10:31:27 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720908041607g448a0f53uee80c4fcc1193e8d@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <1900c9640908031207h6f74276cp367e025da633746@mail.gmail.com> <1900c9640908031222y3848ef75yd057a116e76d1ca@mail.gmail.com> <7bd685720908031401l25036a11o21053ae4cf786f62@mail.gmail.com> <1900c9640908031727v2d41591n18663a29d21dbb34@mail.gmail.com> <7bd685720908031802t5a6382e1w14c56f051b3ada@mail.gmail.com> <1900c9640908041153k15c53583k5e90b7c81a1edd86@mail.gmail.com> <1900c9640908041203n37fe7e7bsb835833651266200@mail.gmail.com> <1900c9640908041524r3851e804n848c3238f98da891@mail.gmail.com> <7bd685720908041607g448a0f53uee80c4fcc1193e8d@mail.gmail.com> Message-ID: <1900c9640908050131u1961c27cucce145e8b2c39a87@mail.gmail.com> :-) with --authonly binary it works. I do not try any longer. Test results ---- warning ---- w: Can't find reverse for the nameserver IP address * ns3.mydomain.com./85.xx.xx.xx w: Reverse for the nameserver IP address doesn't match * ns2.mydomain.com./80.xx.xx.xx * ns1.mydomain.com./85.xx.xx.xx Final status SUCCESS (but 3 warning(s)) The warnings are ok, becuause reverse records are not set at the providers. Thanks, I can't send you money but maybe I will take a journey in the next years to CA, then I will invite you to a big big beer! 2009/8/5, Sam Trenholme : >>Now it works :) But only with configure --authonly ; make > > Not to be rude, but works for me. This is a standard build of MaraDNS > 1.3.14 with recursive support: > > --- > > maradns & > [1] 6750 > $ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR > IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES > OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. > IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, > INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES > (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR > SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, > STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING > IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > POSSIBILITY OF SUCH DAMAGE. > > To not display this message, add the follwing to your mararc file: > > hide_disclaimer = "YES" > > Using default ICANN root servers > Log: Root directory changed > Log: Binding to address 127.0.0.4 > Log: Socket opened on UDP port 53 > Log: Root privileges dropped > Processing zone domain.com. right now. > Filename: db.domain.com > MaraDNS proudly serves you 10 DNS records > MaraDNS maximum memory allocation set to 1613249536 bytes > Log: All RRs have been loaded > > $ askmara Adomain.com. 127.0.0.4 > # Querying the server with the IP 127.0.0.4 > # Question: Adomain.com. > domain.com. +3600 a 10.1.2.3 > # NS replies: > domain.com. +3600 ns ns1.nameserver.com. > domain.com. +3600 ns ns3.nameserver.com. > domain.com. +3600 ns ns2.nameserver.com. > # AR replies: > $ askmara -v Adomain.com. 127.0.0.4 | grep avail > Recurs available: 1 > $ kill %1 > [1]+ Terminado maradns > $ grep -v recursive_acl /etc/mararc > foo > $ mv foo /etc/mararc > $ maradns & > [1] 6769 > $ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR > IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES > OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. > IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, > INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES > (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR > SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, > STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING > IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > POSSIBILITY OF SUCH DAMAGE. > > To not display this message, add the follwing to your mararc file: > > hide_disclaimer = "YES" > > Log: Root directory changed > Log: Binding to address 127.0.0.4 > Log: Socket opened on UDP port 53 > Log: Root privileges dropped > Processing zone domain.com. right now. > Filename: db.domain.com > MaraDNS proudly serves you 10 DNS records > MaraDNS maximum memory allocation set to 2636800 bytes > Log: All RRs have been loaded > > $ askmara -v Adomain.com. 127.0.0.4 | grep avail > Recurs available: 0 > $ maradns --version > This is MaraDNS version 1.3.14 > Compiled on a Linux system at mar ago 4 17:52:41 CDT 2009 > For usage information, 'man maradns' > > --- > > Marcus, at this point, I've fixed the bug and you're doing something wrong. > I've taken responsibility for fixing the bug MaraDNS had. > > As long as you use MaraDNS 1.3.14, and don't have recursion enabled (in > other words, "grep -v recursive_acl /etc/mararc > foo ; mv foo /etc/mararc" > [1]), MaraDNS, as you can see above, has RA set to zero for queries. > > This is, to be blunt, a problem between chair and keyboard (PBCAK) issue and > I don't resolve those without being paid. I'm closing this ticket. The bug > has been fixed. > > I'm not going to teach you how to use nano to find and remove all, not just > some, but all references to "recursive_acl" in your mararc file, or how to > delete all copies of older releases of MaraDNS from your path, or whatever > it is that is causing your problem. Not unless you start paying me for my > time. > > All of this discussion has uncovered a bug MaraDNS had, but the bug has been > fixed at this point. Just do the "./configure --authonly ; make" thing; it > fixes the problem for you. > > Thanks for your understanding. Please talk to another UNIX system > administrator; don't waste everyone's time on the list with any more > discussion about this issue. > > - Sam > > [1] If you can't read this but of UNIX scripting, don't do this; it's a > little dangerous. > From mrogers at perspectivedata.com Wed Aug 5 14:30:45 2009 From: mrogers at perspectivedata.com (mrogers at perspectivedata.com) Date: Wed, 05 Aug 2009 14:30:45 -0400 Subject: Recursion not always working. Message-ID: <20090805143045.10795gfxiil7y9kw@mail.perspectivedata.com> Hello: I'm having an issue where maradns will not do a reverse lookup for a particular ip address. (there may be more but I just came across this issue and haven't found another.) The IP address that fails is: 68.73.75.40 Using the 4dnstools.com site I get the following answer: mailhost1.babcock.com However, maradns correctly resolves the rDNS for "17.254.0.91" to "www.apple.com". When it fails, I get, "status: SERVFAIL" and "WARNING: recursion requested but not available" when using dig, and "Recurs desired: 1", "Recurs available: 0" when using askmara. The mararc file contains the following line: recursive_acl = "127.0.0.1/8, 192.168.10.0/24, 192.168.23.0/24" All of our computers using any of the above subnets fail in the same manner. I've tested on two dns servers - one using maradns 1.3.07.08 and the other using maradns 1.3.13 Any help would be appreciated. michael - ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. From strenholme.usenet at gmail.com Thu Aug 6 10:43:58 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 6 Aug 2009 09:43:58 -0500 Subject: Recursion not always working. In-Reply-To: <20090805143045.10795gfxiil7y9kw@mail.perspectivedata.com> References: <20090805143045.10795gfxiil7y9kw@mail.perspectivedata.com> Message-ID: <7bd685720908060743q6924d3eby7287597a26f13c4a@mail.gmail.com> >I'm having an issue where maradns will not do a reverse lookup for a >particular ip address. (there may be more but I just came across this >issue and haven't found another.) This issue should be fixed when I release MaraDNS 2.0. I *hope* to release MaraDNS 2.0 before the end of the year, but, being an open source project, it might take longer. Here's what happening: I'm rewriting the recursive resolver for MaraDNS. The old code was always designed to be a placeholder until I wrote a new recursive resolver. The new recursive resolver is called "Deadwood"; right now it's a fully functional non-recursive DNS cache. It's being actively developed: http://maradns.blogspot.com/search/label/Deadwood As an aside, it's an interesting question with computer programmers when you should rewrite your code. Joel Spolsky argues you should never rewrite a program: http://www.joelonsoftware.com/articles/fog0000000069.html On the other hand, Bartosz Milewski argues that you should rewrite your code often to make it as clean and maintainable as possible: http://www.relisoft.com/book/index.htm I take the middle road. I currently have no plans to rewrite the authoritative code for MaraDNS; the design I had in 2001 works and after eight years still works today. The recursive code, however, was never something I was happy with. I learned a lot about what a DNS server needs to do to be a good recursive resolver when I wrote MaraDNS' original recursive resolver; I was, after months of testing and tweaking, able to get the code to work with the majority of domains; only a few corner cases don't resolve. Unfortunately, a lot of that tweaking to get MaraDNS' 1.0 recursive resolver to work resulted in a lot of ugly hacks to get things I didn't foresee when I started writing the code to resolve. By the time MaraDNS 1.0 came out, the recursive code was quite ugly. I have, since then, only done some minor tweaks to the code (getting CNAME-over-PTR working in late 2002; getting Microsoft.com to resolve again in early 2006). Since the old recursive code is a bit difficult to maintain, and since I *am* working on rewriting the recursive code, my rule is that I will only resolve issues where an Alexa top 500 site can not resolve with MaraDNS' current recursive resolver at all: http://maradns.blogspot.com/2009/05/alexa-top-500-list.html When Deadwood starts being able to process recursive DNS queries, I encourage people to test it to the limit and report any and all domains that don't correctly resolve. - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From jparrish at layerxtech.com Fri Aug 7 11:46:37 2009 From: jparrish at layerxtech.com (Joey Parrish) Date: Fri, 7 Aug 2009 10:46:37 -0500 Subject: maradns NAPTR bug + patch Message-ID: <02FBFCCB-FBA0-48C6-A6C7-3687A53E88FD@layerxtech.com> We've found that all version of maradns since 1.3.08 have a bug triggered by NAPTR records. Zone files fail to parse after an NAPTR record. There is a missing "break" statement in Csv2_parse.c after the clause "case RR_NAPTR:". In the latest snaphot (20090805.1), the break should be added on line 1789. The bug was introduced along with NAPTR support in 1.3.08. You can see the missing break in "update/1.3.08/maradns-1.3.07.04-naptr.patch" in the second chunk. Thanks for maradns. It's great stuff. --Joey Parrish Sr. Software Developer layerX Technologies, Inc. -------------- next part -------------- From strenholme.usenet at gmail.com Fri Aug 7 14:40:02 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 7 Aug 2009 13:40:02 -0500 Subject: maradns NAPTR bug + patch In-Reply-To: <02FBFCCB-FBA0-48C6-A6C7-3687A53E88FD@layerxtech.com> References: <02FBFCCB-FBA0-48C6-A6C7-3687A53E88FD@layerxtech.com> Message-ID: <7bd685720908071140s403fa98exbc798e44f2a6eb34@mail.gmail.com> >We've found that all version of maradns since 1.3.08 have a bug >triggered by NAPTR records. Zone files fail to parse after an NAPTR >record. I have made the fix part of today's snapshot of MaraDNS: http://www.maradns.org/download/1.3/snap/200908/ I would like to thank Joel for his contribution to MaraDNS. Joel: Make sure this fix works for you. - Sam From jparrish at layerxtech.com Fri Aug 7 14:48:04 2009 From: jparrish at layerxtech.com (Joey Parrish) Date: Fri, 7 Aug 2009 13:48:04 -0500 Subject: maradns NAPTR bug + patch In-Reply-To: <7bd685720908071140s403fa98exbc798e44f2a6eb34@mail.gmail.com> References: <02FBFCCB-FBA0-48C6-A6C7-3687A53E88FD@layerxtech.com> <7bd685720908071140s403fa98exbc798e44f2a6eb34@mail.gmail.com> Message-ID: On Aug 7, 2009, at 1:40 PM, Sam Trenholme wrote: > >We've found that all version of maradns since 1.3.08 have a bug > >triggered by NAPTR records. Zone files fail to parse after an NAPTR > >record. > > I have made the fix part of today's snapshot of MaraDNS: > > http://www.maradns.org/download/1.3/snap/200908/ > > I would like to thank Joel for his contribution to MaraDNS. > > Joel: Make sure this fix works for you. > Looks great. Thanks. --Joey Parrish layerX From hans.k2teknik at post5.tele.dk Sun Aug 23 18:06:01 2009 From: hans.k2teknik at post5.tele.dk (=?iso-8859-1?q?Hans=20K=2E=20Kj=E6rgaard?=) Date: Mon, 24 Aug 2009 00:06:01 +0200 Subject: Turnover of logfile References: Message-ID: <20090823220601.QMYB7230.fep52.mail.dk@post.tele.dk> Can maradns turnover the logfile in /var/log ones every night ? /Hans From hendry at iki.fi Sun Aug 23 18:10:14 2009 From: hendry at iki.fi (Kai Hendry) Date: Sun, 23 Aug 2009 23:10:14 +0100 Subject: Turnover of logfile In-Reply-To: <20090823220601.QMYB7230.fep52.mail.dk@post.tele.dk> References: <20090823220601.QMYB7230.fep52.mail.dk@post.tele.dk> Message-ID: Log rotation is usually done by a logrotate configuration. http://packages.qa.debian.org/l/logrotate.html From strenholme.usenet at gmail.com Sun Aug 23 23:52:43 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 23 Aug 2009 22:52:43 -0500 Subject: Turnover of logfile In-Reply-To: <20090823220601.QMYB7230.fep52.mail.dk@post.tele.dk> References: <20090823220601.QMYB7230.fep52.mail.dk@post.tele.dk> Message-ID: <7bd685720908232052y58368a05lfe4d4429cc1e8c39@mail.gmail.com> > Can maradns turnover the logfile in /var/log ones every night ? Nope, all MaraDNS does is output the log messages on standard output. Duende, which comes with MaraDNS, logs messages with syslog(). From shatgeist at googlemail.com Tue Aug 25 07:35:21 2009 From: shatgeist at googlemail.com (S.Geist) Date: Tue, 25 Aug 2009 14:35:21 +0300 Subject: MaraDNS crash on invalid configuration file Message-ID: Hello, I have a problem with maradns-1.3.07.09, it crashes on the attached configuration files (where db.example.com is invalid). In my case, (gdb) list 725 return 0; 726 } 727 728 ret = js_append_dname(o, stream, starwhitis); 729 730 if(o->unit_count > 1 && *(o->string + 1) == '.' && o->unit_count != 2){ 731 csv2_error(stream,"Dot can only be at beginning of hostname" 732 " for root ('.') hostname"); 733 return 0; 734 } the crash is caused by line 730 where o->string is NULL. (gdb) print o->string $4 = (unsigned char *) 0x0 (gdb) bt #0 0x0806e9a2 in process_dname (stream=0x9dfcef0, starwhitis=1) at Csv2_parse.c:730 #1 0x0806efa7 in csv2_get_hostname (stream=0x9dfcef0, zonename=0x9dfc8d0, starwhitis=1) at Csv2_parse.c:965 #2 0x08070378 in csv2_read_rr (state=0x9dfcea0, stream=0x9dfcef0, starwhitis=0) at Csv2_parse.c:1594 #3 0x0806d868 in csv2_parse_zone (filename=0x9dfc038, state=0x9dfcea0, starwhitis=0) at Csv2_main.c:618 #4 0x0806d76a in csv2_parse_zone_bighash (zone=0x9dfd5f8, filename=0x9dfc038, bighash=0x9dfcb28, starwhitis=0) at Csv2_main.c:581 #5 0x0806ca71 in csv2_parse_main_bighash (main_table=0x9dfcb28, starwhitis=0) at Csv2_main.c:95 #6 0x08053b31 in populate_main (maintable=0x9dfcb28, error=0x9df6130, recursive=0) at MaraBigHash.c:983 #7 0x08051671 in main (argc=3, argv=0xbfad32d4) at MaraDNS.c:4467 Can anybody confirm? From strenholme.usenet at gmail.com Tue Aug 25 12:18:27 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 25 Aug 2009 11:18:27 -0500 Subject: MaraDNS crash on invalid configuration file In-Reply-To: References: Message-ID: <7bd685720908250918o65f4ccfl1c179d47c01a39b9@mail.gmail.com> > I have a problem with maradns-1.3.07.09, it crashes on the attached > configuration files (where db.example.com is invalid). > Fixed: http://www.maradns.org/download/patches/maradns-1.3.14-geist.patch --- maradns-1.3.14/parse/Csv2_parse.c 2009-08-04 11:52:44.000000000 -0500 +++ maradns-1.3.15/parse/Csv2_parse.c 2009-08-25 11:05:19.000000000 -0500 @@ -723,7 +723,7 @@ /* Get 1st character; we use a sub function so we can use the * same code as process_something */ o = process_1stchar(stream,csv2_is_starwhitis_ordot,"Z"); - if(o == 0) { + if(o == 0 || o->string == 0) { return 0; } From strenholme.usenet at gmail.com Tue Aug 25 13:01:25 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 25 Aug 2009 12:01:25 -0500 Subject: Turnover of logfile In-Reply-To: References: <20090823220601.QMYB7230.fep52.mail.dk@post.tele.dk> Message-ID: <7bd685720908251001g40dc1ae6qe5c94dbb09cb0f62@mail.gmail.com> The rest of my reply was eaten, so I'll repost it: From strenholme.usenet at gmail.com Tue Aug 25 13:03:06 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 25 Aug 2009 12:03:06 -0500 Subject: Turnover of logfile In-Reply-To: <7bd685720908251001g40dc1ae6qe5c94dbb09cb0f62@mail.gmail.com> References: <20090823220601.QMYB7230.fep52.mail.dk@post.tele.dk> <7bd685720908251001g40dc1ae6qe5c94dbb09cb0f62@mail.gmail.com> Message-ID: <7bd685720908251003t501ba5e0s638aa4f92b4ba44d@mail.gmail.com> Remy: Looks like a spam filter is eating links to MaraDNS documentation. > From TFM at http colon slash slash www.maradns.org slash tutorial slash man.duende.html > >>All messages created by the child process are sent to syslog() with a priority of LOG_INFO and a "facility" of LOG_DAEMON; should duende itself encounter an error, it will send messages to syslog() with a priority of LOG_ALERT.< > > It's up to syslog() or what not to rotate these log messages. ?Syslog > is a daemon which handles log messages; "man syslog.conf" and "man > syslog" might help you out, as might a friendly Google search. > > - Sam > > Note: I do not answer MaraDNS support requests sent by private email > without being compensated for my time. I will discuss rates if you > want this kind of support. Thank you for your understanding. > From strenholme.usenet at gmail.com Tue Aug 25 13:20:53 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 25 Aug 2009 12:20:53 -0500 Subject: Turnover of logfile In-Reply-To: <7bd685720908251003t501ba5e0s638aa4f92b4ba44d@mail.gmail.com> References: <20090823220601.QMYB7230.fep52.mail.dk@post.tele.dk> <7bd685720908251001g40dc1ae6qe5c94dbb09cb0f62@mail.gmail.com> <7bd685720908251003t501ba5e0s638aa4f92b4ba44d@mail.gmail.com> Message-ID: <7bd685720908251020h2a70c753s19349ca978db9343@mail.gmail.com> > Remy: Looks like a spam filter is eating links to MaraDNS documentation. Actually the spam filter only affects the archives of mailing list postings; the other archive ("archive #2" link from www.maradns.org homepage) preserves the links. OK, strange, and apologies for the multiple postings to the list.