From strenholme.usenet at gmail.com Sun Feb 1 12:20:04 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 1 Feb 2009 11:20:04 -0600 Subject: zoneserver logging of originating IP In-Reply-To: <3b1323220901291045l3c2aef52k83da83d35c0d3892@mail.gmail.com> References: <3b1323220901291045l3c2aef52k83da83d35c0d3892@mail.gmail.com> Message-ID: <7bd685720902010920u18c14f28wcd6a371a0025b0dc@mail.gmail.com> > In trying to troubleshoot some issues with secondaries that are not > managed by me, it would be helpful to know the IP address axfr > requests are coming from This is a legitimate feature request. I'll look in to implementing it if I can get a sponsor to help me for a small fee. > I even > spent some time trying to get zoneserver to work with xinetd since > there were some cryptic messages that this works but no implementation > details were provided and I had no success - any pointers on that > front? This I can explain. A few years ago, someone wanted to have inetd support for zoneserver, so I implemented it. It made the code much more messy, but I was a younger and more naive (or, perhaps, less cynical) programmer and implemented it. People didn't seem very interested in it, so I removed support for it between then 1.0 and 1.2 release, since I wanted to add other features to zoneserver, such as csv2 support and generic DNS-over-TCP support. The obsolete 1.0 release of MaraDNS should still support this, but you won't get csv2 support nor DNS-over-TCP: http://www.maradns.org/download/1.0/ IP logging should be easy (and I'll welcome either a small amount of money to sponsor me implementing it or a patch that implements it); restoring inetd support should also be possible, but will take a much bigger patch or a somewhat larger but still small amount of money for me to implement. - Sam Note: If you send me a MaraDNS-related support question, and are unwilling to compensate me for my time, I will probably not answer your question (giving you one of my form replies instead), and reserve the right to post your support email to the Mara-DNS mailing list so that the community at large can examine your issue. MaraDNS security vulnerability reports, however, will be dealt with and kept confidential. From tharrison at digitaladvisor.com Mon Feb 9 16:33:25 2009 From: tharrison at digitaladvisor.com (Tom Harrison) Date: Mon, 9 Feb 2009 16:33:25 -0500 Subject: Hostnames on an internal subnet that also resolve in public DNS Message-ID: <3AB22546-8538-46C9-BEFE-43DAE4CF8DA5@digitaladvisor.com> Hello -- re MaraDNS 1.2.12.08 running on Ubuntu/Debian... I need intercommunication of a cluster of servers living in a private network (10.x.x.x), but also need to get to the address of the hosts via public DNS. So, for example, web1.example.com might resolve to 10.0.0.1, routable only within the subnet, but from an external location (our office) would resolve to a publicly routable IP like 98.76.544.321. Within the subnet the servers also need to get at public addresses too, like google.com. I have all of this working with the config below. However, some of the addresses for our domain are not in the subnet, e.g. our office "corp.example.com"; these are public addresses that can be resolved by the upstream servers. Is there a way to configure MaraDNS so that a "miss" on a name like "corp.example.dom" is passed along thus resolving to its public address? mararc: ipv4_bind_addresses = "10.252.110.37" chroot_dir = "/etc/maradns" hide_disclaimer = "YES" recursive_acl = "10.0.0.0/8" upstream_servers = {} upstream_servers["."] = "172.16.0.23" csv2 = {} csv2["example.com."] = "db.example.com" db.example.com: master.example.com. 10.252.110.37 web1.example.com. 10.252.46.6 From wsummers at deerfield.edu Tue Feb 10 11:26:24 2009 From: wsummers at deerfield.edu (Summers, William) Date: Tue, 10 Feb 2009 11:26:24 -0500 Subject: No subject Message-ID: <2E5D0601FD7C9942992BCF406FF10E380444F8C1@mail2k3.da.edu> I'm having a build error on OpenBSD 4.4/amd64. Here it is: cc -DVERSION=\"\" -DCOMPILED=\"\" -o maradns MaraDNS.c MaraBigHash.o recursive.o timestamp.o read_kvars.o MaraAnyChain.o udpsuccess.o ../libs/JsStr.o ../libs/JsStrOS.o ../libs/JsStrCP.o ../libs/MaraHash.o ../qual/qual_timestamp.o ../dns/Queries.o ../dns/Compress.o ../dns/bobbit.o ../dns/Decompress.o ../parse/ParseMaraRc.o ../parse/ParseCsv1.o ../parse/ParseIpAcl.o ../parse/Parse_ipv6.o ../parse/Csv2_read.o ../parse/Csv2_main.o ../parse/Csv2_parse.o ../parse/Csv2_rr_soa.o ../parse/Csv2_rr_aaaa.o ../parse/Csv2_rr_a.o ../parse/Csv2_rr_wks.o ../parse/Csv2_database.o ../parse/Csv2_rr_txt.o ../parse/Csv2_esc_txt.o ../rng/rng-api-fst.o ../rng/rng-alg-fst.o -lpthread udpsuccess.o(.text+0x4d6): In function `udpsuccess': : undefined reference to `long_packet' collect2: ld returned 1 exit status *** Error code 1 Stop in /root/src/maradns/maradns-1.3.07.09/server (line 55 of Makefile). The authoritative server builds/runs fine (with a couple of simple tweaks.) The error occurs only in the recursive code. William Summers Network Administrator Information Technology Services Deerfield Academy From wsummers at deerfield.edu Tue Feb 10 12:21:33 2009 From: wsummers at deerfield.edu (Summers, William) Date: Tue, 10 Feb 2009 12:21:33 -0500 Subject: build error Message-ID: <2E5D0601FD7C9942992BCF406FF10E380444F8C2@mail2k3.da.edu> Solved I had built an authonly binary earlier. A make clean let me build the recursive binary without a hitch. William Summers Network Administrator Information Technology Services Deerfield Academy From strenholme.usenet at gmail.com Tue Feb 10 12:28:30 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 10 Feb 2009 11:28:30 -0600 Subject: MaraDNS sponsorship possibility: OpenBSD support Message-ID: <7bd685720902100928t2a6de14k7d05b7f700632a8e@mail.gmail.com> > I'm having a build error on OpenBSD 4.4/amd64. MaraDNS (the last snapshot) builds fine on Ubuntu Linux 8.10/amd64. If you have a patch that resolves this issue, send it to the mailing list. Also, I am willing to look at and resolve this issue if someone is willing to sponsor MaraDNS support on OpenBSD. Prices are reasonable and I can download an OpenBSD 4.3 32-bit VMware image at chrysaor.info to work on; for a little more, I am willing to download and install OpenBSD 4.4 64-bit in a VMware image. Thank you for your support; sponsorship makes continued MaraDNS development possible. - Sam From strenholme.usenet at gmail.com Tue Feb 10 12:37:40 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 10 Feb 2009 11:37:40 -0600 Subject: Hostnames on an internal subnet that also resolve in public DNS In-Reply-To: <3AB22546-8538-46C9-BEFE-43DAE4CF8DA5@digitaladvisor.com> References: <3AB22546-8538-46C9-BEFE-43DAE4CF8DA5@digitaladvisor.com> Message-ID: <7bd685720902100937r7f083f39yb82ccafd6b88d043@mail.gmail.com> > I need intercommunication of a cluster of servers living in a private > network (10.x.x.x), but also need to get to the address of the hosts via > public DNS. So, for example, web1.example.com might resolve to 10.0.0.1, > routable only within the subnet, but from an external location (our office) > would resolve to a publicly routable IP like 98.76.544.321. Within the > subnet the servers also need to get at public addresses too, like > google.com. I have all of this working with the config below. This is a feature that MaraDNS does not support. If you wish to see MaraDNS have this feature, I would love to have someone sponsor adding this feature to MaraDNS. I will, in addition to adding this feature to MaraDNS, add you to the MaraDNS sponsors list and even put a note about your sponsorship at the bottom of the MaraDNS main web page: http://maradns.org/sponsors.html http://maradns.org/ Please email me in private to discuss prices, which are currently surprisingly reasonable. Sponsorship makes continued MaraDNS development possible. - Sam From KenL at GraphixWizard.com Tue Feb 10 12:59:48 2009 From: KenL at GraphixWizard.com (Ken Lyons - Graphix Wizard/Data-Forms) Date: Tue, 10 Feb 2009 12:59:48 -0500 Subject: [Fwd: Re: Hostnames on an internal subnet that also resolve in public DNS] Message-ID: <2009-041-12-5-1234288773-010619@gwizfl.org> I just run two DNS servers, (two running copies of maradns), one for public and one private resolving. I setup the server to have two Internal network addresses, i.e. 10.x.x.10 (53) = public DNS resolv 10.x.x.11 (53) = private DNS resolv And use the firewall to route who gets what... all WAN side request go to public and all LAN side go to private (or just setup local computers to go directly to the private dns address) Ken Lyons Tom Harrison wrote: > Hello -- re MaraDNS 1.2.12.08 running on Ubuntu/Debian... > > I need intercommunication of a cluster of servers living in a private > network (10.x.x.x), but also need to get to the address of the hosts > via public DNS. So, for example, web1.example.com might resolve to > 10.0.0.1, routable only within the subnet, but from an external > location (our office) would resolve to a publicly routable IP like > 98.76.544.321. Within the subnet the servers also need to get at > public addresses too, like google.com. I have all of this working > with the config below. > > However, some of the addresses for our domain are not in the subnet, > e.g. our office "corp.example.com"; these are public addresses that > can be resolved by the upstream servers. Is there a way to configure > MaraDNS so that a "miss" on a name like "corp.example.dom" is passed > along thus resolving to its public address? > > mararc: > ipv4_bind_addresses = "10.252.110.37" > chroot_dir = "/etc/maradns" > hide_disclaimer = "YES" > recursive_acl = "10.0.0.0/8" > upstream_servers = {} > upstream_servers["."] = "172.16.0.23" > csv2 = {} > csv2["example.com."] = "db.example.com" > > db.example.com: > master.example.com. 10.252.110.37 > web1.example.com. 10.252.46.6 > > > -- Ken Lyons / e/Solutions / IT Services *GraphixWizard/Data-Forms* */Toll Free/* 800.447.3676 */Direct/* 407.656.9742 */Fax/* 407.656.3353 kenl at graphixwizard.com hosting.graphixwizard.com From tharrison at digitaladvisor.com Wed Feb 11 09:25:54 2009 From: tharrison at digitaladvisor.com (Tom Harrison) Date: Wed, 11 Feb 2009 09:25:54 -0500 Subject: Hostnames on an internal subnet that also resolve in public DNS In-Reply-To: <2009-041-08-2-1234272168-017265@gwizfl.org> References: <2009-040-16-3-1234215283-031539@gwizfl.org> <2009-041-08-2-1234272168-017265@gwizfl.org> Message-ID: <9CAC5357-CFD4-4557-9D74-86C1C3174B5C@digitaladvisor.com> Thanks Ken, Running an additional DNS server is not practical in our environment (which is Amazon EC2) for several reasons. Amazon EC2 provides their own internal server to resolve their own internal addresses, as well as recursive DNS requests for public addresses from within the cloud. Also our SOA name server for publicly routable names and addresses is hosted elsewhere. I could accomplish everything I need by updating /etc/hosts on all of the servers, but this is not practical when you have multiple domains and an increasingly large number of servers that come and go. Having a single point of management, MaraDNS, becomes essential. So maybe my question could be rephrased as follows. Is it possible to configure MaraDNS to provide the same functionality of /etc/hosts? Specifically: 1) preferential name resolution to a locally routable address of a some hosts on our domains, 2) gracefully passes unresolved requests along to the public/recursive DNS server provided by our ISP, 3) even if some of the addresses are on the same domain as those we manage with MaraDNS. Thanks all! Tom On Feb 10, 2009, at 8:23 AM, Ken Lyons - Graphix Wizard/Data-Forms wrote: > I just run two DNS servers, (two running copies of maradns), one for > public and one private resolving. > I setup the server to have two Internal network addresses, i.e. > 10.x.x.10 (53) = public DNS resolv > 10.x.x.11 (53) = private DNS resolv > And use the firewall to route who gets what... > all WAN side request go to public and all LAN side go to private > (or just setup local computers to go directly to the private dns > address) > > Ken Lyons > > > > Tom Harrison wrote: >> >> Hello -- re MaraDNS 1.2.12.08 running on Ubuntu/Debian... >> >> I need intercommunication of a cluster of servers living in a >> private network (10.x.x.x), but also need to get to the address of >> the hosts via public DNS. So, for example, web1.example.com might >> resolve to 10.0.0.1, routable only within the subnet, but from an >> external location (our office) would resolve to a publicly routable >> IP like 98.76.544.321. Within the subnet the servers also need to >> get at public addresses too, like google.com. I have all of this >> working with the config below. >> >> However, some of the addresses for our domain are not in the >> subnet, e.g. our office "corp.example.com"; these are public >> addresses that can be resolved by the upstream servers. Is there a >> way to configure MaraDNS so that a "miss" on a name like >> "corp.example.dom" is passed along thus resolving to its public >> address? >> >> mararc: >> ipv4_bind_addresses = "10.252.110.37" >> chroot_dir = "/etc/maradns" >> hide_disclaimer = "YES" >> recursive_acl = "10.0.0.0/8" >> upstream_servers = {} >> upstream_servers["."] = "172.16.0.23" >> csv2 = {} >> csv2["example.com."] = "db.example.com" >> >> db.example.com: >> master.example.com. 10.252.110.37 >> web1.example.com. 10.252.46.6 >> >> >> From KenL at GraphixWizard.com Wed Feb 11 09:59:39 2009 From: KenL at GraphixWizard.com (Ken Lyons - Graphix Wizard/Data-Forms) Date: Wed, 11 Feb 2009 09:59:39 -0500 Subject: Hostnames on an internal subnet that also resolve in public DNS In-Reply-To: <2009-042-09-2-1234362445-007396@gwizfl.org> References: <2009-040-16-3-1234215283-031539@gwizfl.org> <2009-041-08-2-1234272168-017265@gwizfl.org> <2009-042-09-2-1234362445-007396@gwizfl.org> Message-ID: <2009-042-09-5-1234364360-017072@gwizfl.org> I don't know of anyway Mara can do that... This feature is often asked for, but I don't know of any workaround without changing the code or donating to Sam (best approach). == As before I use two dns copies in that instance. Mara by default is both authoritive and recursive.. if domain.com is listed, mara assumes that it will have all records for that domain and all subdomains. So if a certain subdomain doesn't exists it's going to return a Serv Fail instead of passing it on to the upstream DNS. If the domain isn't in mara it will gladly resolve it using the upstream DNS. ?? (Delegate specific subdomains to another DNS?) Maybe Sam knows if there is a switch that could have Mara change from ServFail ouput and jump to a recursive request instead... --giving the results you want. www.domain.com in mara, resolves, unknown.domain.com... would be ServFailed, but uses upstream to resolve, passing result. I don't believe there is one, but I don't know everything about mara. As far as the /etc/hosts.... why not just make a single hosts file and have each system update using wget or rsync, etc. Then it still single management point. Ken Tom Harrison wrote: > Thanks Ken, > > Running an additional DNS server is not practical in our environment > (which is Amazon EC2) for several reasons. Amazon EC2 provides their > own internal server to resolve their own internal addresses, as well > as recursive DNS requests for public addresses from within the cloud. > Also our SOA name server for publicly routable names and addresses is > hosted elsewhere. > > I could accomplish everything I need by updating /etc/hosts on all of > the servers, but this is not practical when you have multiple domains > and an increasingly large number of servers that come and go. Having a > single point of management, MaraDNS, becomes essential. > > So maybe my question could be rephrased as follows. Is it possible to > configure MaraDNS to provide the same functionality of /etc/hosts? > Specifically: > > 1) preferential name resolution to a locally routable address of a > some hosts on our domains, > > 2) gracefully passes unresolved requests along to the public/recursive > DNS server provided by our ISP, > > 3) even if some of the addresses are on the same domain as those we > manage with MaraDNS. > > Thanks all! > > Tom > > On Feb 10, 2009, at 8:23 AM, Ken Lyons - Graphix Wizard/Data-Forms wrote: > >> I just run two DNS servers, (two running copies of maradns), one for >> public and one private resolving. >> I setup the server to have two Internal network addresses, i.e. >> 10.x.x.10 (53) = public DNS resolv >> 10.x.x.11 (53) = private DNS resolv >> And use the firewall to route who gets what... >> all WAN side request go to public and all LAN side go to private >> (or just setup local computers to go directly to the private dns >> address) >> >> Ken Lyons >> >> >> >> Tom Harrison wrote: >>> >>> Hello -- re MaraDNS 1.2.12.08 running on Ubuntu/Debian... >>> >>> I need intercommunication of a cluster of servers living in a >>> private network (10.x.x.x), but also need to get to the address of >>> the hosts via public DNS. So, for example, web1.example.com might >>> resolve to 10.0.0.1, routable only within the subnet, but from an >>> external location (our office) would resolve to a publicly routable >>> IP like 98.76.544.321. Within the subnet the servers also need to >>> get at public addresses too, like google.com. I have all of this >>> working with the config below. >>> >>> However, some of the addresses for our domain are not in the subnet, >>> e.g. our office "corp.example.com"; these are public addresses that >>> can be resolved by the upstream servers. Is there a way to >>> configure MaraDNS so that a "miss" on a name like "corp.example.dom" >>> is passed along thus resolving to its public address? >>> >>> mararc: >>> ipv4_bind_addresses = "10.252.110.37" >>> chroot_dir = "/etc/maradns" >>> hide_disclaimer = "YES" >>> recursive_acl = "10.0.0.0/8" >>> upstream_servers = {} >>> upstream_servers["."] = "172.16.0.23" >>> csv2 = {} >>> csv2["example.com."] = "db.example.com" >>> >>> db.example.com: >>> master.example.com. 10.252.110.37 >>> web1.example.com. 10.252.46.6 >>> >>> >>> > > From strenholme.usenet at gmail.com Wed Feb 11 14:12:16 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 11 Feb 2009 13:12:16 -0600 Subject: Hostnames on an internal subnet that also resolve in public DNS In-Reply-To: <9CAC5357-CFD4-4557-9D74-86C1C3174B5C@digitaladvisor.com> References: <2009-040-16-3-1234215283-031539@gwizfl.org> <2009-041-08-2-1234272168-017265@gwizfl.org> <9CAC5357-CFD4-4557-9D74-86C1C3174B5C@digitaladvisor.com> Message-ID: <7bd685720902111112y3ce8cc2auc0866d18cf1da933@mail.gmail.com> OK, to clarify, what MaraDNS can't do (but what people have frequently asked for over the years) is have it so a given host name resolves differently depending on the IP someone has. > So maybe my question could be rephrased as follows. Is it possible to > configure MaraDNS to provide the same functionality of /etc/hosts? [...] > 3) even if some of the addresses are on the same domain as those we manage > with MaraDNS. Yes, MaraDNS can do this. In particular: It is possible to have MaraDNS resolve foo.example.com with the authoritative nameserver, but use recursion to resolve bar.example.com. This is done something like this: Make a zone called foo.invalid.example.com or what not. Then add entries to the zonefile that aren't part of this zone, such as "foo.example.com" or "www.amazon.com.phisher.nasty.example.net" For example, this 4-line mararc file will allow on to have IP addresses in the file named "db.list" similar to /etc/hosts: ipv4_bind_addresses = "127.0.0.1" recursive_acl = "127.0.0.1/8" csv2 = {} csv2["foo.invalid.example.com."] = "db.list" The file "db.list" can now look like /etc/hosts (but with the name before the IP): foo.example.com. 10.2.3.4 weirdname.local.foo. 10.2.3.5 etc. If you want a single name to have multiple IP addresses, that's also easy: foo.example.com. 10.2.3.5 foo.example.com. 10.2.3.4 You can even have non-A records: foo.example.com. TXT 'Foo!' From milan at physics.harvard.edu Mon Feb 16 21:33:13 2009 From: milan at physics.harvard.edu (Milan Kupcevic) Date: Mon, 16 Feb 2009 21:33:13 -0500 Subject: [MARA] Zoneserver mararc dns_port patch Message-ID: <499A21E9.9000502@physics.harvard.edu> Zoneserver should use dns_port variable from mararc to listen on, otherwise it should use port 53. From milan at physics.harvard.edu Tue Feb 17 01:08:47 2009 From: milan at physics.harvard.edu (milan at physics.harvard.edu) Date: Tue, 17 Feb 2009 01:08:47 -0500 (EST) Subject: [MARA] Zoneserver mararc dns_port patch Message-ID: Zoneserver should use dns_port variable from mararc to listen on, otherwise it should use port 53. diff -urN ./tcp/zoneserver.c ../maradns-Q.20090216.1/tcp/zoneserver.c --- ./tcp/zoneserver.c 2009-02-16 15:39:26.000000000 -0500 +++ ../maradns-Q.20090216.1/tcp/zoneserver.c 2009-02-16 19:28:31.000000000 -0500 @@ -76,6 +76,8 @@ to */ int udp_forward_server = 0; +int dns_port = 53; /* The default port for the zoneserver to listen on */ + int no_cname_warnings = 1; /* So we can link to MaraBigHash.o */ /* Signal handler for handling the exit of a child */ @@ -247,7 +249,7 @@ return 12; } -/* Bind to TCP port 53. +/* Bind to TCP dns_port. Input: pointer to socket to bind on, js_string with the dotted-decimal ip address to bind to Output: JS_ERROR on error, JS_SUCCESS on success @@ -281,7 +283,7 @@ /* Choose an IP and port to bind to */ memset(&dns_tcp,0,sizeof(dns_tcp)); dns_tcp.sin_family = AF_INET; - dns_tcp.sin_port = htons(53); + dns_tcp.sin_port = htons(dns_port); if((dns_tcp.sin_addr.s_addr = ip) == INADDR_NONE) return JS_ERROR; @@ -299,7 +301,7 @@ if(listen(*sock,250) == -1) return JS_ERROR; - /* We are now on TCP port 53. Leave */ + /* We are now on TCP dns_port. Leave */ return JS_SUCCESS; } @@ -1166,10 +1168,18 @@ mlog(L_CHROOT_SUCCESS); /* "Root directory changed" */ - /* Bind to port 53 + /* Bind to dns_port To Do: use capset to give us privledged bind abilities without needing to be root. */ + + /* Set the dns_port */ + dns_port = read_numeric_kvar("dns_port",53); + if(dns_port < 1 || dns_port > 65530) { + harderror("dns_port must be between 1 and 65530"); + exit(1); + } + if(inetd != 1) { /* If we are a standalone server */ ipv4pair *bind_addresses; int bind_address_iterate; @@ -1214,7 +1224,7 @@ dup2(stream1[1],2); /* Stderr redirection */ if(tcpbind(&sock, bind_addresses[bind_address_iterate].ip) == JS_ERROR) - harderror(L_BIND); /* "Problem binding to port 53.\nMost likely, another process is already listening on port 53" */ + harderror(L_BIND); /* "Problem binding to dns_port.\nMost likely, another process is already listening on dns_port" */ break; } bind_address_iterate++; @@ -1268,7 +1278,7 @@ } if(libtcp_create_bind_addrs() == JS_ERROR) harderror("libtcp_create_synthip_addrs"); - mlog(L_SOCKET_SUCCESS); /* "Socket opened on TCP port 53" */ + mlog(L_SOCKET_SUCCESS); /* "Socket opened on TCP dns_port" */ } /* Drop the elevated privileges */ @@ -1425,7 +1435,7 @@ 7: Both zone transfer and forward with recursion enabled */ if(verbose >= 2) - mlog(L_WAITING); /* "Awaiting data on port 53" */ + mlog(L_WAITING); /* "Awaiting data on dns_port" */ connection = gettcp(&sock,zonetransfer_acl,tcpconvert_acl, recursive_acl,500,&permissions); if(connection == JS_ERROR) From alex at digriz.org.uk Tue Feb 17 04:36:34 2009 From: alex at digriz.org.uk (Alexander Clouter) Date: Tue, 17 Feb 2009 09:36:34 +0000 Subject: Zoneserver mararc dns_port patch References: Message-ID: Hi, * milan at physics.harvard.edu [Tue, 17 Feb 2009 01:08:47 -0500 (EST)]: > > + /* Set the dns_port */ > + dns_port = read_numeric_kvar("dns_port",53); > + if(dns_port < 1 || dns_port > 65530) { > + harderror("dns_port must be between 1 and 65530"); > + exit(1); > + } Only to satisfy my curiousity, why '> 65530' and not '> 65535', otherwise known as 2^16 - 1? Cheers -- Alexander Clouter .sigmonster says: Reality is for people who lack imagination. From milan at physics.harvard.edu Tue Feb 17 08:55:46 2009 From: milan at physics.harvard.edu (Milan Kupcevic) Date: Tue, 17 Feb 2009 08:55:46 -0500 (EST) Subject: Zoneserver mararc dns_port patch In-Reply-To: References: Message-ID: On Tue, 17 Feb 2009, Alexander Clouter wrote: > Hi, > > * milan at physics.harvard.edu [Tue, 17 Feb 2009 01:08:47 -0500 (EST)]: > > > > + /* Set the dns_port */ > > + dns_port = read_numeric_kvar("dns_port",53); > > + if(dns_port < 1 || dns_port > 65530) { > > + harderror("dns_port must be between 1 and 65530"); > > + exit(1); > > + } > > Only to satisfy my curiousity, why '> 65530' and not '> 65535', > otherwise known as 2^16 - 1? > > Cheers > Zoneserver should act the same as MaraDNS acts. Take a look at /server/MaraDNS.c. Why MaraDNS limits listening ports to 1--65530 range is a mistery of itself. Milan From strenholme.usenet at gmail.com Fri Feb 20 15:39:10 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 20 Feb 2009 14:39:10 -0600 Subject: Zoneserver mararc dns_port patch In-Reply-To: References: Message-ID: <7bd685720902201239q7eee3c4fj147c5b8dfb56b3e7@mail.gmail.com> > Only to satisfy my curiousity, why '> 65530' and not '> 65535', > otherwise known as 2^16 - 1? I like having a "cushion of error" to stop things hitting the limits of values; this helps minimize possible security problems. I would like to thank Milan Kupcevic for submitting this patch; I will look at it next week sometime. William Summers provided me with a patch to compile MaraDNS under OpenBSD last week; I finally integrated this patch in to the "HEAD branch" of MaraDNS and it can be seen in a snapshot I uploaded yesterday (20090219): http://www.maradns.org/download/1.3/snap/200902 - Sam From strenholme.usenet at gmail.com Tue Feb 24 11:37:48 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 24 Feb 2009 10:37:48 -0600 Subject: [MARA] Zoneserver mararc dns_port patch In-Reply-To: References: Message-ID: <7bd685720902240837s15fe0b88idac621cc6ac9695f@mail.gmail.com> > Zoneserver should use dns_port variable from mararc to listen on, > otherwise it should use port 53. > > > diff -urN ./tcp/zoneserver.c ../maradns-Q.20090216.1/tcp/zoneserver.c > --- ./tcp/zoneserver.c 2009-02-16 15:39:26.000000000 -0500 > +++ ../maradns-Q.20090216.1/tcp/zoneserver.c 2009-02-16 This patch doesn't patch cleanly against the version of zoneserver in MaraDNS-1.3.13: 10:28:43 maradns-1.3.14 $ patch -p1 < ../Zoneserver/zoneserver.patch patching file tcp/zoneserver.c Hunk #1 succeeded at 76 with fuzz 1. Hunk #2 FAILED at 249. Hunk #3 FAILED at 283. Hunk #4 FAILED at 301. Hunk #5 FAILED at 1168. Hunk #6 FAILED at 1224. Hunk #7 FAILED at 1278. Hunk #8 FAILED at 1435. 7 out of 8 hunks FAILED -- saving rejects to file tcp/zoneserver.c.rej I only support adding new features to the development branch of MaraDNS; namely MaraDNS 1.3.13. If you want this patch to be accepted, please refactor the patch so it works with MaraDNS 1.3.13. The only changes I make to the 1.2.12 and 1.3.07 branches to MaraDNS are critical errors; mostly only security fixes. I don't have time to refactor this patch myself; I am working on the SQA tests for Deadwood (read the blog at http://maradns.blogspot.com for frequent updates). - Sam Note: If you send me a MaraDNS-related support question via private email, I will ask you to sponsor MaraDNS before I will address your concern. Thank you for your understanding. From strenholme.usenet at gmail.com Tue Feb 24 12:17:03 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 24 Feb 2009 11:17:03 -0600 Subject: [MARA] Zoneserver mararc dns_port patch In-Reply-To: <49A42902.7040602@physics.harvard.edu> References: <7bd685720902240837s15fe0b88idac621cc6ac9695f@mail.gmail.com> <49A42902.7040602@physics.harvard.edu> Message-ID: <7bd685720902240917p484b79a6s8084d1a5a27eced3@mail.gmail.com> > It patches cleanly against version 1.3.13 downloaded from > http://maradns.org/download/1.3/snap/200902/maradns-Q.20090216.1.tar.bz2 OK, I got a corrupted copy of the patch. I will see if I can get a clean copy from the mailing list archives (Gmail corrupts patches unless they are attached as files): - Sam From remco at webconquest.com Tue Feb 24 12:20:32 2009 From: remco at webconquest.com (Remco Rijnders) Date: Tue, 24 Feb 2009 18:20:32 +0100 Subject: [MARA] Zoneserver mararc dns_port patch In-Reply-To: <7bd685720902240917p484b79a6s8084d1a5a27eced3@mail.gmail.com> References: <7bd685720902240837s15fe0b88idac621cc6ac9695f@mail.gmail.com> <49A42902.7040602@physics.harvard.edu> <7bd685720902240917p484b79a6s8084d1a5a27eced3@mail.gmail.com> Message-ID: <49A42C60.6020003@webconquest.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sam Trenholme schreef: > OK, I got a corrupted copy of the patch. I will see if I can get a > clean copy from the mailing list archives (Gmail corrupts patches > unless they are attached as files): ... and attached files are stripped out by the mailing list software. I'll have a look to see if this can be worked around. - -- Jabber / GT: remmy at jabber.xs4all.nl ICQ: 760542 MSN: remco at webconquest.com PGP-key: 0xE4E2CDAB -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmkLGAACgkQP0wYCuTizauYMQCfSDJr6KxgXjyQ+ROdi0VdZPpR EYkAn3/9x/djypeOaBThaPvRvrMg/Ltx =s+d5 -----END PGP SIGNATURE----- From strenholme.usenet at gmail.com Tue Feb 24 12:56:17 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 24 Feb 2009 11:56:17 -0600 Subject: [MARA] Zoneserver mararc dns_port patch In-Reply-To: <49A42C60.6020003@webconquest.com> References: <7bd685720902240837s15fe0b88idac621cc6ac9695f@mail.gmail.com> <49A42902.7040602@physics.harvard.edu> <7bd685720902240917p484b79a6s8084d1a5a27eced3@mail.gmail.com> <49A42C60.6020003@webconquest.com> Message-ID: <7bd685720902240956j5f36171bs6834553c45672d39@mail.gmail.com> OK, I've got the patch to apply. I will now do some testing to see if the patch breaks anything, and release a MaraDNS snapshot later on today. Thank you for your contributions to MaraDNS. - Sam From strenholme.usenet at gmail.com Tue Feb 24 13:42:04 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 24 Feb 2009 12:42:04 -0600 Subject: [MARA] Zoneserver mararc dns_port patch In-Reply-To: <7bd685720902240956j5f36171bs6834553c45672d39@mail.gmail.com> References: <7bd685720902240837s15fe0b88idac621cc6ac9695f@mail.gmail.com> <49A42902.7040602@physics.harvard.edu> <7bd685720902240917p484b79a6s8084d1a5a27eced3@mail.gmail.com> <49A42C60.6020003@webconquest.com> <7bd685720902240956j5f36171bs6834553c45672d39@mail.gmail.com> Message-ID: <7bd685720902241042m4b02efd7qf78fe26e0feda3bb@mail.gmail.com> > OK, I've got the patch to apply. ?I will now do some testing to see if > the patch breaks anything, and release a MaraDNS snapshot later on > today. Done. http://www.maradns.org/download/1.3/snap/200902 Testing would be appreciated (It passed the standard automated regression and -Wall is as quiet as a mouse in both CentOS 5.2 and Ubuntu 8.10 64-bit) :) - Sam