From stefan at afradi.name Sat May 1 08:34:26 2010 From: stefan at afradi.name (Stefan Afradi) Date: Sat, 01 May 2010 14:34:26 +0200 Subject: MaraDNS and tsocks Message-ID: <1272717266.3368.4.camel@laptop> I'm currently trying to find a solution DNS leaks when I am on public networks. If it is possible to run MaraDNS through tsocks on my local computer it probably will solve my problems. Does anyone know if it is possible to force MaraDNS into "TCP" only? Cheers, Stefan From strenholme.usenet at gmail.com Sat May 1 10:14:30 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 1 May 2010 09:14:30 -0500 Subject: MaraDNS and tsocks In-Reply-To: <1272717266.3368.4.camel@laptop> References: <1272717266.3368.4.camel@laptop> Message-ID: > I'm currently trying to find a solution DNS leaks when I am on public > networks. If it is possible to run MaraDNS through tsocks on my local > computer it probably will solve my problems. Does anyone know if it is > possible to force MaraDNS into "TCP" only? It?s not possible to do this without seriously hacking MaraDNS? source code. DNS is, first and foremost, a UDP protocol, and, as it turns out, packets over 512 bytes in size are so rare that it works fine without TCP at all. MaraDNS supports TCP, mainly to be RFC compliant, but can?t work without UDP (the recursive resolver, for example, doesn?t use TCP). Deadwood, the recursive resolver in development that MaraDNS 2.0 will use also doesn?t full support TCP; when someone sends a DNS-over-TCP packet, Deadwood converts it to a UDP packet to store upstream, only using TCP when a truncated packet is received (which is not cached). TCP is disabled by default in Deadwood (really, you don?t need it), and DNS-over-TCP packets aren?t cached in Deadwood. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From melinger at pert.com.ar Tue May 11 16:43:49 2010 From: melinger at pert.com.ar (Maria Elinger) Date: Tue, 11 May 2010 17:43:49 -0300 Subject: Question about high performance with MaraDNS Message-ID: <5FFA8029CC0B50439C3CF662FC3CE00AC0D1FA@neurus.pert.com.ar> Hi, We're evaluating the installation of a large DNS recursive platform that needs high performance, high availability, redundancy an security. The requirements is that it has to satisfy around 80K qps. We don?t have experience with MaraDNS but we?re interested in considering it between the options. Any of you can tell us any experience with heavy loaded recursive DNS platforms with MaraDNS?, is it suitable for this kind of load?, any recomendations is welcome. Thanks in advance for your advice. Mar?a Elinger Pert Consultores SRL From c.bray90 at yahoo.com Wed May 12 02:39:55 2010 From: c.bray90 at yahoo.com (Charles Bray) Date: Tue, 11 May 2010 23:39:55 -0700 (PDT) Subject: MaraDNS: Logging Message-ID: <76350.48885.qm@web114215.mail.gq1.yahoo.com> Hello, I am sure this must be a common question... please excuse I am a newbie sysadmin. We are using OpenDNS for filtering web content at our small office, but we need per-user (even just ip address) reporting. OpenDNS can not do this since we are behind a NAT. Can MaraDNS be used to sit between our users and the OpenDNS service, and simply spit out a nice log file of which local IP addresses requested what DNS names? Thank you, CB From remco at webconquest.com Wed May 12 02:49:22 2010 From: remco at webconquest.com (Remco Rijnders) Date: Wed, 12 May 2010 08:49:22 +0200 Subject: MaraDNS: Logging In-Reply-To: <76350.48885.qm@web114215.mail.gq1.yahoo.com> References: <76350.48885.qm@web114215.mail.gq1.yahoo.com> Message-ID: <4BEA4F72.3050808@webconquest.com> Charles Bray wrote: > I am sure this must be a common question... please excuse I am a newbie sysadmin. > > We are using OpenDNS for filtering web content at our small office, but we need per-user (even just ip address) reporting. OpenDNS can not do this since we are behind a NAT. > > Can MaraDNS be used to sit between our users and the OpenDNS service, and simply spit out a nice log file of which local IP addresses requested what DNS names? Hi Charles, Put the following in your mararc file: verbose_level = 3 This will log all queries received. You'll have to do some parsing of the logfile yourself to extract meaningful information, but it should return lines like: May 12 02:48:23 sevensisters maradns.etc_maradns_mararc: Query from: 194.30.0.1 Aaurora.webconquest.com. May 12 02:48:23 sevensisters maradns.etc_maradns_mararc: Log: Message received, processing May 12 02:48:29 sevensisters maradns.etc_maradns_mararc: Query from: 194.30.0.1 Uaurora.webconquest.com. May 12 02:48:29 sevensisters maradns.etc_maradns_mararc: Log: Message received, processing I hope this helps. Kind regards, Remco From dsevilla00 at hotmail.com Wed May 12 08:36:56 2010 From: dsevilla00 at hotmail.com (david sevilla) Date: Wed, 12 May 2010 06:36:56 -0600 Subject: MaraDNS: Logging In-Reply-To: <4BEA4F72.3050808@webconquest.com> References: <76350.48885.qm@web114215.mail.gq1.yahoo.com>, <4BEA4F72.3050808@webconquest.com> Message-ID: Charles,Do you really want to do that?I've taken wireshark traces when opening a simple website like yahoo.com and you would be surprised at the number of DNS queries (a lot of them for the advertising crap).So,1-You may be misled to think that your "users" are visiting a lot of websites2-it may be too much work for you if you want to do anything meaningful with the data This is all of course in my non-expert, honest opinion. > Date: Wed, 12 May 2010 08:49:22 +0200 > From: remco at webconquest.com > To: list at maradns.org > Subject: Re: MaraDNS: Logging > > Charles Bray wrote: > > I am sure this must be a common question... please excuse I am a newbie sysadmin. > > > > We are using OpenDNS for filtering web content at our small office, but we need per-user (even just ip address) reporting. OpenDNS can not do this since we are behind a NAT. > > > > Can MaraDNS be used to sit between our users and the OpenDNS service, and simply spit out a nice log file of which local IP addresses requested what DNS names? > > Hi Charles, > > Put the following in your mararc file: > > verbose_level = 3 > > This will log all queries received. You'll have to do some parsing of > the logfile yourself to extract meaningful information, but it should > return lines like: > > May 12 02:48:23 sevensisters maradns.etc_maradns_mararc: Query from: > 194.30.0.1 Aaurora.webconquest.com. > May 12 02:48:23 sevensisters maradns.etc_maradns_mararc: Log: Message > received, processing > May 12 02:48:29 sevensisters maradns.etc_maradns_mararc: Query from: > 194.30.0.1 Uaurora.webconquest.com. > May 12 02:48:29 sevensisters maradns.etc_maradns_mararc: Log: Message > received, processing > > I hope this helps. > > Kind regards, > > Remco > > > _________________________________________________________________ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 From TmBergMAIL at starka.st Wed May 12 10:39:14 2010 From: TmBergMAIL at starka.st (Thomas) Date: Wed, 12 May 2010 16:39:14 +0200 Subject: Hello! domainkeys and Maradns? Message-ID: <4BEABD92.8020702@starka.st> Is there anyone out there thats using domainkeys with Maradns, if so. How? Ive tried, but cant get it to play with Maradns. :( /Thomas -- http://mail.signature.starka.st/ From dsevilla00 at hotmail.com Wed May 12 10:44:27 2010 From: dsevilla00 at hotmail.com (david sevilla) Date: Wed, 12 May 2010 08:44:27 -0600 Subject: trying tor respond to help for NAPTR entries In-Reply-To: <4BEABD92.8020702@starka.st> References: <4BEABD92.8020702@starka.st> Message-ID: My responses somehow are getting bounced back, but here I'm trying again: Thanks Sam, unfortunately it didn't work ( I am using version maradns-1.4.03). Below are the errors ( I tried your suggested entries and some variants), there's some something in the syntax we are missing. As a reference, here's an example used in bind (fully functional) ;comment ; IN NAPTR order pref. flag service regexp replacement Myentry.org ( IN NAPTR 100 999 "a" "myservice1:myservice2:myservice3" "" myreplacement.com ) ERRORS FOR ENTRY example.net. NAPTR 1 2 'foo';'bar';'baz' example.com. ~ which I changed to -> example.net. NAPTR 1 2 'a';'myservice';'a' example.com. ~ Error: Invalid character between chunks; this might be caused by a TXT RR not terminated by a ~ character Error is on line 12 in file myzone.zone context of error: ';'myservice';'a' e (closing this file) Error: Problem getting rddata Error is on line 12 in file apn.epc.mnc098.mcc312.3gppnetwork.org.zone context of error: ';'myservice';'a' e (closing this file) ENTRY example.net. NAPTR 1 2 'a' 'myservice' 'a' example.com. ~ Error: Invalid character between chunks; this might be caused by a TXT RR not terminated by a ~ character Error is on line 14 in myzone.zone context of error: ' 'myservice' 'a' e (closing this file) Error: Problem getting rddata Error is on line 14 in file myzone.zone context of error: ' 'myservice' 'a' e (closing this file) ENTRY example.net. NAPTR 1 2 a;myservice; ; example.com. ~ Error: Invalid character between chunks; this might be caused by a TXT RR not terminated by a ~ character Error is on line 13 in file myzone.zone context of error: 1 2 a;myservice; ; (closing this file) Error: Problem getting rddata Error is on line 13 in file myzone.zone context of error: 1 2 a;myservice; ; (closing this file) ENTRY example.net. NAPTR 1 2 "a" "myservice" "" example.com. ~ Error: Unexpected character Error is on line 15 in file myzone.zone context of error: le.net. NAPTR 1 2 " (closing this file) Error: Problem getting rddata Error is on line 15 in file myzone.zone context of error: le.net. NAPTR 1 2 " (closing this file) ENTRY example.net. NAPTR 1 2 'a' 'myservice' '' example.com. ~ Error: Unexpected character Error is on line 15 in file myzone.zone context of error: le.net. NAPTR 1 2 " (closing this file) Error: Problem getting rddata Error is on line 15 in file myzone.zone context of error: le.net. NAPTR 1 2 " (closing this file) Any advice is appreciated! -David _________________________________________________________________ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1 From c.bray90 at yahoo.com Wed May 12 11:53:48 2010 From: c.bray90 at yahoo.com (Charles Bray) Date: Wed, 12 May 2010 08:53:48 -0700 (PDT) Subject: MaraDNS: Logging In-Reply-To: References: <76350.48885.qm@web114215.mail.gq1.yahoo.com>, <4BEA4F72.3050808@webconquest.com> Message-ID: <681972.72251.qm@web114201.mail.gq1.yahoo.com> > Charles,Do you really want to do that?I've taken wireshark traces when > opening a simple website like > href="http://yahoo.com">yahoo.com and you would be surprised at the number > of DNS queries (a lot of them for the advertising crap).So,1-You may be misled > to think that your "users" are visiting a lot of websites2-it may be too much > work for you if you want to do anything meaningful with the data This is all > of course in my non-expert, honest opinion. Sadly I do need to do this. From c.bray90 at yahoo.com Wed May 12 11:55:52 2010 From: c.bray90 at yahoo.com (Charles Bray) Date: Wed, 12 May 2010 08:55:52 -0700 (PDT) Subject: MaraDNS: Logging In-Reply-To: <4BEA4F72.3050808@webconquest.com> References: <76350.48885.qm@web114215.mail.gq1.yahoo.com> <4BEA4F72.3050808@webconquest.com> Message-ID: <946760.34532.qm@web114206.mail.gq1.yahoo.com> > Put the following in your > mararc file: > > verbose_level = 3 > > This will log all queries received. > You'll have to do some parsing of > the logfile yourself to extract meaningful > information, but it should > return lines like: Thank you, I will try this. How can I rotate these log files? -- CB From asimic at gmail.com Wed May 12 12:20:38 2010 From: asimic at gmail.com (Aleksandar Simic) Date: Wed, 12 May 2010 17:20:38 +0100 Subject: MaraDNS: Logging In-Reply-To: <946760.34532.qm@web114206.mail.gq1.yahoo.com> References: <76350.48885.qm@web114215.mail.gq1.yahoo.com> <4BEA4F72.3050808@webconquest.com> <946760.34532.qm@web114206.mail.gq1.yahoo.com> Message-ID: It depends on your OS, but something like logrotate should do the job ... On 12/05/2010, Charles Bray wrote: > > > >> Put the following in your >> mararc file: >> >> verbose_level = 3 >> >> This will log all queries received. >> You'll have to do some parsing of >> the logfile yourself to extract meaningful >> information, but it should >> return lines like: > > > > Thank you, I will try this. > > How can I rotate these log files? > > -- CB > > > > > From strenholme.usenet at gmail.com Wed May 12 12:22:28 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 12 May 2010 11:22:28 -0500 Subject: trying tor respond to help for NAPTR entries In-Reply-To: References: <4BEABD92.8020702@starka.st> Message-ID: > Error: Invalid character between chunks; this might be > caused by a TXT RR not terminated by a ~ character Error is on line 12 in file > myzone.zone context of error: ';'myservice';'a' e (closing this file) Thank you for noticing this; this is indeed a bug in the MaraDNS csv2 parser. Let me just post some of the blog entry I just posted: You know, it?s always a little embarrassing for me to have a bug in my code. A part of me wishes I was perfect and did not make mistakes, and has the notion it reflects poorly on me if a piece of code has a bug in it ? even though it plain simply is not humanly possible to make a program as complex as a DNS server without any bugs.[1] There was a bug in the code that parses NAPTR records that makes it impossible to parse NAPTR records unless the ~ is *not* used to separate records. The workaround is to not use the ~ to separate records in zone files with NAPTR records; the fix is available here (as well as attached to this email): http://www.maradns.org/download/patches/maradns-1.4.03-naptr_parsebug.patch http://www.maradns.org/download/1.4/snap/2010/maradns-Q.20100512.1.tar.bz2 [I also did an IPv6 change; RTFB at http://maradns.blogspot.com/ ] - Sam [1] If you?re an ignorant DJB fanboy who still thinks DjbDNS is perfectly secure and has no bugs, you?re wrong. Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From strenholme.usenet at gmail.com Wed May 12 12:23:14 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 12 May 2010 11:23:14 -0500 Subject: trying tor respond to help for NAPTR entries In-Reply-To: References: <4BEABD92.8020702@starka.st> Message-ID: And the patch, which I forgot to attach. From strenholme.usenet at gmail.com Wed May 12 13:25:19 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 12 May 2010 12:25:19 -0500 Subject: Question about high performance with MaraDNS In-Reply-To: <5FFA8029CC0B50439C3CF662FC3CE00AC0D1FA@neurus.pert.com.ar> References: <5FFA8029CC0B50439C3CF662FC3CE00AC0D1FA@neurus.pert.com.ar> Message-ID: >Any of you can tell us any experience with heavy loaded recursive DNS >platforms with MaraDNS? Is it suitable for this kind of load? >Any recommendations are welcome. Hola, Entiendo que ingl?s no es su primero idioma. De hecho, ya contest? esta pregunta aqu?: http://woodlane.webconquest.com/pipermail/list/2010-January/000502.html (English: I understand English is not your first language; in fact, I have already answered this question here. This is followed by the above URL. For people who don't like seeing exotic foreign languages on the mailing list, I allow it as long as an English translation is provided. I am of the opinion a well-educated person knows at least one foreign language) - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From melinger at pert.com.ar Wed May 12 13:52:43 2010 From: melinger at pert.com.ar (Maria Elinger) Date: Wed, 12 May 2010 14:52:43 -0300 Subject: Question about high performance with MaraDNS In-Reply-To: References: <5FFA8029CC0B50439C3CF662FC3CE00AC0D1FA@neurus.pert.com.ar> Message-ID: <5FFA8029CC0B50439C3CF662FC3CE00AC0D209@neurus.pert.com.ar> Hola, Gracias, thanks, for your answer. It?s true English is not my first language! In fact, I had seen your post about tunning. I sent my question wishing someone else would make a comment about the experience with MaraDNS in heavily loaded environments. We?re about to install a testing enviroment and we?ll let you know our results. Thanks, Mar?a -----Original Message----- From: list-bounces at maradns.org [mailto:list-bounces at maradns.org] On Behalf Of Sam Trenholme Sent: Wednesday, May 12, 2010 2:25 PM To: list at maradns.org Subject: Re: Question about high performance with MaraDNS >Any of you can tell us any experience with heavy loaded recursive DNS >platforms with MaraDNS? Is it suitable for this kind of load? >Any recommendations are welcome. Hola, Entiendo que ingl?s no es su primero idioma. De hecho, ya contest? esta pregunta aqu?: http://woodlane.webconquest.com/pipermail/list/2010-January/000502.html (English: I understand English is not your first language; in fact, I have already answered this question here. This is followed by the above URL. For people who don't like seeing exotic foreign languages on the mailing list, I allow it as long as an English translation is provided. I am of the opinion a well-educated person knows at least one foreign language) - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From strenholme.usenet at gmail.com Wed May 12 14:09:28 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 12 May 2010 13:09:28 -0500 Subject: Question about high performance with MaraDNS In-Reply-To: <5FFA8029CC0B50439C3CF662FC3CE00AC0D209@neurus.pert.com.ar> References: <5FFA8029CC0B50439C3CF662FC3CE00AC0D1FA@neurus.pert.com.ar> <5FFA8029CC0B50439C3CF662FC3CE00AC0D209@neurus.pert.com.ar> Message-ID: > We're about to install a testing environment and we'll let you know our results. I am looking forward to that. Be sure to also try MaraDNS 2.0 when (and if) it comes out. MaraDNS 2.0 is a complete rewrite of the recursive code; it will not use threads and should be less CPU-bound. My current MaraDNS 2.0 progress is this: If someone sat me down and paid me to work on MaraDNS full-time, I could probably get MaraDNS 2.0 out the door by June sometime. Since that?s not about to happen (the code is free ? it?s hard to find people willing to pay hard cash for something given away), I can't give a timeline. Hopefully it will be ready by the end of the summer; I did essentially all of the infrastructure needed for a fully recursive DNS server in 2009, got burnt out and took a break last September, and recently ended that break and am slowly making progress again. A lot depends on the day job I have; when I have a ?twiddle my thumbs until something breaks? day job, I make progress much more quickly than with a ?develop software as quickly as possible? day job. As an aside, right now I don?t have a day job; when I return to the US mid-June, I would like a good job. If anyone can provide me leads, I really appreciate it. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From dsevilla00 at hotmail.com Wed May 12 14:39:55 2010 From: dsevilla00 at hotmail.com (david sevilla) Date: Wed, 12 May 2010 12:39:55 -0600 Subject: trying tor respond to help for NAPTR entries In-Reply-To: References: <4BEABD92.8020702@starka.st>, , Message-ID: Thanks a lot Sam. I installed the latest snapshot and was able to get NAPTR queries to work. I added some entries in my zone file and tried with dig (below is the result). I noticed that there was no "additional records" section in the response (checked with wireshark). This bring another question to mind: Is there a way to turn ON/OFF additional records fields? In bind by default it always sends the answer in the "additional records" (I am still trying to figure out if that can be turned ON/OFF in bind) so I would also receive 10.10.10.10 as the answer for the replacement without explicitly querying (mypgw.example.com). By the way, maradns rocks! (Faster and easier to install than bind) -David ENTRIESexample.net. NAPTR 100 100 'a';'x-3gpp-pgw:x-s5-pmip:x-s5-gtp';'' mypgw.example.com. ~mypgw.example.com. 10.10.10.10 ~query TESTING$ dig @172.16.1.5 NAPTR example.net ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @172.16.1.5 NAPTR example.net; (1 server found);; global options: printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49516;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION:;example.net. IN NAPTR ;; ANSWER SECTION:example.net. 86400 IN NAPTR 100 100 "a" "x-3gpp-pgw:x-s5-pmip:x-s5-gtp" "" mypgw.example.com. ;; Query time: 0 msec;; SERVER: 172.16.1.5#53(172.16.1.5);; WHEN: Wed May 12 14:31:58 2010;; MSG SIZE rcvd: 97 YOUR ENTRY ALSO WORKED NICELY [dsevilla at it0400-rh dsevilla]$ dig @172.16.1.5 NAPTR www.example.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @172.16.1.5 NAPTR www.example.com; (1 server found);; global options: printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50243;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION:;www.example.com. IN NAPTR ;; ANSWER SECTION:www.example.com. 86400 IN NAPTR 100 100 "s" "http+I2R" "" _http._tcp.example.com. ;; Query time: 0 msec;; SERVER: 172.16.1.5#53(172.16.1.5);; WHEN: Wed May 12 14:23:45 2010;; MSG SIZE rcvd: 85 > Date: Wed, 12 May 2010 11:22:28 -0500 > Subject: Re: trying tor respond to help for NAPTR entries > From: strenholme.usenet at gmail.com > To: list at maradns.org > > > Error: Invalid character between chunks; this might be > > caused by a TXT RR not terminated by a ~ character Error is on line 12 in file > > myzone.zone context of error: ';'myservice';'a' e (closing this file) > > Thank you for noticing this; this is indeed a bug in the MaraDNS csv2 > parser. Let me just post some of the blog entry I just posted: > > You know, it?s always a little embarrassing for me to have a bug in my > code. A part of me wishes I was perfect and did not make mistakes, and > has the notion it reflects poorly on me if a piece of code has a bug > in it ? even though it plain simply is not humanly possible to make a > program as complex as a DNS server without any bugs.[1] > > There was a bug in the code that parses NAPTR records that makes it > impossible to parse NAPTR records unless the ~ is *not* used to > separate records. The workaround is to not use the ~ to separate > records in zone files with NAPTR records; the fix is available here > (as well as attached to this email): > > http://www.maradns.org/download/patches/maradns-1.4.03-naptr_parsebug.patch > http://www.maradns.org/download/1.4/snap/2010/maradns-Q.20100512.1.tar.bz2 > > [I also did an IPv6 change; RTFB at http://maradns.blogspot.com/ ] > > - Sam > > [1] If you?re an ignorant DJB fanboy who still thinks DjbDNS is > perfectly secure and has no bugs, you?re wrong. > > Note: I do not answer MaraDNS (including Deadwood) support requests > sent by private email without being compensated for my time. A MaraDNS > support request is any and all discussion you may wish to have about > MaraDNS in private email; if you want to email me to talk about > MaraDNS then, yes, that is a support request. I will discuss rates if > you want this kind of support. Thank you for your understanding. > > MaraDNS security vulnerability reports, however, will be dealt with > without charge and kept confidential. If you don't know what Bugtraq > is, then, no, your email is not a security report. It is not a > security report unless you've done due diligence to determine how the > security bug you think you found can reasonably be exploited. _________________________________________________________________ The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4 From remco at webconquest.com Thu May 13 02:01:33 2010 From: remco at webconquest.com (Remco Rijnders) Date: Thu, 13 May 2010 08:01:33 +0200 Subject: Hello! domainkeys and Maradns? In-Reply-To: <4BEABD92.8020702@starka.st> References: <4BEABD92.8020702@starka.st> Message-ID: <4BEB95BD.30904@webconquest.com> Op 12-05-10 16:39, Thomas schreef: > Is there anyone out there thats using domainkeys with Maradns, if so. How? > > Ive tried, but cant get it to play with Maradns. :( > > /Thomas Hi Thomas, I never used domainkeys myself yet, till just now, but I had no problem at all getting it to work with maradns. Your problem might be somewhere else in your domainkeys setup or configuration. All you need to do for maradns is to add the DNS record to your zonefile (on a single line): optional_selector._domainkey.% TXT 'k=rsa; t=y; p=YOURBASE64PUBLICKEYGOESHERE' For my mailserver, it is (in Mara's fetchzone format): sevensisters._domainkey.webconquest.com. +86400 txt 'k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCugkD2shiBQAIHhFo6rkVbWH8EmMDE1+Lwch459pNDQT3iO8GA3y4IGbpuSKFyrs9YtPz/3Vw+4RfYzc6JFbzfRK44FW0ZjvHAilp2jKKTPBIVBQYjRBSyRX3kxhYINZ15Gp51P6TcQ/YI7sKJ1hKQ9XGxDJCDERgqYxsZD1EhzQIDAQAB' You can use http://www.sendmail.org/dkim/checker to see if your record is correctly in DNS. Hope this helps. Kind regards, Remco From strenholme.usenet at gmail.com Thu May 13 18:36:48 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 13 May 2010 17:36:48 -0500 Subject: Fwd: maradns cp In-Reply-To: <443193.33242.qm@web28406.mail.ukl.yahoo.com> References: <20100513214306.CB6FE738428@woodlane.webconquest.com> <443193.33242.qm@web28406.mail.ukl.yahoo.com> Message-ID: No, I was not kidding when I said on my webpage that there is no unpaid MaraDNS email support, and yes I am forwarding your email to the MaraDNS mailing list, as I warned you I would do if you were unwilling to pay me for private MaraDNS support. List: Maybe someone there can give this gentleman a little clue. - Sam ---------- Forwarded message ---------- From: Eleos Fever Date: 2010/5/13 Subject: Re: maradns cp To: sam-s5d6kph at samiam.org are you fucking kidding me? --- ???? *???., 13/05/10, ?/? sam-s5d6kph at samiam.org * ??????: ???: sam-s5d6kph at samiam.org ????: Re: maradns cp ????: eleosfever at yahoo.gr ??????????: ??????, 13 ????? 2010, 21:43 Thank you for your interest in MaraDNS. IMPORTANT: If you reply to this email, I may forward your reply to the MaraDNS mailing list so the greater community may assist you with your concern. See below for details. Your donations and contributions make MaraDNS development possible. Are you interested in hiring me or paying me? I am looking for a job in the United States (ideally in California or a tele-commuting job) with a living wage to support myself and my girlfriend. My resume is here: http://www.samiam.org/resume/ If you have a job, please let you hiring manager know that I would be interested in working for your company. Please email me information about contacting your hiring manager, and about jobs your company offers. If you can not get me a job, I can use donations to help motivate me to develop MaraDNS. The email account to send PayPal payments to is abiword_bugs at yahoo.com (the same one used for donations on the MaraDNS web page). Note that I do not read email sent to the Yahoo account; this email address is only for sending PayPal payments. Remember that I am not paid for the majority of my MaraDNS development and that MaraDNS is open-source software that can be freely downloaded and used free of charge. MaraDNS development can not continue if I have to spend my time handling support email privately instead of developing MaraDNS. The best way you can help MaraDNS become a better DNS server is by giving me gainful employment in the US with a living wage. If this is not possible, I would appreciate a money donation. If you have a bug report, feature request, support request, or any other reason to talk about MaraDNS, feel free to bring it up on the MaraDNS list. To join the mailing list, send an email to list-request at maradns.orgwith the word "subscribe" in the subject and body of the message. Once you are subscribed to the list, send an email to list at maradns.orgwith your concern. If you wish to get private email support, you will need to pay me. Support means any discussion about MaraDNS whatsoever in private email. My rate for answer your email privately is $50 (US funds). If you reply to this message and do not make it clear you have donated $50 to my PayPal account, I may forward your reply to the MaraDNS mailing list. Note that this payment only gives you an answer to your email; should additional work be needed to resolve your concern, I may request more money before handling your issue. All of this also applies to Deadwood, which is a MaraDNS sub-project. Again, thank you for your interest in MaraDNS. - Sam You wrote: > --0-664263458-1273760899=:65770 > Content-Type: text/plain; charset=utf-8 > Content-Transfer-Encoding: quoted-printable > > hello, is there any maradns control panel available?=0A=0A > --0-664263458-1273760899=:65770 > Content-Type: text/html; charset=utf-8 > Content-Transfer-Encoding: quoted-printable > >
top" style=3D"font: inherit;">hello, is there any maradns control panel ava= > ilable?

> --0-664263458-1273760899=:65770-- From eleosfever at yahoo.gr Thu May 13 19:10:58 2010 From: eleosfever at yahoo.gr (Eleos Fever) Date: Thu, 13 May 2010 23:10:58 +0000 (GMT) Subject: cp Message-ID: <988657.39561.qm@web28409.mail.ukl.yahoo.com> hello, is there any control panel available for maradns? From jparrish at layerxtech.com Fri May 14 03:44:48 2010 From: jparrish at layerxtech.com (Joey Parrish) Date: Fri, 14 May 2010 09:44:48 +0200 Subject: cp In-Reply-To: <988657.39561.qm@web28409.mail.ukl.yahoo.com> References: <988657.39561.qm@web28409.mail.ukl.yahoo.com> Message-ID: On May 14, 2010, at 01:10 , Eleos Fever wrote: > hello, is there any control panel available for maradns? Maradns is configured using text files as documented on the website. If you want a control panel interface, that would probably be third-party software available elsewhere. If I'm mistaken, someone please correct me. --Joey From eleosfever at yahoo.gr Fri May 14 04:18:12 2010 From: eleosfever at yahoo.gr (Eleos Fever) Date: Fri, 14 May 2010 08:18:12 +0000 (GMT) Subject: cp In-Reply-To: Message-ID: <268444.17626.qm@web28408.mail.ukl.yahoo.com> you are correct.do anyone know a 3rd party control panel? or can anyone write one? From jparrish at layerxtech.com Fri May 14 04:22:59 2010 From: jparrish at layerxtech.com (Joey Parrish) Date: Fri, 14 May 2010 10:22:59 +0200 Subject: cp In-Reply-To: <268444.17626.qm@web28408.mail.ukl.yahoo.com> References: <268444.17626.qm@web28408.mail.ukl.yahoo.com> Message-ID: <4B014B6E-E054-4461-8899-0EFE338462A7@layerxtech.com> On May 14, 2010, at 10:18 , Eleos Fever wrote: > you are correct.do anyone know a 3rd party control panel? or can anyone write one? Google doesn't turn one up. I would guess that since bind has the majority market share, that's what cp's will be written for. I'm sure one could be written, but I haven't got the time. --Joey From strenholme.usenet at gmail.com Fri May 14 09:48:46 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 14 May 2010 08:48:46 -0500 Subject: trying tor respond to help for NAPTR entries In-Reply-To: References: <4BEABD92.8020702@starka.st> Message-ID: David asked us: >> I added some entries in my zone file and tried with dig (below is the result). I noticed that there was no "additional records" section in the response (checked with wireshark). This bring another question to mind: Is there a way to turn ON/OFF additional records fields? << In MaraDNS, a DNS reply has an authority and additional section with NS records and their IPs only when the record is in its own zone. In other words, if you have a record that ends in ?example.com?, for it to have NS and AR records, it has to be in the zone for example com. For example, if we have this in a mararc file: csv2["example.org."] = "db.example.com" and this for db.example.com: www.example.com. A 10.2.3.4 We won?t get NS and AR records. However, if we keep db.example.com the same and have this in our mararc file: csv2["example.com."] = "db.example.com" We will get NS and AR records. As an aside, the only time MaraDNS and Deadwood actually NS and AR records is when a DNS query doesn?t answer our question. When this happens, MaraDNS and Deadwood convert the DNS NS referral in to a list of IPs for all of the records in the NS section with corresponding IPs in the AR section, and a list of glueless NS referrals for records without IP glue in the AR section. It?s actually best for a recursive DNS server to use the NS and AR section as little as possible; it helps protect the server against attacks like the Kaminsky DNS attack. Indeed, MaraDNS has been acting this way since 2001, long before Kaminsky came on to the scene. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From strenholme.usenet at gmail.com Fri May 14 10:16:06 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 14 May 2010 09:16:06 -0500 Subject: cp In-Reply-To: <4B014B6E-E054-4461-8899-0EFE338462A7@layerxtech.com> References: <268444.17626.qm@web28408.mail.ukl.yahoo.com> <4B014B6E-E054-4461-8899-0EFE338462A7@layerxtech.com> Message-ID: >> Google doesn't turn one up. ?I would guess that since bind has the majority market share, that's what cp's will be written for. << To add to what Joey said, MaraDNS is an open source piece of software. This means that, if you want something implemented for MaraDNS, there are two options: * You can pay someone to implement it. * You can implement it yourself. No, it doesn?t matter if you?re not a C programmer; Dennis Ritchie wasn?t a C programmer either when he started implementing the C language. Indeed, MaraDNS has, for example, improved IPv6 support because Jean-Jacques Sarton wanted to see MaraDNS have this and submitted patches to make it so. One thing I observe is that a lot of people not familiar with open source software and its culture start using open source software as if it was just like commercial software, but free. They, for example, think support channels for open source software are just like the support channels for proprietary software. They think the only way bugs get fixed or features are added is by bugging the vendor. And so on. Open source doesn?t work like that. Open source software belongs to the community as a whole; while the software can be freely downloaded and used, if you want something to happen with the software that doesn?t coincide with my ?itch?, you are on you own and will have to do it yourself. Open source software has a lot of benefits, but using it entails more responsibility than one has with proprietary software. It is considered rude to just barge in to an open-source project and demand free support like as though you just bought some program down at the local Fry?s and are calling the support number on the box. OK, I?m done with my rant and we return you to our regularly scheduled programming. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From info at rickvanderzwet.nl Sat May 15 10:52:49 2010 From: info at rickvanderzwet.nl (Rick van der Zwet) Date: Sat, 15 May 2010 16:52:49 +0200 Subject: maradns cp In-Reply-To: References: <20100513214306.CB6FE738428@woodlane.webconquest.com> <443193.33242.qm@web28406.mail.ukl.yahoo.com> Message-ID: 2010/5/14 Sam Trenholme : [snip: make it look pretty] > You wrote: >> hello, is there any maradns control panel available? > List: Maybe someone there can give this gentleman a little clue. There is not webbased control panel for maraDNS AFAIK. Unless you define the CLI to be a control panel as well :-). If you elaborate a bit more on your actual meaning of 'control panel', that will make answering the question better more easy. Best regards, /Rick -- http://rickvanderzwet.nl From c.klossek at apo-discounter.de Tue May 18 06:11:15 2010 From: c.klossek at apo-discounter.de (Christian Klossek) Date: Tue, 18 May 2010 12:11:15 +0200 Subject: Could not drop root uid Message-ID: <4BF267C3.4040901@apo-discounter.de> Hi, I'm using maradns 1.3.07.09 on a mail-server with Debian Lenny. My mararc looks like this: -------------------------------------- ipv4_bind_addresses = "127.0.0.1" chroot_dir = "/etc/maradns" recursive_acl = "127.0.0.1" maximum_cache_elements = 70000 -------------------------------------- Sometimes, when there are a lot of incoming/outgoing mails, maradns is not responding anymore. When I close it and try to start it manually I get the following error-message: Fatal error: Could not drop root uid After that maradns is closed. What can I do? If you need more information about the system, don't hesitate to ask. Best regards Christian Klossek From strenholme.usenet at gmail.com Tue May 18 12:17:31 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 18 May 2010 11:17:31 -0500 Subject: Could not drop root uid In-Reply-To: <4BF267C3.4040901@apo-discounter.de> References: <4BF267C3.4040901@apo-discounter.de> Message-ID: > Fatal error: Could not drop root uid This error will occur on line 4521 of MaraDNS.c when the setuid() system call fails, probably due to high load. I suggest, when this happens, waiting about five minutes before restarting MaraDNS. I also suggest setting maxprocs to a lower value than its default of 64; such as adding this line to your mararc: maxprocs = 32 I hate passing the buck, but you may wish to report this bug either on the appropriate Linux kernel mailing list or as a Debian bug; setuid() *should* always work. - Sam (One of these days, I may add code to let people see the system reported error when setuid() fails) Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From strenholme.usenet at gmail.com Tue May 18 12:22:52 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 18 May 2010 11:22:52 -0500 Subject: Could not drop root uid In-Reply-To: <4BF267C3.4040901@apo-discounter.de> References: <4BF267C3.4040901@apo-discounter.de> Message-ID: > Fatal error: Could not drop root uid > > After that maradns is closed. Are you sure you don?t get a second line explaining *why* setuid() failed? The relevant code called is this: if(setuid(uid) != 0) sys_harderror(L_NODROP); /* "Could not drop root uid" */ And sys_harderror does this: void sys_harderror(char *why) { printf("%s%s%s",L_FATAL,why,L_N); /* "Fatal Error: ", why, "\n" */ printf("%s: %s%s",L_SYSERROR,strerror(errno),L_N); /* This outputs to stderr, which duende can not catch (I gave up trying to catch stderr messages after trying for two days) */ /*perror(L_SYSERROR);*/ /* "System said: " */ /* Unbuffered output */ fflush(stdout); exit(3); } So I?m really surprised you?re not seeing a second line with a colon (:) in it. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From c.klossek at apo-discounter.de Tue May 18 14:24:35 2010 From: c.klossek at apo-discounter.de (Christian Klossek) Date: Tue, 18 May 2010 20:24:35 +0200 Subject: Could not drop root uid In-Reply-To: References: <4BF267C3.4040901@apo-discounter.de> Message-ID: <4BF2DB63.5080107@apo-discounter.de> Yes, sorry. I get maradns.etc_maradns_mararc: Log: Root directory changed maradns.etc_maradns_mararc: Log: Binding to address 127.0.0.1 maradns.etc_maradns_mararc: Log: Socket opened on UDP port 53 maradns.etc_maradns_mararc: Fatal error: Could not drop root uid maradns.etc_maradns_mararc: System said: Resource temporarily unavailable Christian Sam Trenholme wrote: >> Fatal error: Could not drop root uid >> >> After that maradns is closed. > > Are you sure you don?t get a second line explaining *why* setuid() failed? > > The relevant code called is this: > > if(setuid(uid) != 0) > sys_harderror(L_NODROP); /* "Could not drop root uid" */ > From maxime at ritter.eu.org Tue May 18 16:30:49 2010 From: maxime at ritter.eu.org (Maxime Ritter) Date: Tue, 18 May 2010 23:30:49 +0300 Subject: Maradns forgets TXT records with asked for ANY ? Message-ID: Hello, I tried to query a DNSBL by hand, using this command : root /etc # dig @127.0.0.1 any 80.180.132.210.list.quorum.to. Which gives me this answer : ; <<>> DiG 9.5.1-P3 <<>> @127.0.0.1 any 80.180.132.210.list.quorum.to. ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27185 ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;80.180.132.210.list.quorum.to. IN ANY ;; ANSWER SECTION: 80.180.132.210.list.quorum.to. 299 IN A 127.0.0.0 ;; Query time: 1657 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue May 18 22:12:00 2010 ;; MSG SIZE rcvd: 63 But in fact, what I really was expecting, was the TXT record. Which exists, I even see it when I do : dig @127.0.0.1 TXT 80.180.132.210.list.quorum.to. [...] ;; QUESTION SECTION: ;80.180.132.210.list.quorum.to. IN TXT ;; ANSWER SECTION: 80.180.132.210.list.quorum.to. 300 IN TXT "http://www.quorum.to/q/fCseJEO8Z1oPbPA5wFR4ddKEtFBbedCmS_L34gAAAAA=" [...] If I try another non-maradns server, it's perfectly working : dig @213.186.33.99 any 80.180.132.210.list.quorum.to. ; <<>> DiG 9.5.1-P3 <<>> @213.186.33.99 any 80.180.132.210.list.quorum.to. ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59606 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;80.180.132.210.list.quorum.to. IN ANY ;; ANSWER SECTION: 80.180.132.210.list.quorum.to. 0 IN TXT "http://www.quorum.to/q/Is3bDrX8366shjfxIJp-vNKEtFBbedD6S_L4HQAAAAA=" 80.180.132.210.list.quorum.to. 0 IN A 127.0.0.0 ;; AUTHORITY SECTION: list.quorum.to. 257550 IN NS listns1.quorum.to. ;; Query time: 166 msec ;; SERVER: 213.186.33.99#53(213.186.33.99) ;; WHEN: Tue May 18 22:25:57 2010 ;; MSG SIZE rcvd: 165 Is this a maradns bug ? I'm not a DNS expert, but it looks so for me. Maxime. From strenholme.usenet at gmail.com Tue May 18 16:42:10 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 18 May 2010 15:42:10 -0500 Subject: Could not drop root uid In-Reply-To: <4BF2DB63.5080107@apo-discounter.de> References: <4BF267C3.4040901@apo-discounter.de> <4BF2DB63.5080107@apo-discounter.de> Message-ID: > maradns.etc_maradns_mararc: Fatal error: Could not drop root uid > maradns.etc_maradns_mararc: System said: Resource temporarily unavailable You know, as I said before, I hate passing the buck. However, this definitely looks like a kernel issue. Let me explain MaraDNS 1.0?s design in more detail: MaraDNS 1.0 uses a threaded model. Every time there is a recursive request for a DNS entry not in MaraDNS? cache, MaraDNS spawns a thread to process the request. This works fairly well on Microsoft Windows and other platforms with lightweight threads; it doesn?t work so well on *NIX variants, especially with older computers. When I decided to use a threaded model for MaraDNS, I did so for the very practical reason that it?s a lot easier to make a recursive DNS server with threads than with a select()/state machine model. The design was to be a ?rough draft?; I always intended to rewrite the recursive core. Well, the recursive core was finished by 2001; it was debugged and released in June of 2002. Then, life happened. I went back to college, got a degree, went to Mexico, starting looking for work down there and dating girls...etc. Work didn?t begin on the second generation recursive resolver of MaraDNS until 2007. By the end of 2007, I had finished the code for a non-recursive DNS cache. In 2008, I went back to dating girls and found the girl who is today my wife. In 2009, I had some time to work on the rewrite of the recursive code and made a lot of progress that year (DNS-over-TCP, DNS compression, DNS RR processing, etc.). I got burnt out around September of 2009 and stopped work on the next-generation recursive code until early 2010. Right now, the next-generation thread-free recursive code is about 90% complete. I hope to have something complete and ready for general testing by late June, but since I am not paying the bills with this project, no guarantees. Once I have something ready for testing, I will let people on the list know. In the meantime, people can get the latest updates on the second-generation recursive code here: http://www.maradns.org/deadwood/CHANGELOG http://maradns.blogspot.com/search/label/Deadwood - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From strenholme.usenet at gmail.com Tue May 18 16:44:02 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 18 May 2010 15:44:02 -0500 Subject: Maradns forgets TXT records with asked for ANY ? In-Reply-To: References: Message-ID: > But in fact, what I really was expecting, was the TXT record. Which exists, > I even see it when I do : > Is this [not seeing a TXT record] a maradns bug ? I'm not a DNS expert, but it looks so for me. Which version of MaraDNS are you using? - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From maxime at ritter.eu.org Tue May 18 16:52:48 2010 From: maxime at ritter.eu.org (Maxime Ritter) Date: Tue, 18 May 2010 23:52:48 +0300 Subject: Maradns forgets TXT records with asked for ANY ? In-Reply-To: References: Message-ID: Le 18/05/2010 23:44, Sam Trenholme a ?crit : >> But in fact, what I really was expecting, was the TXT record. Which exists, >> I even see it when I do : > >> Is this [not seeing a TXT record] a maradns bug ? I'm not a DNS expert, but it looks so for me. > > Which version of MaraDNS are you using? I use the package provided by my distribution (Debian Etch AMD64) ; maradns version 1.3.07.09. (package is latest available ; 1.3.07.09-2). Maxime. From strenholme.usenet at gmail.com Tue May 18 17:49:08 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 18 May 2010 16:49:08 -0500 Subject: Maradns forgets TXT records with asked for ANY ? In-Reply-To: References: Message-ID: >>> Is this [not seeing a TXT record] a maradns bug ? I'm not a DNS expert, >>> but it looks so for me. >> >> Which version of MaraDNS are you using? > > I use the package provided by my distribution (Debian Etch AMD64) ; maradns > version 1.3.07.09. (package is latest available ; 1.3.07.09-2). Works for me. In window 1, I did the following as root: ? # ./server/maradns --version This is MaraDNS version 1.3.07.09 Compiled on a Linux system at mar may 18 16:40:45 CDT 2010 For usage information, 'man maradns' ? # ./server/maradns THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. To not display this message, add the follwing to your mararc file: hide_disclaimer = "YES" Log: Root directory changed Log: Binding to address 127.0.0.4 Log: Socket opened on UDP port 53 Log: Root privileges dropped Processing zone example.com. right now. Filename: db.simple MaraDNS proudly serves you 8 DNS records MaraDNS maximum memory allocation set to 2633728 bytes Log: All RRs have been loaded And, in window two: ? $ cat /etc/mararc csv2 = {} csv2["example.com."] = "db.simple" ipv4_bind_addresses = "127.0.0.4" chroot_dir = "/etc/maradns" 16:44:21 deadwood $ cat /etc/maradns/db.simple example.com. +1 SOA z.% y@% 1 1 1 1 1 ~ example.com. +3600 NS ns1.example.net. ~ example.com. +3600 NS ns2.example.net. ~ example.com. +3600 NS ns3.example.net. ~ example.com. +3600 MX 10 mail.example.net. ~ example.com. +3600 MX 20 mail2.example.net. ~ example.com. TXT 'dns.' ~ example.com. TXT 'hello';'world' ~ ? $ dig @127.0.0.4 example.com ANY ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @127.0.0.4 example.com ANY ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27124 ;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.com. IN ANY ;; ANSWER SECTION: example.com. 3600 IN NS ns1.example.net. example.com. 3600 IN NS ns3.example.net. example.com. 3600 IN NS ns2.example.net. example.com. 60 IN SOA z.example.com. y.example.com. 1 1 1 1 1 example.com. 3600 IN MX 10 mail.example.net. example.com. 3600 IN MX 20 mail2.example.net. example.com. 86400 IN TXT "dns." example.com. 86400 IN TXT "hello" "world" ;; Query time: 48 msec ;; SERVER: 127.0.0.4#53(127.0.0.4) ;; WHEN: Tue May 18 16:44:38 2010 ;; MSG SIZE rcvd: 218 To make this more readable, lines where I entered commands at the shell prompt are marked with ? at the beginning of the line. So, if you want to see this fixed: Come up with the simplest mararc + zone file combination that reproduces the problem. Once you do this, post the mararc and zone file to the list, ideally not as an attachment. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From maxime at ritter.eu.org Tue May 18 18:57:01 2010 From: maxime at ritter.eu.org (Maxime Ritter) Date: Wed, 19 May 2010 01:57:01 +0300 Subject: Maradns forgets TXT records with asked for ANY ? In-Reply-To: References: Message-ID: Le 19/05/2010 00:49, Sam Trenholme a ?crit : >>>> Is this [not seeing a TXT record] a maradns bug ? I'm not a DNS expert, >>>> but it looks so for me. >>> >>> Which version of MaraDNS are you using? >> >> I use the package provided by my distribution (Debian Etch AMD64) ; maradns >> version 1.3.07.09. (package is latest available ; 1.3.07.09-2). > > Works for me. In window 1, I did the following as root: There must be some misunderstanding, I was using maradns as a recursive solver, not on my own zone. I tried on my own zones, and it was correctly working :) Then I played a bit, and found that sometimes djbns and bind recursive servers also lost some records with an ANY lookup... And here is why : http://bit.ly/bo6vUq > Actually, a T_ANY lookup isn't guaranteed to return the TXT records, > unless you're querying the authoritative name server directly. On another > name server, T_ANY will only return whatever the server already knows > about the domain name. Ok, so it wasn't bug, I just learned something new about the DNS protocol. Maxime. From strenholme.usenet at gmail.com Tue May 18 19:15:56 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 18 May 2010 18:15:56 -0500 Subject: Maradns forgets TXT records with asked for ANY ? In-Reply-To: References: Message-ID: > There must be some misunderstanding, I was using maradns as a recursive > solver, not on my own zone. I tried on my own zones, and it was correctly > working :) You know, I have a FAQ about bugs with the recursive resolver: http://www.maradns.org/faq.html#resolve For people who can?t click on the above link (maybe there is some poor soul still using UUCP to access the Internet), I don?t fix bugs with MaraDNS 1?s recursive resolver unless the bug is critical (In particular: Alexa 500 site does not resolve), has security implications, or I am paid to fix the bug. This is because I?m about 90% done with a from-the-ground-up rewrite of the recursive code; I *hope* to have something people can test by the end of June. For people willing to pay me to fix MaraDNS 1 non-critical recursive bugs, we can discuss rates in private mail. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From test24 at mail.ru Thu May 20 08:45:21 2010 From: test24 at mail.ru (test24) Date: Thu, 20 May 2010 16:45:21 +0400 Subject: Query from 127.0.0.1has decompression error Message-ID: Hello. The last MaraDNS 56 832 askmara.exe 146 432 maradns.exe 60 273 pthreadGC2.dll 29 run_maradns.bat 16 secret.txt 2 892 mararc Log in WinXP D:\DNS\MaraDNS>MaraDNS -f mararc Adding root nameserver 1.0.0.1 for zone . Adding \000\000\374 to cache at 003EFA30 (ipv4pair) Log: Binding to address 127.0.0.1 Log: Socket opened on UDP port 53 WARNING: Your system does not allow setting memory allocation limits! Log: All R Rs have been loaded Log: Awaiting data on port 53 Log: Message received, processing Query from 127.0.0.1has decompression error: \233\177\001\000\000\001\000\000\00 0\000\000\000 Log: Message received, processing Query from 127.0.0.1has decompression error: \030t\001\000\000\001\000\000\000\0 00\000\000 The 1.0.0.1 is my cascaded root server in local network D:\DNS\MaraDNS>askmara.exe -v Agoogle.com Querying the server with the IP 127.0.0.1 Hard Error: Invalid form of domain query. Don't forget the trailing dot! D:\DNS\MaraDNS>askmara.exe -v google.com Querying the server with the IP 127.0.0.1 Hard Error: Timeout The mararc file: # Win32-specific MaraRC file; this makes a basic recursive DNS server. hide_disclaimer = "YES" ipv4_bind_addresses = "127.0.0.1" recursive_acl = "127.0.0.1/8" upstream_servers = {} # Local network NS servers upstream_servers["."] = "1.0.0.1" random_seed_file = "secret.txt" maximum_cache_elements = 1024 timestamp_type = 5 max_glueless_level = 10 max_queries_total = 32 timeout_seconds = 10 verbose_level = 4 verbose_query = 1 May it is an old maradns-1.0.08 bug or tell me where i do not understand mararc config file Thenk you / From remco at webconquest.com Thu May 20 14:38:30 2010 From: remco at webconquest.com (Remco Rijnders) Date: Thu, 20 May 2010 20:38:30 +0200 Subject: Query from 127.0.0.1has decompression error In-Reply-To: References: Message-ID: <4BF581A6.6020906@webconquest.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > D:\DNS\MaraDNS>askmara.exe -v Agoogle.com > Querying the server with the IP 127.0.0.1 > Hard Error: Invalid form of domain query. Don't forget the trailing dot! Hi, Assuming that askmara works the same on windows as it does on linux, try the above command again with a dot appended at the end. That is: D:\DNS\MaraDNS>askmara.exe -v Agoogle.com. On my linux box I get the same error as you do without the . at the end, but with the . at the end askmara returns: Querying the server with the IP 127.0.0.1 Server reply: Query id: 58620 Query type: 1 Opcode: 0 Authoritative: 0 Truncated: 0 Recurs desired: 1 Recurs available: 1 Z data: 0 Result code: 0 Num Questions: 1 Num Answers: 4 Number NS records: 0 Number additional records: 0 Question name: Agoogle.com. Question type: 1 Question class: 1 AN replies: Record name: Agoogle.com. Record type: 1 Record class: 1 Record TTL: 93 Record length: 4 IP: 72.14.204.104 Record name: Agoogle.com. Record type: 1 Record class: 1 Record TTL: 93 Record length: 4 IP: 72.14.204.147 Record name: Agoogle.com. Record type: 1 Record class: 1 Record TTL: 93 Record length: 4 IP: 72.14.204.103 Record name: Agoogle.com. Record type: 1 Record class: 1 Record TTL: 93 Record length: 4 IP: 72.14.204.99 NS replies: AR replies: - --- I hope this is of some help to you. Sincerely, Remco -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv1gaYACgkQP0wYCuTizavOlgCgga+hZ/TebSZ8R2Pyf0SqjfJA PFEAniLvsIwYGncqPF/F8DamKcoXUqS4 =EIdn -----END PGP SIGNATURE----- From strenholme.usenet at gmail.com Thu May 20 16:15:15 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 20 May 2010 15:15:15 -0500 Subject: Query from 127.0.0.1has decompression error In-Reply-To: References: Message-ID: > Query from 127.0.0.1has decompression error: \233\177\001\000\000\001\000\000\00 > 0\000\000\000 \233\177: ID \001\000: DNS flags \000\001: One question \000\000\000\000\000\000: No answers If this is the entire packet, of course it has a compression error; the header says there is a single question, but there isn't. > D:\DNS\MaraDNS>askmara.exe -v Agoogle.com > Querying the server with the IP 127.0.0.1 > Hard Error: Invalid form of domain query. Don't forget the trailing dot! Don't forget the trailing dot. :) OK, translate.google.com translates that in to "?? ???????? ????????? ?????" -- I have no idea whether that is readable Russian. As Remco says: askmara.exe -v Agoogle.com. Note the dot at the end -- the trailing dot. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From test24 at mail.ru Thu May 20 16:56:33 2010 From: test24 at mail.ru (test24) Date: Fri, 21 May 2010 00:56:33 +0400 Subject: =?koi8-r?Q?Memory_or_disk_cache=3F_Web_/_GUI_=3F?= Message-ID: Does MaraDNS have memory cache only or disk too? Any GUI (link needed), Web interface, statistics software or handprint and verbose output only? Thank you/ From test24 at mail.ru Thu May 20 17:00:16 2010 From: test24 at mail.ru (test24) Date: Fri, 21 May 2010 01:00:16 +0400 Subject: =?koi8-r?Q?Max._Cache_size_limit=3F?= Message-ID: What is the MaraDNS Cache size limit and how it setup in config file? Thank you/ From strenholme.usenet at gmail.com Thu May 20 17:09:17 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 20 May 2010 16:09:17 -0500 Subject: Max. Cache size limit? In-Reply-To: References: Message-ID: > What is the MaraDNS Cache size limit and how it setup in config file? Seriously, RTFM: http://www.maradns.org/notes.html There is a search box at the bottom of this page you can use to look up information like this. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From strenholme.usenet at gmail.com Thu May 20 17:11:20 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 20 May 2010 16:11:20 -0500 Subject: Memory or disk cache? Web / GUI ? In-Reply-To: References: Message-ID: > Does MaraDNS have memory cache only or disk too? Deadwood has a disk cache; MaraDNS only has a memory cache. > Any GUI (link needed), Web interface, statistics software or handprint and verbose output only? MaraDNS is a text-only application. Sorry; no one is paying me to make a GUI for it. Speaking of which, I really should make a MaraDNS 3.0 with a GUI, and sell it for $500 a copy or some such. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From spamcatch-maradns.org at messageme.de Fri May 21 09:47:40 2010 From: spamcatch-maradns.org at messageme.de (=?UTF-8?B?U2ViYXN0aWFuIE3DvGxsZXI=?=) Date: Fri, 21 May 2010 15:47:40 +0200 Subject: Some kind of PCRE Message-ID: <4BF68EFC.3080506@messageme.de> Hi, currently got a few(~90) domains, which I could size-down, so I asked myself if it wouldn't be a nice feature for upcoming maradns 2, to be able to use small kinds of regular expressions. *.(a|b).domain.com A 127.0.0.1 ~ (a|b).(c|d).domain.com A 127.0.0.2 ~ (c|d|.(c|d).domain.com A 127.0.0.3 ~ a*.domain.com A 127.0.0.4 ~ Anyone knows if something like that would be against RFC(or something alike)? Cheers, Sebastian From strenholme.usenet at gmail.com Fri May 21 14:05:02 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 21 May 2010 13:05:02 -0500 Subject: Some kind of PCRE In-Reply-To: <4BF68EFC.3080506@messageme.de> References: <4BF68EFC.3080506@messageme.de> Message-ID: > currently got a few(~90) domains, which I could size-down, so I asked > myself if it wouldn't be a nice feature for upcoming maradns 2, to be > able to use small kinds of regular expressions. I will spare everyone a repeat of the ?how much would you pay me to implement that? lecture. > Anyone knows if something like that would be against RFC(or something > alike)? It?s not against the RFCs, but it is against the goal of making a high-performance DNS server. I will leave it as an exercise for the reader to determine how using regular expressions in DNS nodes would affect the Landau notation of name resolution with a DNS server. To correctly solve this problem, knowledge of hash functions and how they are utilized by MaraDNS will be essential. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. From jparrish at layerxtech.com Fri May 21 14:55:16 2010 From: jparrish at layerxtech.com (Joey Parrish) Date: Fri, 21 May 2010 20:55:16 +0200 Subject: Some kind of PCRE In-Reply-To: References: <4BF68EFC.3080506@messageme.de> Message-ID: <570FC5B9-C324-4665-AD20-2C2929067C8B@layerxtech.com> On May 21, 2010, at 20:05 , Sam Trenholme wrote: >> Anyone knows if something like that would be against RFC(or something >> alike)? > > It?s not against the RFCs, but it is against the goal of making a > high-performance DNS server. Sebastian, Though it would be a cool idea, it would kill performance. If your entries are static, you can perform a very quick lookup for each query in more-or-less constant time. If you have a series of regex, you can't know which of them will definitely match without evaluating each one against your query. The time to do this grows larger with more regular expressions, and that doesn't even account for the fact that different regular expressions can take very different amounts of time to execute. You can even write a regex that takes quadratic time with respect to the length of the string you are testing. I wouldn't be surprised if you could do even worse than that if you tried. For the examples you give, most of them (alternations) could be easily pre-expanded before loading the config into maradns. I would strongly consider writing a simple script that takes some more compact description of your zone and expands it into a full maradns config file. When you make edits, you re-run your script, then reload maradns. I used to use a system much like that years ago with a bind server, and it worked quite well. --Joey From c0kr3x at gmail.com Mon May 31 00:14:27 2010 From: c0kr3x at gmail.com (Rio Astamal) Date: Mon, 31 May 2010 11:14:27 +0700 Subject: include or import syntax for mararc? Message-ID: Hello, Is mararc configuration file support include or import syntax so we can split the configuration to multiple files? Thanks. Rio Astamal From remco at webconquest.com Mon May 31 00:24:10 2010 From: remco at webconquest.com (Remco Rijnders) Date: Mon, 31 May 2010 06:24:10 +0200 Subject: include or import syntax for mararc? In-Reply-To: References: Message-ID: <4C0339EA.9080101@webconquest.com> Op 31-05-10 06:14, Rio Astamal schreef: > Is mararc configuration file support include or import syntax so we > can split the configuration to multiple files? Hi Rio, AFAIK, mara reads its configuration from only a single file. For the zone files themselves, inclusion of other files is possible. For this, use the "/read" command as described in http://www.maradns.org/tutorial/man.csv2.html Kind regards, Remco PS. I suppose one could do what you ask for by replacing the mararc file with a named pipe that concatenates a series of files together, but such a thing would be outside the scope of this list. From c0kr3x at gmail.com Mon May 31 00:37:33 2010 From: c0kr3x at gmail.com (Rio Astamal) Date: Mon, 31 May 2010 11:37:33 +0700 Subject: include or import syntax for mararc? In-Reply-To: <4C0339EA.9080101@webconquest.com> References: <4C0339EA.9080101@webconquest.com> Message-ID: Hi Remco, Let say I have a domain example.com, I want to give my user subdomain when they register to my website. i.e.: user1.example.com user2.example.com etc... Can you give me an example how the configuration will look like with the "/read" command? Thanks. Rio Astamal. On Mon, May 31, 2010 at 11:24 AM, Remco Rijnders wrote: > Op 31-05-10 06:14, Rio Astamal schreef: > >> Is mararc configuration file support include or import syntax so we >> can split the configuration to multiple files? > > Hi Rio, > > AFAIK, mara reads its configuration from only a single file. > > For the zone files themselves, inclusion of other files is possible. For > this, use the "/read" command as described in > http://www.maradns.org/tutorial/man.csv2.html > > Kind regards, > > Remco > > PS. I suppose one could do what you ask for by replacing the mararc file > with a named pipe that concatenates a series of files together, but such > a thing would be outside the scope of this list. > > From strenholme.usenet at gmail.com Mon May 31 14:18:22 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 31 May 2010 13:18:22 -0500 Subject: include or import syntax for mararc? In-Reply-To: References: Message-ID: > Is mararc configuration file support include or import syntax so we > can split the configuration to multiple files? MaraDNS does not support importing other files while parsing a mararc file but Deadwood does. From Deadwood?s man page: It is possible to have Deadwood, while parsing the dwood3rc file, read other files and parse them as if they were dwood3rc files. This is done using execfile. To use execfile, place a line like this in the dwood3rc file: execfile("path/to/filename") Where path/to/filename is the path to the file to be parsed like a dwood3rc file. All files must be in or under the directory /etc/deadwood/execfile. Filenames can only have lower-case letters and the underscore character ("_"). Absolute paths are not allowed as the argument to execfile; the filename can not start with a slash ("/") character. If there is a parse error in the file pointed to by execfile, Deadwood will report the error as being on the line with the execfile command in the main dwood3rc file. To find where a parse error is in the sub-file, use something like "Deadwood -f /etc/deadwood/execfile/filename" to find the parse error in the offending file, where "filename" is the file to to parsed via execfile. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited.