From strenholme.usenet at gmail.com Wed Oct 5 19:51:10 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 5 Oct 2011 18:51:10 -0500 Subject: [MaraDNS list] MaraDNS update Message-ID: I have fixed the following issues in today's release of MaraDNS: * Nicholas Bamber pointed out two issues with MaraDNS' documentation. I have updated the script that updates MaraDNS to resolve these issues. * AngelD discovered that the zoneserver would not return all records if a zone file has a lot of FQDN4 records. The bug took me about an hour to hunt down and find: The zoneserver uses a temporary buffer of records when sending them out. This buffer is 30 records in size, which usually isn't a problem because the zoneserver only loads 20 records before sending the records down the wire and flushing the buffer. However, since each FQDN4 (and FQDN6) record adds two records to the buffer, we only get the first 15 records before the buffer is full and some records get dropped. The fix is simple: I expanded the buffer so that it now fits 64 records. It can be downloaded here: http://www.maradns.org/download/2.0/snap/ The next day I plan to work on MaraDNS/Deadwood without sponsorship is on one day next month, before the 15th. In other words, I will volunteer one day to babysitting MaraDNS between November 1 and November 15. - Sam From strenholme.usenet at gmail.com Thu Oct 6 14:40:19 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 6 Oct 2011 13:40:19 -0500 Subject: [MaraDNS list] A moment of silence for Steve Jobs Message-ID: I would like to have a moment of silence for Steve Jobs' passing yesterday. While I personally don't use any Apple products, I have great admiration for Steve Jobs' accomplishments and am greatly saddened at him leaving us so young. My favorite accomplishment of his is bringing UNIX to the desktop via Mac OS X. To keep this on topic, has anyone successfully compiled and run MaraDNS 2.0 and/or Deadwood on Mac OS X? - Sam From rick at linuxmafia.com Thu Oct 6 14:53:59 2011 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 6 Oct 2011 11:53:59 -0700 Subject: [MaraDNS list] A moment of silence for Steve Jobs In-Reply-To: References: Message-ID: <20111006185359.GD7965@linuxmafia.com> Quoting Sam Trenholme (strenholme.usenet at gmail.com): > I would like to have a moment of silence for Steve Jobs' passing yesterday. Thanks, Sam. I knew the man (passingly) back in the Homebrew Computer Club days, and it's a shock to know of his death. > While I personally don't use any Apple products, I have great > admiration for Steve Jobs' accomplishments and am greatly saddened at > him leaving us so young. My favorite accomplishment of his is > bringing UNIX to the desktop via Mac OS X. You mean, via NeXTStep. ;-> (I was a very longtime devotee of NeXTStep, which was delightful and elegant, especially before it got the slick candy-coated makeover to make it resemble MacOS and re-brand it as OS X.) From strenholme.usenet at gmail.com Thu Oct 6 15:19:47 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 6 Oct 2011 14:19:47 -0500 Subject: [MaraDNS list] A moment of silence for Steve Jobs In-Reply-To: <20111006185359.GD7965@linuxmafia.com> References: <20111006185359.GD7965@linuxmafia.com> Message-ID: > ?(I was a very longtime devotee of NeXTStep, > which was delightful and elegant, especially before it got the slick > candy-coated makeover to make it resemble MacOS and re-brand it as OS X.) Have you had a chance to look at GNUstep http://gnustep.org ? I wonder if GNUstep is a reasonable approximation of the classic NeXTStep interface or just yet another half-done open-source project that will never get finished. I think something like GNUstep or Haiku ( Open-source BeOS clone http://haiku-os.org ) would make a great open-source desktop if ever finished. - Sam From rick at linuxmafia.com Thu Oct 6 15:26:22 2011 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 6 Oct 2011 12:26:22 -0700 Subject: [MaraDNS list] A moment of silence for Steve Jobs In-Reply-To: References: <20111006185359.GD7965@linuxmafia.com> Message-ID: <20111006192621.GF7965@linuxmafia.com> Quoting Sam Trenholme (strenholme.usenet at gmail.com): > Have you had a chance to look at GNUstep http://gnustep.org ? I > wonder if GNUstep is a reasonable approximation of the classic > NeXTStep interface or just yet another half-done open-source project > that will never get finished. I run it. ;-> Well, I run the Window Maker window manager, and have the ObjC tools and libs installed, and various GNUStep widgets. And I'm a longtime fan of ObjC, and wish it had been more popular instead of that unspeakable C++. Unfortunately, for all their elegance, the GNUStep reimplementation of Cocoa (derived from OPENSTEP) has just never gotten much mindshare. Nor has ObjC. The KDE and Freedesktop.org/GNOME kiddies would rather redesign everything, badly. ;-> From karim at malhas.de Fri Oct 7 04:39:59 2011 From: karim at malhas.de (Karim Malhas) Date: Fri, 07 Oct 2011 08:39:59 +0000 Subject: [MaraDNS list] read slashcommand causes Host name must be at beginning of a line Message-ID: Dear List, I am new to maradns so please forgive me if I have overlooked something very obvious. I am trying to set up maradns for my local network on debian squeeze using the version (1.4.03) supplied by the repositories and I am running into "Error: Host name must be at the beginning of a line" when using the "/read" slash command. It seems that the configparser is treating the "h" of the hostname "hatch" as a special character, but I can't tell why it would to that. The manpage for csv2 seems to allow this format and I think I have the right amount of '~' seperators Can anyone give me a hint as to what it is that I am doing wrong? I append the complete errormessage and configuration below. Regards, Karim /etc/maradns/db.testing ------------------------------------------- /ttl 300 ~ /origin example.com. ~ % NS a.ns.% ~ /read db.testing.generated ~ # TODO: don't actually want CNAMES here - find out how use aliases instead packages.% CNAME hatch.% ~ ci.% CNAME hatch.% ~ install.% A 192.168.200.2 ~ ------------------------------------------- /etc/maradns/db.testing.generated ------------------------------------------- hatch.% A 192.168.200.141 ~ vince.% A 192.168.200.142 ~ betsy.% A 192.168.200.143 ~ ------------------------------------------- The maradns error: ------------------------------------------- Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Processing zone example.com. right now. Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Filename: db.testing Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Host name must be at the beginning of a line Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line 6 in file db.testing.generated Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: testing.generated h (closing this file) Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: BUG: Don't run csv2_justread on a closed file! Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: BUG: Don't run csv2_justread on a closed file! Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Unexpected character Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line 6 in file db.testing.generated Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: testing.generated h (closing this file) Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Problem getting hostname Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line 6 in file db.testing.generated Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: testing.generated h (closing this file) Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: MaraDNS proudly serves you 2 DNS records Oct 7 10:12:44 virtmaster maradns.etc_maradns_mararc: Log: All RRs have been loaded ------------------------------------------- /etc/maradns/mararc ------------------------------------------- csv2={} csv2["example.com."] = "db.testing" bind_address ="192.168.200.2" chroot_dir="/etc/maradns" maradns_uid=103 maradns_gid=105 maxprocs=96 default_rrany_set=3 max_chain=8 max_ar_chain=1 max_total=20 verbose_level = 2 hide_disclaimer= "YES" ipv4_alias = {} ipv4_alias["icann"] = "198.41.0.4,192.228.79.201,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,199.7.83.42,202.12.27.33" recursive_acl = "0.0.0.0" ------------------------------------------- From karim at malhas.de Fri Oct 7 10:58:27 2011 From: karim at malhas.de (Karim Malhas) Date: Fri, 07 Oct 2011 14:58:27 +0000 Subject: [MaraDNS list] read slashcommand causes Host name must be at beginning of a line In-Reply-To: References: Message-ID: <6fa43ab791a8395f00b9598084056751@localhost> > I am trying to set up maradns for my local network on debian squeeze using > the version (1.4.03) supplied As per the README.Debian I downloaded and installed Version 1.4.06. The problem remains, though. Regards, Karim From harlan at bloomenterprises.org Fri Oct 7 11:21:13 2011 From: harlan at bloomenterprises.org (Harlan H. Bloom) Date: Fri, 7 Oct 2011 10:21:13 -0500 (CDT) Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: Message-ID: <33089703.219.1318000873930.JavaMail.root@mailtmp1> Hello, I'm working on upgrading MaraDNS to the latest version that Sam put out recently. I can use MaraDNS to either access my internal domain or I can use Deadwood to access the internet, but I'm not sure how to get them to play nice together. When I dig @127.0.0.1 ns1.vpn (internal address) it responds correctly. When I dig @127.0.0.1 www.yahoo.com, I get back the usual response when MaraDNS can't find the address. However, when I dig @127.0.0.2 ns1.vpn, I get back the usual response from Deadwood that it can't find the address. When I dig @127.0.0.2 www.yahoo.com, it responds correctly. I tried putting the root servers configuration into the mararc file; that didn't help MaraDNS find an internet address when did the dig command. I'm sure that I've got the configuration files messed up somehow. Mostly, I'm using the "stock" config files, with my internal address put into the /etc/maradns directory and the mararc file pointing the correct file. Like I said, looking up the internal addresses is working just fine, even for the CNAME records. I've tried Googling and even reading several MaraDNS documents, so far without any success. Any ideas or suggestions? Thanks, Harlan... From strenholme.usenet at gmail.com Fri Oct 7 12:03:48 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 7 Oct 2011 11:03:48 -0500 Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <33089703.219.1318000873930.JavaMail.root@mailtmp1> References: <33089703.219.1318000873930.JavaMail.root@mailtmp1> Message-ID: Try adding this to Deadwood's configuration file: root_servers["vpn."] = 127.0.0.1 - Sam 2011/10/7 Harlan H. Bloom : > Hello, > I'm working on upgrading MaraDNS to the latest version that Sam put out recently. > > I can use MaraDNS to either access my internal domain or I can use Deadwood to access the internet, but I'm not sure how to get them to play nice together. > > When I dig @127.0.0.1 ns1.vpn (internal address) it responds correctly. When I dig @127.0.0.1 www.yahoo.com, I get back the usual response when MaraDNS can't find the address. > > However, when I dig @127.0.0.2 ns1.vpn, I get back the usual response from Deadwood that it can't find the address. When I dig @127.0.0.2 www.yahoo.com, it responds correctly. > > I tried putting the root servers configuration into the mararc file; that didn't help MaraDNS find an internet address when did the dig command. > > I'm sure that I've got the configuration files messed up somehow. Mostly, I'm using the "stock" config files, with my internal address put into the /etc/maradns directory and the mararc file pointing the correct file. Like I said, looking up the internal addresses is working just fine, even for the CNAME records. I've tried Googling and even reading several MaraDNS documents, so far without any success. > > Any ideas or suggestions? > > Thanks, > > Harlan... > From strenholme.usenet at gmail.com Fri Oct 7 12:27:53 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 7 Oct 2011 11:27:53 -0500 Subject: [MaraDNS list] read slashcommand causes Host name must be at beginning of a line In-Reply-To: References: Message-ID: Thank you for the bug report; my guess is that this is yet another csv2 parser bug. Fortunately for you, I have gotten some sponsorship for October so I should be able to look at this bug in the next day or two. - Sam 2011/10/7 Karim Malhas : > Dear List, > > I am new to maradns so please forgive me if I have overlooked something > very obvious. > > I am trying to set up maradns for my local network on debian squeeze using > the version (1.4.03) supplied > by the repositories and I am running into > > ? "Error: Host name must be at the beginning of a line" > > when using the "/read" slash command. > > It seems that the configparser is treating the "h" of the hostname "hatch" > as a special character, but I can't tell why it would to that. > The manpage for csv2 seems to allow this format and I think I have the > right amount of '~' seperators > Can anyone give me a hint as to what it is that I am doing wrong? > > I append the complete errormessage and configuration below. > > Regards, > Karim > > > /etc/maradns/db.testing > ------------------------------------------- > /ttl 300 ~ > /origin example.com. ~ > % NS ?a.ns.% ~ > > > /read db.testing.generated ~ > > # TODO: don't actually want CNAMES here - find out how use aliases instead > packages.% ? ? ? ? ? ? ? ?CNAME ? hatch.% ~ > ci.% ? ? ? ? ? ? ? ? ? ? ?CNAME ? hatch.% ~ > install.% ? ? ? ? ? ? ? ? A ? ? ? 192.168.200.2 ~ > ------------------------------------------- > > /etc/maradns/db.testing.generated > ------------------------------------------- > hatch.% ? ?A ? ? 192.168.200.141 ~ > vince.% ? ?A ? ? 192.168.200.142 ~ > betsy.% ? ?A ? ? 192.168.200.143 ~ > ------------------------------------------- > > The maradns error: > ------------------------------------------- > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Processing zone > example.com. right now. > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Filename: > db.testing > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Host name > must be at the beginning of a line > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line 6 > in file db.testing.generated > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: > testing.generated h (closing this file) > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: BUG: Don't run > csv2_justread on a closed file! > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: BUG: Don't run > csv2_justread on a closed file! > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Unexpected > character > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line 6 > in file db.testing.generated > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: > testing.generated h (closing this file) > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Problem > getting hostname > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line 6 > in file db.testing.generated > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: > testing.generated h (closing this file) > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: MaraDNS proudly > serves you 2 DNS records > Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: ?Log: All RRs have > been loaded > ------------------------------------------- > > /etc/maradns/mararc > ------------------------------------------- > csv2={} > csv2["example.com."] = "db.testing" > bind_address ="192.168.200.2" > chroot_dir="/etc/maradns" > maradns_uid=103 > maradns_gid=105 > maxprocs=96 > default_rrany_set=3 > max_chain=8 > max_ar_chain=1 > max_total=20 > verbose_level = 2 > hide_disclaimer= "YES" > ipv4_alias = {} > ipv4_alias["icann"] = > "198.41.0.4,192.228.79.201,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,199.7.83.42,202.12.27.33" > recursive_acl = "0.0.0.0" > ------------------------------------------- > From harlan at bloomenterprises.org Fri Oct 7 16:10:11 2011 From: harlan at bloomenterprises.org (Harlan H. Bloom) Date: Fri, 7 Oct 2011 15:10:11 -0500 (CDT) Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <2592866.236.1318017773443.JavaMail.root@mailtmp1> Message-ID: <16552391.238.1318018211782.JavaMail.root@mailtmp1> Hi Sam, I added your suggestion to the root server list in dwood3rc. It doesn't look like MaraDNS and Deadwood are talking with each other. With Deadwood listening on 127.0.0.2 and MaraDNS on 127.0.0.1, I can do lookups on the internal network, but not on the internet. If I switch Deadwood and MaraDNS around, with the proper changes, I can do lookups on the internet, but not on the internal network. So far, still no go. Thanks, Harlan... ----- Original Message ----- From: "Sam Trenholme" To: "MaraDNS support mailing list" Sent: Friday, October 7, 2011 11:03:48 AM Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together Try adding this to Deadwood's configuration file: root_servers["vpn."] = 127.0.0.1 - Sam 2011/10/7 Harlan H. Bloom : > Hello, > I'm working on upgrading MaraDNS to the latest version that Sam put out recently. > > I can use MaraDNS to either access my internal domain or I can use Deadwood to access the internet, but I'm not sure how to get them to play nice together. > > When I dig @127.0.0.1 ns1.vpn (internal address) it responds correctly. When I dig @127.0.0.1 www.yahoo.com, I get back the usual response when MaraDNS can't find the address. > > However, when I dig @127.0.0.2 ns1.vpn, I get back the usual response from Deadwood that it can't find the address. When I dig @127.0.0.2 www.yahoo.com, it responds correctly. > > I tried putting the root servers configuration into the mararc file; that didn't help MaraDNS find an internet address when did the dig command. > > I'm sure that I've got the configuration files messed up somehow. Mostly, I'm using the "stock" config files, with my internal address put into the /etc/maradns directory and the mararc file pointing the correct file. Like I said, looking up the internal addresses is working just fine, even for the CNAME records. I've tried Googling and even reading several MaraDNS documents, so far without any success. > > Any ideas or suggestions? > > Thanks, > > Harlan... > From strenholme.usenet at gmail.com Fri Oct 7 17:30:49 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 7 Oct 2011 16:30:49 -0500 Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <16552391.238.1318018211782.JavaMail.root@mailtmp1> References: <2592866.236.1318017773443.JavaMail.root@mailtmp1> <16552391.238.1318018211782.JavaMail.root@mailtmp1> Message-ID: This should work: root_servers = {} # ICANN DNS root servers (Deadwood default if both root_servers and # upstream_servers are not defined) root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90, " root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, " root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, " root_servers["."]+="202.12.27.33" root_servers[".vpn"] = "127.0.0.2" # Our IP bind_address="127.0.0.1" # The IPs allowed to connect and use the cache recursive_acl = "127.0.0.1/16" chroot_dir = "/etc/maradns" If it doesn't, please post your dwood3rc and mararc files here so I can debug them. - Sam 2011/10/7 Harlan H. Bloom : > Hi Sam, > ?I added your suggestion to the root server list in dwood3rc. ?It doesn't look like MaraDNS and Deadwood are talking with each other. > > ?With Deadwood listening on 127.0.0.2 and MaraDNS on 127.0.0.1, I can do lookups on the internal network, but not on the internet. ?If I switch Deadwood and MaraDNS around, with the proper changes, I can do lookups on the internet, but not on the internal network. > > ?So far, still no go. > > Thanks, > > Harlan... > > ----- Original Message ----- > From: "Sam Trenholme" > To: "MaraDNS support mailing list" > Sent: Friday, October 7, 2011 11:03:48 AM > Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together > > Try adding this to Deadwood's configuration file: > > root_servers["vpn."] = 127.0.0.1 > > - Sam > > 2011/10/7 Harlan H. Bloom : >> Hello, >> I'm working on upgrading MaraDNS to the latest version that Sam put out recently. >> >> I can use MaraDNS to either access my internal domain or I can use Deadwood to access the internet, but I'm not sure how to get them to play nice together. >> >> When I dig @127.0.0.1 ns1.vpn (internal address) it responds correctly. When I dig @127.0.0.1 www.yahoo.com, I get back the usual response when MaraDNS can't find the address. >> >> However, when I dig @127.0.0.2 ns1.vpn, I get back the usual response from Deadwood that it can't find the address. When I dig @127.0.0.2 www.yahoo.com, it responds correctly. >> >> I tried putting the root servers configuration into the mararc file; that didn't help MaraDNS find an internet address when did the dig command. >> >> I'm sure that I've got the configuration files messed up somehow. Mostly, I'm using the "stock" config files, with my internal address put into the /etc/maradns directory and the mararc file pointing the correct file. Like I said, looking up the internal addresses is working just fine, even for the CNAME records. I've tried Googling and even reading several MaraDNS documents, so far without any success. >> >> Any ideas or suggestions? >> >> Thanks, >> >> Harlan... >> > From strenholme.usenet at gmail.com Fri Oct 7 19:48:14 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 7 Oct 2011 18:48:14 -0500 Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: References: <2592866.236.1318017773443.JavaMail.root@mailtmp1> <16552391.238.1318018211782.JavaMail.root@mailtmp1> Message-ID: > root_servers[".vpn"] = "127.0.0.2" root_servers[".vpn."] = "127.0.0.2" The final dot is needed so Deadwood knows it's a hostname. - Sam From harlan at bloomenterprises.org Sat Oct 8 00:21:06 2011 From: harlan at bloomenterprises.org (Harlan H. Bloom) Date: Fri, 7 Oct 2011 23:21:06 -0500 (CDT) Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <12373998.252.1318047592571.JavaMail.root@mailtmp1> Message-ID: <27848566.254.1318047666253.JavaMail.root@mailtmp1> Hi Sam, This suggestion didn't work either. I have several runs of dig below. Thanks, Harlan... dwoodrc: bind_address="127.0.0.1" # IP we bind to chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32) root_servers = {} root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, " root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, " root_servers["."]+="202.12.27.33" root_servers["vpn."]="127.0.0.2" recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache maxprocs = 8 # Maximum number of pending requests handle_overload = 1 # Send SERVER FAIL when overloaded maradns_uid = 99 # UID Deadwood runs as maradns_gid = 99 # GID Deadwood runs as maximum_cache_elements = 60000 cache_file = "dw_cache" resurrections = 1 mararc: hide_disclaimer="YES" csv2 = {} csv2["vpn."] = "db.vpn" ipv4_bind_addresses = "127.0.0.2" chroot_dir = "/etc/maradns" command: dig @127.0.0.1 mail.vpn output: ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mail.vpn. IN A ;; AUTHORITY SECTION: mail.vpn. 0 IN SOA z.mail.vpn. y.mail.vpn. 1 1 1 1 1 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Oct 7 23:10:35 2011 ;; MSG SIZE rcvd: 66 command: dig @127.0.0.2 mail.vpn what output should be: ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mail.vpn. IN A ;; ANSWER SECTION: mail.vpn. 86400 IN CNAME mailtmp1.vpn. mailtmp1.vpn. 86400 IN A 10.8.1.25 ;; AUTHORITY SECTION: vpn. 86400 IN NS synth-ip-7f000002.vpn. ;; ADDITIONAL SECTION: synth-ip-7f000002.vpn. 86400 IN A 127.0.0.2 ;; Query time: 1 msec ;; SERVER: 127.0.0.2#53(127.0.0.2) ;; WHEN: Fri Oct 7 23:17:39 2011 ;; MSG SIZE rcvd: 113 command: dig @127.0.0.1 www.yahoo.com output: ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.yahoo.com. IN A ;; ANSWER SECTION: www.yahoo.com. 3542 IN CNAME fp3.wg1.b.yahoo.com. fp3.wg1.b.yahoo.com. 3542 IN CNAME any-fp3-lfb.wa1.b.yahoo.com. any-fp3-lfb.wa1.b.yahoo.com. 3542 IN CNAME any-fp3-real.wa1.b.yahoo.com. any-fp3-real.wa1.b.yahoo.com. 3542 IN A 67.195.160.76 any-fp3-real.wa1.b.yahoo.com. 3542 IN A 209.191.122.70 any-fp3-real.wa1.b.yahoo.com. 3542 IN A 98.139.180.149 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Oct 7 23:19:41 2011 ;; MSG SIZE rcvd: 160 From harlan at bloomenterprises.org Sat Oct 8 00:30:03 2011 From: harlan at bloomenterprises.org (Harlan H. Bloom) Date: Fri, 7 Oct 2011 23:30:03 -0500 (CDT) Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <7685162.256.1318048099511.JavaMail.root@mailtmp1> Message-ID: <12003923.258.1318048203135.JavaMail.root@mailtmp1> I also forgot to mention that when I had: root_servers[".vpn."]="127.0.0.2" I got this error: Oct 7 23:07:59 dnstest /usr/local/sbin/Deadwood: Deadwood version 3.0.03 Oct 7 23:07:59 dnstest /usr/local/sbin/Deadwood: Fatal error in dwood3rc file on line 34 deadwoodrc parse error Oct 7 23:08:00 dnstest duende: Child exited with status 256 I removed the comments from the file when I pasted into previous message, to make the message shorter and easier to read. That's why the difference in line numbers above. ----- Original Message ----- From: "Harlan H. Bloom" To: "Sam Trenholme" Cc: "MaraDNS support mailing list" Sent: Friday, October 7, 2011 11:21:06 PM Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together Hi Sam, This suggestion didn't work either. I have several runs of dig below. Thanks, Harlan... dwoodrc: bind_address="127.0.0.1" # IP we bind to chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32) root_servers = {} root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, " root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, " root_servers["."]+="202.12.27.33" root_servers["vpn."]="127.0.0.2" recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache maxprocs = 8 # Maximum number of pending requests handle_overload = 1 # Send SERVER FAIL when overloaded maradns_uid = 99 # UID Deadwood runs as maradns_gid = 99 # GID Deadwood runs as maximum_cache_elements = 60000 cache_file = "dw_cache" resurrections = 1 mararc: hide_disclaimer="YES" csv2 = {} csv2["vpn."] = "db.vpn" ipv4_bind_addresses = "127.0.0.2" chroot_dir = "/etc/maradns" command: dig @127.0.0.1 mail.vpn output: ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mail.vpn. IN A ;; AUTHORITY SECTION: mail.vpn. 0 IN SOA z.mail.vpn. y.mail.vpn. 1 1 1 1 1 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Oct 7 23:10:35 2011 ;; MSG SIZE rcvd: 66 command: dig @127.0.0.2 mail.vpn what output should be: ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mail.vpn. IN A ;; ANSWER SECTION: mail.vpn. 86400 IN CNAME mailtmp1.vpn. mailtmp1.vpn. 86400 IN A 10.8.1.25 ;; AUTHORITY SECTION: vpn. 86400 IN NS synth-ip-7f000002.vpn. ;; ADDITIONAL SECTION: synth-ip-7f000002.vpn. 86400 IN A 127.0.0.2 ;; Query time: 1 msec ;; SERVER: 127.0.0.2#53(127.0.0.2) ;; WHEN: Fri Oct 7 23:17:39 2011 ;; MSG SIZE rcvd: 113 command: dig @127.0.0.1 www.yahoo.com output: ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.yahoo.com. IN A ;; ANSWER SECTION: www.yahoo.com. 3542 IN CNAME fp3.wg1.b.yahoo.com. fp3.wg1.b.yahoo.com. 3542 IN CNAME any-fp3-lfb.wa1.b.yahoo.com. any-fp3-lfb.wa1.b.yahoo.com. 3542 IN CNAME any-fp3-real.wa1.b.yahoo.com. any-fp3-real.wa1.b.yahoo.com. 3542 IN A 67.195.160.76 any-fp3-real.wa1.b.yahoo.com. 3542 IN A 209.191.122.70 any-fp3-real.wa1.b.yahoo.com. 3542 IN A 98.139.180.149 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Oct 7 23:19:41 2011 ;; MSG SIZE rcvd: 160 From karim at malhas.de Sat Oct 8 04:58:43 2011 From: karim at malhas.de (Karim Malhas) Date: Sat, 08 Oct 2011 08:58:43 +0000 Subject: [MaraDNS list] read slashcommand causes Host name must be at beginning of a line In-Reply-To: References: Message-ID: <4ff9ebf4bf5b548fdf831aaabd4f04b9@localhost> Hello Sam, That's great. I minified the testcase to this: zonefile 'db' ------------------ /read include ~ ------------------ include ------------------ a. 10.0.0.1 ------------------ >From playing around with gdb and maradns compiled with debugging this is what I think is happening: On Csv2_parse.c:1591 before csv2_get_filename is called stream->context is '/read ' On Csv2_parse.c:1529 before csv2_push_file is called stream->context is '/read include ' and some trailing 0s Then the loop repeats and On Csv2_parse.c:1392 csv2_get_1st is called which runs to Csv2_parse.c:511 where the error is thrown. stream->context is '/read include a\000\000\000' here. So it looks like the '~' goes missing. I have attached the gdb session which includes a backtrace. Note however, that my C-fu is weak, and I might be totally off track. Regards, Karim > /ttl 300 ~ >> /origin example.com. ~ >> % NS ?a.ns.% ~ >> >> >> /read db.testing.generated ~ >> >> # TODO: don't actually want CNAMES here - find out how use aliases >> instead >> packages.% ? ? ? ? ? ? ? ?CNAME ? hatch.% ~ >> ci.% ? ? ? ? ? ? ? ? ? ? ?CNAME ? hatch.% ~ >> install.% ? ? ? ? ? ? ? ? A ? ? ? 192.168.200.2 ~ >> ------------------------------------------- >> >> /etc/maradns/db.testing.generated >> ------------------------------------------- >> hatch.% ? ?A ? ? 192.168.200.141 ~ >> vince.% ? ?A ? ? 192.168.200.142 ~ >> betsy.% ? ?A ? ? 192.168.200.143 ~ >> ------------------------------------------- >> >> The maradns error: >> ------------------------------------------- >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Processing zone >> example.com. right now. >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Filename: >> db.testing >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Host name >> must be at the beginning of a line >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line >> 6 >> in file db.testing.generated >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: >> testing.generated h (closing this file) >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: BUG: Don't run >> csv2_justread on a closed file! >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: BUG: Don't run >> csv2_justread on a closed file! >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Unexpected >> character >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line >> 6 >> in file db.testing.generated >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: >> testing.generated h (closing this file) >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Problem >> getting hostname >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line >> 6 >> in file db.testing.generated >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of error: >> testing.generated h (closing this file) >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: MaraDNS proudly >> serves you 2 DNS records >> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: ?Log: All RRs >> have >> been loaded >> ------------------------------------------- >> >> /etc/maradns/mararc >> ------------------------------------------- >> csv2={} >> csv2["example.com."] = "db.testing" >> bind_address ="192.168.200.2" >> chroot_dir="/etc/maradns" >> maradns_uid=103 >> maradns_gid=105 >> maxprocs=96 >> default_rrany_set=3 >> max_chain=8 >> max_ar_chain=1 >> max_total=20 >> verbose_level = 2 >> hide_disclaimer= "YES" >> ipv4_alias = {} >> ipv4_alias["icann"] = >> "198.41.0.4,192.228.79.201,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,199.7.83.42,202.12.27.33" >> recursive_acl = "0.0.0.0" >> ------------------------------------------- >> From strenholme.usenet at gmail.com Sat Oct 8 11:46:32 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 8 Oct 2011 10:46:32 -0500 Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <27848566.254.1318047666253.JavaMail.root@mailtmp1> References: <12373998.252.1318047592571.JavaMail.root@mailtmp1> <27848566.254.1318047666253.JavaMail.root@mailtmp1> Message-ID: Oh, yeah, that's right. You're VPN addresses, of course, will be RFC1918 addresses. Please add the following line to your dwood3rc file: filter_rfc1918 = 0 This should solve your problem. If it doesn't, please let us know. I really need to make this a FAQ; you're the second person on this list to have this issue. The reason why we filter these IPs is because there are some interesting Javascript cross-site-scripting security exploits that have been done by having a given host name resolve to a local IP like "192.168.1.1". I don't know if black hats in the wild do it, or if newer browsers have protection, but it's a known academic attack. - Sam 2011/10/7 Harlan H. Bloom : > Hi Sam, > ?This suggestion didn't work either. ?I have several runs of dig below. > > Thanks, > > Harlan... > > dwoodrc: > bind_address="127.0.0.1" # IP we bind to > chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32) > > root_servers = {} > root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," > root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, " > root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, " > root_servers["."]+="202.12.27.33" > root_servers["vpn."]="127.0.0.2" > recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache > > maxprocs = 8 # Maximum number of pending requests > handle_overload = 1 # Send SERVER FAIL when overloaded > > maradns_uid = 99 # UID Deadwood runs as > maradns_gid = 99 # GID Deadwood runs as > > maximum_cache_elements = 60000 > > cache_file = "dw_cache" > resurrections = 1 > > mararc: > hide_disclaimer="YES" > > csv2 = {} > csv2["vpn."] = "db.vpn" > > ipv4_bind_addresses = "127.0.0.2" > chroot_dir = "/etc/maradns" > > command: > dig @127.0.0.1 mail.vpn > > output: > ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A > > ;; AUTHORITY SECTION: > mail.vpn. ? ? ? ? ? ? ? 0 ? ? ? IN ? ? ?SOA ? ? z.mail.vpn. y.mail.vpn. 1 1 1 1 1 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Oct ?7 23:10:35 2011 > ;; MSG SIZE ?rcvd: 66 > > command: > dig @127.0.0.2 mail.vpn > > what output should be: > ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A > > ;; ANSWER SECTION: > mail.vpn. ? ? ? ? ? ? ? 86400 ? IN ? ? ?CNAME ? mailtmp1.vpn. > mailtmp1.vpn. ? ? ? ? ? 86400 ? IN ? ? ?A ? ? ? 10.8.1.25 > > ;; AUTHORITY SECTION: > vpn. ? ? ? ? ? ? ? ? ? ?86400 ? IN ? ? ?NS ? ? ?synth-ip-7f000002.vpn. > > ;; ADDITIONAL SECTION: > synth-ip-7f000002.vpn. ?86400 ? IN ? ? ?A ? ? ? 127.0.0.2 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.2#53(127.0.0.2) > ;; WHEN: Fri Oct ?7 23:17:39 2011 > ;; MSG SIZE ?rcvd: 113 > > command: > dig @127.0.0.1 www.yahoo.com > > output: > ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.yahoo.com. ? ? ? ? ? ? ? ? IN ? ? ?A > > ;; ANSWER SECTION: > www.yahoo.com. ? ? ? ? ?3542 ? ?IN ? ? ?CNAME ? fp3.wg1.b.yahoo.com. > fp3.wg1.b.yahoo.com. ? ?3542 ? ?IN ? ? ?CNAME ? any-fp3-lfb.wa1.b.yahoo.com. > any-fp3-lfb.wa1.b.yahoo.com. 3542 IN ? ?CNAME ? any-fp3-real.wa1.b.yahoo.com. > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 67.195.160.76 > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 209.191.122.70 > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 98.139.180.149 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Oct ?7 23:19:41 2011 > ;; MSG SIZE ?rcvd: 160 > From harlan at bloomenterprises.org Sat Oct 8 14:38:02 2011 From: harlan at bloomenterprises.org (Harlan H. Bloom) Date: Sat, 8 Oct 2011 13:38:02 -0500 (CDT) Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: Message-ID: <24486053.269.1318099082312.JavaMail.root@mailtmp1> Thanks Sam! That seems to have digs working correctly now! Harlan... ----- Original Message ----- From: "Sam Trenholme" To: "maradns list" Sent: Saturday, October 8, 2011 10:46:32 AM Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together Oh, yeah, that's right. You're VPN addresses, of course, will be RFC1918 addresses. Please add the following line to your dwood3rc file: filter_rfc1918 = 0 This should solve your problem. If it doesn't, please let us know. I really need to make this a FAQ; you're the second person on this list to have this issue. The reason why we filter these IPs is because there are some interesting Javascript cross-site-scripting security exploits that have been done by having a given host name resolve to a local IP like "192.168.1.1". I don't know if black hats in the wild do it, or if newer browsers have protection, but it's a known academic attack. - Sam 2011/10/7 Harlan H. Bloom : > Hi Sam, > ?This suggestion didn't work either. ?I have several runs of dig below. > > Thanks, > > Harlan... > > dwoodrc: > bind_address="127.0.0.1" # IP we bind to > chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32) > > root_servers = {} > root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," > root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, " > root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, " > root_servers["."]+="202.12.27.33" > root_servers["vpn."]="127.0.0.2" > recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache > > maxprocs = 8 # Maximum number of pending requests > handle_overload = 1 # Send SERVER FAIL when overloaded > > maradns_uid = 99 # UID Deadwood runs as > maradns_gid = 99 # GID Deadwood runs as > > maximum_cache_elements = 60000 > > cache_file = "dw_cache" > resurrections = 1 > > mararc: > hide_disclaimer="YES" > > csv2 = {} > csv2["vpn."] = "db.vpn" > > ipv4_bind_addresses = "127.0.0.2" > chroot_dir = "/etc/maradns" > > command: > dig @127.0.0.1 mail.vpn > > output: > ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A > > ;; AUTHORITY SECTION: > mail.vpn. ? ? ? ? ? ? ? 0 ? ? ? IN ? ? ?SOA ? ? z.mail.vpn. y.mail.vpn. 1 1 1 1 1 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Oct ?7 23:10:35 2011 > ;; MSG SIZE ?rcvd: 66 > > command: > dig @127.0.0.2 mail.vpn > > what output should be: > ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A > > ;; ANSWER SECTION: > mail.vpn. ? ? ? ? ? ? ? 86400 ? IN ? ? ?CNAME ? mailtmp1.vpn. > mailtmp1.vpn. ? ? ? ? ? 86400 ? IN ? ? ?A ? ? ? 10.8.1.25 > > ;; AUTHORITY SECTION: > vpn. ? ? ? ? ? ? ? ? ? ?86400 ? IN ? ? ?NS ? ? ?synth-ip-7f000002.vpn. > > ;; ADDITIONAL SECTION: > synth-ip-7f000002.vpn. ?86400 ? IN ? ? ?A ? ? ? 127.0.0.2 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.2#53(127.0.0.2) > ;; WHEN: Fri Oct ?7 23:17:39 2011 > ;; MSG SIZE ?rcvd: 113 > > command: > dig @127.0.0.1 www.yahoo.com > > output: > ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.yahoo.com. ? ? ? ? ? ? ? ? IN ? ? ?A > > ;; ANSWER SECTION: > www.yahoo.com. ? ? ? ? ?3542 ? ?IN ? ? ?CNAME ? fp3.wg1.b.yahoo.com. > fp3.wg1.b.yahoo.com. ? ?3542 ? ?IN ? ? ?CNAME ? any-fp3-lfb.wa1.b.yahoo.com. > any-fp3-lfb.wa1.b.yahoo.com. 3542 IN ? ?CNAME ? any-fp3-real.wa1.b.yahoo.com. > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 67.195.160.76 > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 209.191.122.70 > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 98.139.180.149 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Oct ?7 23:19:41 2011 > ;; MSG SIZE ?rcvd: 160 > From strenholme.usenet at gmail.com Sat Oct 8 15:20:13 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 8 Oct 2011 14:20:13 -0500 Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <24486053.269.1318099082312.JavaMail.root@mailtmp1> References: <24486053.269.1318099082312.JavaMail.root@mailtmp1> Message-ID: > That seems to have digs working correctly now! Excellent! I have updated the default dwoodrc file and the example dwood3rc in the man page to have the filter_rfc1918 parameter described. Next: Karim's MaraDNS parse bug. - Sam From strenholme.usenet at gmail.com Sat Oct 8 15:21:43 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 8 Oct 2011 14:21:43 -0500 Subject: [MaraDNS list] read slashcommand causes Host name must be at beginning of a line In-Reply-To: <4ff9ebf4bf5b548fdf831aaabd4f04b9@localhost> References: <4ff9ebf4bf5b548fdf831aaabd4f04b9@localhost> Message-ID: Karim, I have been able to reproduce the issue on my internal testing setup. I have plans today so I will not be able to continue looking at the bug right now, but I hope to have time in the next day or two to look at it. - Sam 2011/10/8 Karim Malhas : > Hello Sam, > > > That's great. > I minified the testcase to this: > > zonefile 'db' > ------------------ > /read include ~ > ------------------ > > include > ------------------ > a. 10.0.0.1 > ------------------ > > From playing around with gdb and maradns compiled with debugging this is > what I think is happening: > > On Csv2_parse.c:1591 before csv2_get_filename is called stream->context is > '/read ' > On Csv2_parse.c:1529 before csv2_push_file ? ?is called stream->context is > '/read include ' and some trailing 0s > > Then the loop repeats and > On Csv2_parse.c:1392 csv2_get_1st is called which runs to Csv2_parse.c:511 > where the error is thrown. > stream->context is '/read include a\000\000\000' here. > > So it looks like the '~' goes missing. > > I have attached the gdb session which includes a backtrace. > > Note however, that my C-fu is weak, and I might be totally off track. > > Regards, > Karim > > > >> /ttl 300 ~ >>> /origin example.com. ~ >>> % NS ?a.ns.% ~ >>> >>> >>> /read db.testing.generated ~ >>> >>> # TODO: don't actually want CNAMES here - find out how use aliases >>> instead >>> packages.% ? ? ? ? ? ? ? ?CNAME ? hatch.% ~ >>> ci.% ? ? ? ? ? ? ? ? ? ? ?CNAME ? hatch.% ~ >>> install.% ? ? ? ? ? ? ? ? A ? ? ? 192.168.200.2 ~ >>> ------------------------------------------- >>> >>> /etc/maradns/db.testing.generated >>> ------------------------------------------- >>> hatch.% ? ?A ? ? 192.168.200.141 ~ >>> vince.% ? ?A ? ? 192.168.200.142 ~ >>> betsy.% ? ?A ? ? 192.168.200.143 ~ >>> ------------------------------------------- >>> >>> The maradns error: >>> ------------------------------------------- >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Processing zone >>> example.com. right now. >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Filename: >>> db.testing >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Host name >>> must be at the beginning of a line >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line >>> 6 >>> in file db.testing.generated >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of > error: >>> testing.generated h (closing this file) >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: BUG: Don't run >>> csv2_justread on a closed file! >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: BUG: Don't run >>> csv2_justread on a closed file! >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: > Unexpected >>> character >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line >>> 6 >>> in file db.testing.generated >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of > error: >>> testing.generated h (closing this file) >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error: Problem >>> getting hostname >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: Error is on line >>> 6 >>> in file db.testing.generated >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: context of > error: >>> testing.generated h (closing this file) >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: MaraDNS proudly >>> serves you 2 DNS records >>> Oct ?7 10:12:44 virtmaster maradns.etc_maradns_mararc: ?Log: All RRs >>> have >>> been loaded >>> ------------------------------------------- >>> >>> /etc/maradns/mararc >>> ------------------------------------------- >>> csv2={} >>> csv2["example.com."] = "db.testing" >>> bind_address ="192.168.200.2" >>> chroot_dir="/etc/maradns" >>> maradns_uid=103 >>> maradns_gid=105 >>> maxprocs=96 >>> default_rrany_set=3 >>> max_chain=8 >>> max_ar_chain=1 >>> max_total=20 >>> verbose_level = 2 >>> hide_disclaimer= "YES" >>> ipv4_alias = {} >>> ipv4_alias["icann"] = >>> > "198.41.0.4,192.228.79.201,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,199.7.83.42,202.12.27.33" >>> recursive_acl = "0.0.0.0" >>> ------------------------------------------- >>> > From strenholme.usenet at gmail.com Sun Oct 9 08:47:29 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 9 Oct 2011 07:47:29 -0500 Subject: [MaraDNS list] read slashcommand causes Host name must be at beginning of a line In-Reply-To: References: <4ff9ebf4bf5b548fdf831aaabd4f04b9@localhost> Message-ID: > I have plans today so I will not be able to continue looking at the > bug right now, but I hope to have time in the next day or two to look > at it. I was able to make some time to fix this bug. Karim, when you get a change, please download and compile the following tarball to verify that it resolves your issue: http://maradns.org/download/2.0/snap/maradns-Q.20111009.1.tar.bz2 (This is a 2.0 release, so recursion is provided by Deadwood; if you just want the patch that fixes the issue, explode the tarball and look in the maradns-Q-20111009.1/update/2.0.04 directory) My current plan for MaraDNS is as follows: * I plan on releasing Deadwood 3.0.04 in early November. This is only three months after the 3.0.03 release, but I would like to update the version of Deadwood for my next MaraDNS release. * I plan on releasing MaraDNS 2.0.04 and 1.4.07 in early December. To release 1.4.07, I would like to backport the following 2.0 bug fixes in to the 1.4 branch. These patches can be found in the maradns-Q-20111009.1/update directoru for the tarball of today's MaraDNS snapshot: * maradns-2.0.01-fetchzone.patch: typo fix * maradns-2.0.02-axfr_over_udp.patch: Fixes AXFR-over-UDP issues * maradns-2.0.02-rfc2317.patch: Allow RFC2317-compliant hostnames (with /) * maradns-2.0.02-debian_bug_607739_fix.patch: Show hostname when complaining about DDIP name * maradns-2.0.03-angeld.patch: Fix issue with zone transfers when there are a lot of FQDN records * maradns-2.0.03-karim_bug.patch: Fix issue with '/read' directive (It is non-trivial to backport the "big_any" fix from 2.0 to 1.4, so people who want MaraDNS with this bug fixed will have to use MaraDNS 2) - Sam From harlan at bloomenterprises.org Sun Oct 9 16:10:44 2011 From: harlan at bloomenterprises.org (Harlan H. Bloom) Date: Sun, 9 Oct 2011 15:10:44 -0500 (CDT) Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <8670028.278.1318190311375.JavaMail.root@mailtmp1> Message-ID: <28032985.280.1318191044791.JavaMail.root@mailtmp1> Sad to say, I think I spoke too soon. I hadn't done any testing from other systems, like it's going to be used. I can do digs, both internal and external networks, from the system where MaraDNS and Deadwood are installed just fine. I included the external IP address in Deadwood's bind_address, so it both the 127.0.0.1 and the computers IP address inside the quotes, comma separated. I restarted both Deadwood and MaraDNS. I cannot do digs from neither external systems nor from the system itself using the external IP address. I have tried Deadwood with only the external IP address in the bind_address variable, with appropriate restarts of course. No go. Obviously, I need to be able to do digs, pings, nslookups, etc. from external systems in order to be of much use. Any ideas? Except for the bind_address variable, I have not made any changes from what I sent previously. Thanks, Harlan... ----- Original Message ----- From: "Sam Trenholme" To: "Harlan H. Bloom" , "MaraDNS support mailing list" Sent: Saturday, October 8, 2011 2:20:13 PM Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together > That seems to have digs working correctly now! Excellent! I have updated the default dwoodrc file and the example dwood3rc in the man page to have the filter_rfc1918 parameter described. Next: Karim's MaraDNS parse bug. - Sam From strenholme.usenet at gmail.com Sun Oct 9 16:45:05 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 9 Oct 2011 15:45:05 -0500 Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <27848566.254.1318047666253.JavaMail.root@mailtmp1> References: <12373998.252.1318047592571.JavaMail.root@mailtmp1> <27848566.254.1318047666253.JavaMail.root@mailtmp1> Message-ID: Look over the default dwood3rc file included with your copy of Deadwood, and try and figure out what each of the parameters does. In particular, your issue is that Deadwood works fine with 127.0.0.x IPs but doesn't work with other IPs. Note to self: One of these days, add code to raz users when they try and have a bind_address that isn't in the recursive_acl. Better yet, refuse to start Deadwood if it has a bind_address not in its recursive_acl - Sam 2011/10/7 Harlan H. Bloom : > Hi Sam, > ?This suggestion didn't work either. ?I have several runs of dig below. > > Thanks, > > Harlan... > > dwoodrc: > bind_address="127.0.0.1" # IP we bind to > chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32) > > root_servers = {} > root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," > root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, " > root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, " > root_servers["."]+="202.12.27.33" > root_servers["vpn."]="127.0.0.2" > recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache > > maxprocs = 8 # Maximum number of pending requests > handle_overload = 1 # Send SERVER FAIL when overloaded > > maradns_uid = 99 # UID Deadwood runs as > maradns_gid = 99 # GID Deadwood runs as > > maximum_cache_elements = 60000 > > cache_file = "dw_cache" > resurrections = 1 > > mararc: > hide_disclaimer="YES" > > csv2 = {} > csv2["vpn."] = "db.vpn" > > ipv4_bind_addresses = "127.0.0.2" > chroot_dir = "/etc/maradns" > > command: > dig @127.0.0.1 mail.vpn > > output: > ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A > > ;; AUTHORITY SECTION: > mail.vpn. ? ? ? ? ? ? ? 0 ? ? ? IN ? ? ?SOA ? ? z.mail.vpn. y.mail.vpn. 1 1 1 1 1 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Oct ?7 23:10:35 2011 > ;; MSG SIZE ?rcvd: 66 > > command: > dig @127.0.0.2 mail.vpn > > what output should be: > ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A > > ;; ANSWER SECTION: > mail.vpn. ? ? ? ? ? ? ? 86400 ? IN ? ? ?CNAME ? mailtmp1.vpn. > mailtmp1.vpn. ? ? ? ? ? 86400 ? IN ? ? ?A ? ? ? 10.8.1.25 > > ;; AUTHORITY SECTION: > vpn. ? ? ? ? ? ? ? ? ? ?86400 ? IN ? ? ?NS ? ? ?synth-ip-7f000002.vpn. > > ;; ADDITIONAL SECTION: > synth-ip-7f000002.vpn. ?86400 ? IN ? ? ?A ? ? ? 127.0.0.2 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.2#53(127.0.0.2) > ;; WHEN: Fri Oct ?7 23:17:39 2011 > ;; MSG SIZE ?rcvd: 113 > > command: > dig @127.0.0.1 www.yahoo.com > > output: > ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.yahoo.com. ? ? ? ? ? ? ? ? IN ? ? ?A > > ;; ANSWER SECTION: > www.yahoo.com. ? ? ? ? ?3542 ? ?IN ? ? ?CNAME ? fp3.wg1.b.yahoo.com. > fp3.wg1.b.yahoo.com. ? ?3542 ? ?IN ? ? ?CNAME ? any-fp3-lfb.wa1.b.yahoo.com. > any-fp3-lfb.wa1.b.yahoo.com. 3542 IN ? ?CNAME ? any-fp3-real.wa1.b.yahoo.com. > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 67.195.160.76 > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 209.191.122.70 > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 98.139.180.149 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Oct ?7 23:19:41 2011 > ;; MSG SIZE ?rcvd: 160 > From harlan at bloomenterprises.org Sun Oct 9 17:38:00 2011 From: harlan at bloomenterprises.org (Harlan H. Bloom) Date: Sun, 9 Oct 2011 16:38:00 -0500 (CDT) Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: Message-ID: <11367444.284.1318196280316.JavaMail.root@mailtmp1> I must have missed in the documentation that I needed to have addresses in both the bind_address and the recursive_acl, making sure the addresses in the recursive_acl had a "/16" after them. Things are working much better now and I can put the new DNS server into production. Thank You for your time and attention. ----- Original Message ----- From: "Sam Trenholme" To: "maradns list" Sent: Sunday, October 9, 2011 3:45:05 PM Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together Look over the default dwood3rc file included with your copy of Deadwood, and try and figure out what each of the parameters does. In particular, your issue is that Deadwood works fine with 127.0.0.x IPs but doesn't work with other IPs. Note to self: One of these days, add code to raz users when they try and have a bind_address that isn't in the recursive_acl. Better yet, refuse to start Deadwood if it has a bind_address not in its recursive_acl - Sam 2011/10/7 Harlan H. Bloom : > Hi Sam, > ?This suggestion didn't work either. ?I have several runs of dig below. > > Thanks, > > Harlan... > > dwoodrc: > bind_address="127.0.0.1" # IP we bind to > chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32) > > root_servers = {} > root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," > root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, " > root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, " > root_servers["."]+="202.12.27.33" > root_servers["vpn."]="127.0.0.2" > recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache > > maxprocs = 8 # Maximum number of pending requests > handle_overload = 1 # Send SERVER FAIL when overloaded > > maradns_uid = 99 # UID Deadwood runs as > maradns_gid = 99 # GID Deadwood runs as > > maximum_cache_elements = 60000 > > cache_file = "dw_cache" > resurrections = 1 > > mararc: > hide_disclaimer="YES" > > csv2 = {} > csv2["vpn."] = "db.vpn" > > ipv4_bind_addresses = "127.0.0.2" > chroot_dir = "/etc/maradns" > > command: > dig @127.0.0.1 mail.vpn > > output: > ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A > > ;; AUTHORITY SECTION: > mail.vpn. ? ? ? ? ? ? ? 0 ? ? ? IN ? ? ?SOA ? ? z.mail.vpn. y.mail.vpn. 1 1 1 1 1 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Oct ?7 23:10:35 2011 > ;; MSG SIZE ?rcvd: 66 > > command: > dig @127.0.0.2 mail.vpn > > what output should be: > ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A > > ;; ANSWER SECTION: > mail.vpn. ? ? ? ? ? ? ? 86400 ? IN ? ? ?CNAME ? mailtmp1.vpn. > mailtmp1.vpn. ? ? ? ? ? 86400 ? IN ? ? ?A ? ? ? 10.8.1.25 > > ;; AUTHORITY SECTION: > vpn. ? ? ? ? ? ? ? ? ? ?86400 ? IN ? ? ?NS ? ? ?synth-ip-7f000002.vpn. > > ;; ADDITIONAL SECTION: > synth-ip-7f000002.vpn. ?86400 ? IN ? ? ?A ? ? ? 127.0.0.2 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.2#53(127.0.0.2) > ;; WHEN: Fri Oct ?7 23:17:39 2011 > ;; MSG SIZE ?rcvd: 113 > > command: > dig @127.0.0.1 www.yahoo.com > > output: > ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.yahoo.com. ? ? ? ? ? ? ? ? IN ? ? ?A > > ;; ANSWER SECTION: > www.yahoo.com. ? ? ? ? ?3542 ? ?IN ? ? ?CNAME ? fp3.wg1.b.yahoo.com. > fp3.wg1.b.yahoo.com. ? ?3542 ? ?IN ? ? ?CNAME ? any-fp3-lfb.wa1.b.yahoo.com. > any-fp3-lfb.wa1.b.yahoo.com. 3542 IN ? ?CNAME ? any-fp3-real.wa1.b.yahoo.com. > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 67.195.160.76 > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 209.191.122.70 > any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 98.139.180.149 > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri Oct ?7 23:19:41 2011 > ;; MSG SIZE ?rcvd: 160 > From strenholme.usenet at gmail.com Sun Oct 9 18:15:22 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 9 Oct 2011 17:15:22 -0500 Subject: [MaraDNS list] Configuring MaraDNS and Deadwood to work together In-Reply-To: <11367444.284.1318196280316.JavaMail.root@mailtmp1> References: <11367444.284.1318196280316.JavaMail.root@mailtmp1> Message-ID: Excellent. To be honest, Harlan, I myself had exact the same problem when setting up Deadwood on one of my VMs a couple of months ago. Don't thank me for my help; thank JFC Morfin whose generous sponsorship makes it possible for me to spend more than one day a month baby sitting MaraDNS. I have added some code so Deadwood will refuse to start if one has a bind_address not in recursive_acl (telling people what the offending bind_address is): http://maradns.org/deadwood/snap/deadwood-S-20111009-1.tar.bz2 And, on that note, I am done with MaraDNS and Deadwood updates until the end of the month, barring receiving more sponsorship. I have been ignoring my beautiful wife because of this issue. I would like to again thank JFC Morfin for his generous sponsorship, and for letting me tell me wife "Sorry about ignoring you, but I did get paid for this work". :) - Sam 2011/10/9 Harlan H. Bloom : > I must have missed in the documentation that I needed to have addresses in both the bind_address and the recursive_acl, making sure the addresses in the recursive_acl had a "/16" after them. ?Things are working much better now and I can put the new DNS server into production. > > Thank You for your time and attention. > > ----- Original Message ----- > From: "Sam Trenholme" > To: "maradns list" > Sent: Sunday, October 9, 2011 3:45:05 PM > Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together > > Look over the default dwood3rc file included with your copy of > Deadwood, and try and figure out what each of the parameters does. ?In > particular, your issue is that Deadwood works fine with 127.0.0.x IPs > but doesn't work with other IPs. > > Note to self: One of these days, add code to raz users when they try > and have a bind_address that isn't in the recursive_acl. ?Better yet, > refuse to start Deadwood if it has a bind_address not in its > recursive_acl > > - Sam > > 2011/10/7 Harlan H. Bloom : >> Hi Sam, >> ?This suggestion didn't work either. ?I have several runs of dig below. >> >> Thanks, >> >> Harlan... >> >> dwoodrc: >> bind_address="127.0.0.1" # IP we bind to >> chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32) >> >> root_servers = {} >> root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," >> root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, " >> root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, " >> root_servers["."]+="202.12.27.33" >> root_servers["vpn."]="127.0.0.2" >> recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache >> >> maxprocs = 8 # Maximum number of pending requests >> handle_overload = 1 # Send SERVER FAIL when overloaded >> >> maradns_uid = 99 # UID Deadwood runs as >> maradns_gid = 99 # GID Deadwood runs as >> >> maximum_cache_elements = 60000 >> >> cache_file = "dw_cache" >> resurrections = 1 >> >> mararc: >> hide_disclaimer="YES" >> >> csv2 = {} >> csv2["vpn."] = "db.vpn" >> >> ipv4_bind_addresses = "127.0.0.2" >> chroot_dir = "/etc/maradns" >> >> command: >> dig @127.0.0.1 mail.vpn >> >> output: >> ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn >> ; (1 server found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025 >> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 >> ;; WARNING: recursion requested but not available >> >> ;; QUESTION SECTION: >> ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A >> >> ;; AUTHORITY SECTION: >> mail.vpn. ? ? ? ? ? ? ? 0 ? ? ? IN ? ? ?SOA ? ? z.mail.vpn. y.mail.vpn. 1 1 1 1 1 >> >> ;; Query time: 1 msec >> ;; SERVER: 127.0.0.1#53(127.0.0.1) >> ;; WHEN: Fri Oct ?7 23:10:35 2011 >> ;; MSG SIZE ?rcvd: 66 >> >> command: >> dig @127.0.0.2 mail.vpn >> >> what output should be: >> ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn >> ; (1 server found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770 >> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 >> ;; WARNING: recursion requested but not available >> >> ;; QUESTION SECTION: >> ;mail.vpn. ? ? ? ? ? ? ? ? ? ? ?IN ? ? ?A >> >> ;; ANSWER SECTION: >> mail.vpn. ? ? ? ? ? ? ? 86400 ? IN ? ? ?CNAME ? mailtmp1.vpn. >> mailtmp1.vpn. ? ? ? ? ? 86400 ? IN ? ? ?A ? ? ? 10.8.1.25 >> >> ;; AUTHORITY SECTION: >> vpn. ? ? ? ? ? ? ? ? ? ?86400 ? IN ? ? ?NS ? ? ?synth-ip-7f000002.vpn. >> >> ;; ADDITIONAL SECTION: >> synth-ip-7f000002.vpn. ?86400 ? IN ? ? ?A ? ? ? 127.0.0.2 >> >> ;; Query time: 1 msec >> ;; SERVER: 127.0.0.2#53(127.0.0.2) >> ;; WHEN: Fri Oct ?7 23:17:39 2011 >> ;; MSG SIZE ?rcvd: 113 >> >> command: >> dig @127.0.0.1 www.yahoo.com >> >> output: >> ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com >> ; (1 server found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;www.yahoo.com. ? ? ? ? ? ? ? ? IN ? ? ?A >> >> ;; ANSWER SECTION: >> www.yahoo.com. ? ? ? ? ?3542 ? ?IN ? ? ?CNAME ? fp3.wg1.b.yahoo.com. >> fp3.wg1.b.yahoo.com. ? ?3542 ? ?IN ? ? ?CNAME ? any-fp3-lfb.wa1.b.yahoo.com. >> any-fp3-lfb.wa1.b.yahoo.com. 3542 IN ? ?CNAME ? any-fp3-real.wa1.b.yahoo.com. >> any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 67.195.160.76 >> any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 209.191.122.70 >> any-fp3-real.wa1.b.yahoo.com. 3542 IN ? A ? ? ? 98.139.180.149 >> >> ;; Query time: 1 msec >> ;; SERVER: 127.0.0.1#53(127.0.0.1) >> ;; WHEN: Fri Oct ?7 23:19:41 2011 >> ;; MSG SIZE ?rcvd: 160 >> > From strenholme.usenet at gmail.com Thu Oct 13 16:24:08 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 13 Oct 2011 15:24:08 -0500 Subject: [MaraDNS list] RIP Dennis Ritchie Message-ID: On the heels of Steve Jobs' tragic passing, the great Dennis Ritchie, one of the inventors of UNIX and the C programming language, has also passed away. A moment of silence for Dennis Ritchie. While now as well known with the general public, his contributions to computing were at least as significant as Jobs' contributions. - Sam From dsevilla00 at hotmail.com Thu Oct 13 16:28:49 2011 From: dsevilla00 at hotmail.com (david sevilla) Date: Thu, 13 Oct 2011 14:28:49 -0600 Subject: [MaraDNS list] RIP Dennis Ritchie In-Reply-To: References: Message-ID: I would say his contributions were more significant than Jobs', yet you don't see all apple fans and everyone on TV/radio talking about him > Date: Thu, 13 Oct 2011 15:24:08 -0500 > From: strenholme.usenet at gmail.com > To: list at maradns.org > Subject: [MaraDNS list] RIP Dennis Ritchie > > On the heels of Steve Jobs' tragic passing, the great Dennis Ritchie, > one of the inventors of UNIX and the C programming language, has also > passed away. > > A moment of silence for Dennis Ritchie. While now as well known with > the general public, his contributions to computing were at least as > significant as Jobs' contributions. > > - Sam From strenholme.usenet at gmail.com Thu Oct 13 17:07:50 2011 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 13 Oct 2011 16:07:50 -0500 Subject: [MaraDNS list] RIP Dennis Ritchie In-Reply-To: References: Message-ID: > I would say his contributions were more significant than Jobs' I can tell you this much: I am not using any of Jobs' products right now, but MaraDNS is written in Ritchie's baby, C, and while Ritchie was not a big fan of Linux (because of the obnoxious behavior of its fanboys), Linux -- which I use almost every day, albeit usually in a virtual machine -- is a clone of the UNIX operating system he helped create.