[MaraDNS list] Configuring MaraDNS and Deadwood to work together
Harlan H. Bloom
harlan at bloomenterprises.org
Sun Oct 9 17:38:00 EDT 2011
I must have missed in the documentation that I needed to have addresses in both the bind_address and the recursive_acl, making sure the addresses in the recursive_acl had a "/16" after them. Things are working much better now and I can put the new DNS server into production.
Thank You for your time and attention.
----- Original Message -----
From: "Sam Trenholme" <strenholme.usenet at gmail.com>
To: "maradns list" <list at maradns.org>
Sent: Sunday, October 9, 2011 3:45:05 PM
Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together
Look over the default dwood3rc file included with your copy of
Deadwood, and try and figure out what each of the parameters does. In
particular, your issue is that Deadwood works fine with 127.0.0.x IPs
but doesn't work with other IPs.
Note to self: One of these days, add code to raz users when they try
and have a bind_address that isn't in the recursive_acl. Better yet,
refuse to start Deadwood if it has a bind_address not in its
recursive_acl
- Sam
2011/10/7 Harlan H. Bloom <harlan at bloomenterprises.org>:
> Hi Sam,
> This suggestion didn't work either. I have several runs of dig below.
>
> Thanks,
>
> Harlan...
>
> dwoodrc:
> bind_address="127.0.0.1" # IP we bind to
> chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32)
>
> root_servers = {}
> root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90,"
> root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, "
> root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, "
> root_servers["."]+="202.12.27.33"
> root_servers["vpn."]="127.0.0.2"
> recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache
>
> maxprocs = 8 # Maximum number of pending requests
> handle_overload = 1 # Send SERVER FAIL when overloaded
>
> maradns_uid = 99 # UID Deadwood runs as
> maradns_gid = 99 # GID Deadwood runs as
>
> maximum_cache_elements = 60000
>
> cache_file = "dw_cache"
> resurrections = 1
>
> mararc:
> hide_disclaimer="YES"
>
> csv2 = {}
> csv2["vpn."] = "db.vpn"
>
> ipv4_bind_addresses = "127.0.0.2"
> chroot_dir = "/etc/maradns"
>
> command:
> dig @127.0.0.1 mail.vpn
>
> output:
> ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;mail.vpn. IN A
>
> ;; AUTHORITY SECTION:
> mail.vpn. 0 IN SOA z.mail.vpn. y.mail.vpn. 1 1 1 1 1
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Oct 7 23:10:35 2011
> ;; MSG SIZE rcvd: 66
>
> command:
> dig @127.0.0.2 mail.vpn
>
> what output should be:
> ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;mail.vpn. IN A
>
> ;; ANSWER SECTION:
> mail.vpn. 86400 IN CNAME mailtmp1.vpn.
> mailtmp1.vpn. 86400 IN A 10.8.1.25
>
> ;; AUTHORITY SECTION:
> vpn. 86400 IN NS synth-ip-7f000002.vpn.
>
> ;; ADDITIONAL SECTION:
> synth-ip-7f000002.vpn. 86400 IN A 127.0.0.2
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.2#53(127.0.0.2)
> ;; WHEN: Fri Oct 7 23:17:39 2011
> ;; MSG SIZE rcvd: 113
>
> command:
> dig @127.0.0.1 www.yahoo.com
>
> output:
> ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.yahoo.com. IN A
>
> ;; ANSWER SECTION:
> www.yahoo.com. 3542 IN CNAME fp3.wg1.b.yahoo.com.
> fp3.wg1.b.yahoo.com. 3542 IN CNAME any-fp3-lfb.wa1.b.yahoo.com.
> any-fp3-lfb.wa1.b.yahoo.com. 3542 IN CNAME any-fp3-real.wa1.b.yahoo.com.
> any-fp3-real.wa1.b.yahoo.com. 3542 IN A 67.195.160.76
> any-fp3-real.wa1.b.yahoo.com. 3542 IN A 209.191.122.70
> any-fp3-real.wa1.b.yahoo.com. 3542 IN A 98.139.180.149
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Oct 7 23:19:41 2011
> ;; MSG SIZE rcvd: 160
>
More information about the list
mailing list