[MaraDNS list] Configuring MaraDNS and Deadwood to work together

Harlan H. Bloom harlan at bloomenterprises.org
Sun Oct 9 17:38:00 EDT 2011


I must have missed in the documentation that I needed to have addresses in both the bind_address and the recursive_acl, making sure the addresses in the recursive_acl had a "/16" after them.  Things are working much better now and I can put the new DNS server into production.

Thank You for your time and attention.

----- Original Message -----
From: "Sam Trenholme" <strenholme.usenet at gmail.com>
To: "maradns list" <list at maradns.org>
Sent: Sunday, October 9, 2011 3:45:05 PM
Subject: Re: [MaraDNS list] Configuring MaraDNS and Deadwood to work together

Look over the default dwood3rc file included with your copy of
Deadwood, and try and figure out what each of the parameters does.  In
particular, your issue is that Deadwood works fine with 127.0.0.x IPs
but doesn't work with other IPs.

Note to self: One of these days, add code to raz users when they try
and have a bind_address that isn't in the recursive_acl.  Better yet,
refuse to start Deadwood if it has a bind_address not in its
recursive_acl

- Sam

2011/10/7 Harlan H. Bloom <harlan at bloomenterprises.org>:
> Hi Sam,
>  This suggestion didn't work either.  I have several runs of dig below.
>
> Thanks,
>
> Harlan...
>
> dwoodrc:
> bind_address="127.0.0.1" # IP we bind to
> chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32)
>
> root_servers = {}
> root_servers["."]="198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90,"
> root_servers["."]+="192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, "
> root_servers["."]+="192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, "
> root_servers["."]+="202.12.27.33"
> root_servers["vpn."]="127.0.0.2"
> recursive_acl = "127.0.0.1/16" # Who is allowed to use the cache
>
> maxprocs = 8 # Maximum number of pending requests
> handle_overload = 1 # Send SERVER FAIL when overloaded
>
> maradns_uid = 99 # UID Deadwood runs as
> maradns_gid = 99 # GID Deadwood runs as
>
> maximum_cache_elements = 60000
>
> cache_file = "dw_cache"
> resurrections = 1
>
> mararc:
> hide_disclaimer="YES"
>
> csv2 = {}
> csv2["vpn."] = "db.vpn"
>
> ipv4_bind_addresses = "127.0.0.2"
> chroot_dir = "/etc/maradns"
>
> command:
> dig @127.0.0.1 mail.vpn
>
> output:
> ; <<>> DiG 9.7.3 <<>> @127.0.0.1 mail.vpn
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62025
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;mail.vpn.                      IN      A
>
> ;; AUTHORITY SECTION:
> mail.vpn.               0       IN      SOA     z.mail.vpn. y.mail.vpn. 1 1 1 1 1
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Oct  7 23:10:35 2011
> ;; MSG SIZE  rcvd: 66
>
> command:
> dig @127.0.0.2 mail.vpn
>
> what output should be:
> ; <<>> DiG 9.7.3 <<>> @127.0.0.2 mail.vpn
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;mail.vpn.                      IN      A
>
> ;; ANSWER SECTION:
> mail.vpn.               86400   IN      CNAME   mailtmp1.vpn.
> mailtmp1.vpn.           86400   IN      A       10.8.1.25
>
> ;; AUTHORITY SECTION:
> vpn.                    86400   IN      NS      synth-ip-7f000002.vpn.
>
> ;; ADDITIONAL SECTION:
> synth-ip-7f000002.vpn.  86400   IN      A       127.0.0.2
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.2#53(127.0.0.2)
> ;; WHEN: Fri Oct  7 23:17:39 2011
> ;; MSG SIZE  rcvd: 113
>
> command:
> dig @127.0.0.1 www.yahoo.com
>
> output:
> ; <<>> DiG 9.7.3 <<>> @127.0.0.1 www.yahoo.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51381
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.yahoo.com.                 IN      A
>
> ;; ANSWER SECTION:
> www.yahoo.com.          3542    IN      CNAME   fp3.wg1.b.yahoo.com.
> fp3.wg1.b.yahoo.com.    3542    IN      CNAME   any-fp3-lfb.wa1.b.yahoo.com.
> any-fp3-lfb.wa1.b.yahoo.com. 3542 IN    CNAME   any-fp3-real.wa1.b.yahoo.com.
> any-fp3-real.wa1.b.yahoo.com. 3542 IN   A       67.195.160.76
> any-fp3-real.wa1.b.yahoo.com. 3542 IN   A       209.191.122.70
> any-fp3-real.wa1.b.yahoo.com. 3542 IN   A       98.139.180.149
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Oct  7 23:19:41 2011
> ;; MSG SIZE  rcvd: 160
>


More information about the list mailing list