# Example mararc file (unabridged version) # The various zones we support # We must initialize the csv1 hash, or MaraDNS will be unable to # load any zone files csv1 = {} # This is just to show the format of the file # csv1["example.com."] = "db.example.com" # The address this DNS server runs on. If you want to bind # to all addresses a given machine has, use "0.0.0.0". bind_address = "0.0.0.0" # The directory with all of the zone files chroot_dir = "/etc/maradns" # The numeric UID MaraDNS will run as maradns_uid = 99 # The (optional) numeric GID MaraDNS will run as # maradns_gid = 99 # The maximum number of threads (or processes, with the zone server) # MaraDNS is allowed to run maxprocs = 96 # It is possible to specify a different maximum number of processes that # the zone server can run. If this is not set, the maximum number of # processes that the zone server can have defaults to the 'maxprocs' value # above # max_tcp_procs = 64 # Normally, MaraDNS has some MaraDNS-specific features, such as DDIP # synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org." # with a TXT query returns the version of MaraDNS that a server is # running), unique handling of multiple QDCOUNTs, etc. Some people # might not like these features, so I have added a switch that lets # a sys admin disable all these features. Just give "no_fingerprint" # a value of one here, and MaraDNS should be more or less # indistinguishable from a tinydns server. no_fingerprint = 0 # Normally, MaraDNS only returns A and MX records when given a # QTYPE=* (all RR types) query. Changing the value of default_rrany_set # to 15 causes MaraDNS to also return the NS and SOA records, which # some registars require. The default value of this is 3 default_rrany_set = 3 # These constants limit the number of records we will display, in order # to help keep packets 512 bytes or smaller. This, combined with round_robin # record rotation, help to use DNS as a crude load-balancer. # The maximum number of records to display in a chain of records (list # of records) for a given host name max_chain = 8 # The maximum number of records to display in a list of records in the # additional section of a query. If this is any value besides one, # round robin rotation is disabled (due to limitations in the current # data structure MaraDNS uses) max_ar_chain = 1 # The maximum number of records to show total for a given question max_total = 20 # The number of messages we log to stdout # 0: No messages except for fatal parsing errors and the legal disclaimer # 1: Only startup messages logged (default) # 2: Error queries logged # 3: All queries logged (but not very verbosely right now) verbose_level = 1 # Initialize the IP aliases, which are used by the list of root name servers, # the ACL for zone transfers, and the ACL of who gets to perform recursive # queries ipv4_alias = {} # Various sets of root name servers # Note: Netmasks can exist, but are ignored when specifying root name server # ICANN: the most common and most controversial root name server # http://www.icann.org ipv4_alias["icann"] = "198.41.0.4,128.9.0.107,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,198.32.64.12,202.12.27.33" # OSRC: http://www.open-rsc.org/ ipv4_alias["osrc"] = "199.166.24.1,205.189.73.102,199.166.24.3,207.126.103.16,195.117.6.10,205.189.73.10,204.57.55.100,213.196.2.97" # AlterNIC: http://www.alternic.org/ ipv4_alias["alternic"] = "160.79.129.192,24.6.78.12,160.79.133.70,65.15.8.202,216.162.42.240,195.224.64.190,160.79.133.66,216.162.42.185" # OpenNIC: http://www.opennic.unrated.net/ ipv4_alias["opennic"] = "131.161.247.226,209.151.84.102,64.247.218.140,64.247.218.149,209.104.33.250,209.104.63.249,209.151.84.103,199.175.137.211,207.6.128.246,65.243.92.254" # Pacific Root: http://www.pacificroot.com/ # Disabled because Pacific Root no longer runs traditional style root # servers #ipv4_alias["pacificroot"] = "204.107.129.2,208.179.42.162,12.28.140.20,204.107.129.10,212.115.192.151,202.76.159.5,209.54.94.3,167.160.132.2" # IRSC: http://www.irsc.ah.net/ # This group was terminated January 2002 #ipv4_alias["irsc"] = "203.21.205.2,203.21.205.3,212.234.36.20,212.234.36.19,207.180.91.9,198.199.168.92,207.180.91.10" # TINC: http://www.tinc-org.com/ # On 2002/11/15, the tinc domain was owned by a domain squatter # The only working server on this list is 145.89.234.7 #ipv4_alias["tinc"] = "64.6.65.10,208.128.113.35,212.172.21.254,207.112.147.14,145.89.234.7,209.133.38.16" # Super Root: http://www.superroot.org/ # They no longer use a traditional list of root servers #ipv4_alias["superroot"] = "199.5.157.128,199.166.24.12,199.166.28.10,5.189.73.10,199.166.31.250,199.166.24.1,205.189.73.102,199.166.24.3,204.80.125.130,207.126.103.16,204.57.55.100" # End of list of root name server lists # Here is a ACL which restricts who is allowed to perform zone transfer from # the zoneserver program # VERY IMPORTANT: Do not put spaces in the zone_transfer_acl list # Good: zone_transfer_acl = "office,home" # Bad: zone_transfer_acl = "office, home" # Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits in IP need to match) # and 10.100.100.100/255.255.255.224 (IP: 10.100.100.100, netmask # 255.255.255.224) are allowed to connect to the zone server # NOTE: The "maradns" program does not serve zones. Zones are served # by the "zoneserver" program. # zone_transfer_acl = "10.1.1.1/24,10.100.100.100/255.255.255.224" # More complex: We create two aliases: One called "office" and another # called "home". We allow anyone in the office or at home to perform zone # transfers # ipv4_alias["office"] = "10.1.1.1/24" # ipv4_alias["home"] = "10.100.100.100/255.255.255.224" # zone_transfer_acl = "office,home" # More complex then the last example. We have three employees, # Susan, Becca, and Mia, whose computers we give zone transfer rights to. # Susan and Becca are system administrators, and Mia is a developer. # They are all part of the company. We give the entire company zone # transfer access # ipv4_alias["susan"] = "10.6.7.8/32" # Single IP allowed # ipv4_alias["becca"] = "10.7.8.9" # also a single IP # ipv4_alias["mia"] = "10.8.9.10/255.255.255.255" # Also a single IP # ipv4_alias["sysadmins"] = "susan,becca" # ipv4_alias["devel"] = "mia" # ipv4_alias["company"] = "sysadmins,devel" # This is equivalent to the above line # ipv4_alias["company"] = "susan,becca,mia" # zone_transfer_acl = "company" # If you want to enable recursion on the loopback interface, uncomment # the relevent lines in the following section # Recursive ACL: Who is allowd to perform recursive queries. The format # is identical to that of "zone_transfer_acl", including ipv4_alias support # ipv4_alias["localhost"] = "127.0.0.0/8" # recursive_acl = "localhost" # Random seed file: The file from which we read 16 bytes from to get the # 128-bit random Rijndael key. This is ideally a file which is a good source # of random numbers, but can also be a fixed file if your OS does not have # a decent random number generator (make sure the contents of that file is # random and with 600 perms, owned by root, since we read the file *before* # dropping root privledges) # random_seed_file = "/dev/urandom" # The maximum number of elements we can have in the cache. If we have more # elements in the cache than this amount, the "custodian" kicks in to effect, # removing elements not recently accessed from the cache (8 elements removed # per query) until we are at the 99% level or so again. # maximum_cache_elements = 1024 # It is possible to change the minimul "time to live" for entries in the # cache; this is the minimum time that an entry will stay in the cache. # Value is in seconds; default is 300 (5 minutes) # min_ttl = 300 # CNAME records generally take more effort to resolve in MaraDNS than # non-CNAME records; it is a good idea to make this higher then min_ttl # default value is to be the same as min_ttl # min_ttl_cname = 900 # The root servers which we use when making recursive queries. # The following line must be uncommented to enable recursive queries # root_servers = {} # You can choose which set of root servers to use. Current values (set above) # are: icann, osrc, alternic, opennic, pacificroot, irsc, tinc, and # superroot. This line must also be uncommented to enable recursive # queries. # root_servers["."] = "osrc" # You can tell MaraDNS to *not* query certain DNS servers when in recursive # mode. This is mainly used to not allow spam-friendly domains to resolve, # since spammers are starting to get in the habit of using spam-friendly # DNS servers to resolve their domains, allowing them to hop from ISP to # ISP. The format of this is the same as for zone_transfer_acl and # recursive_acl # For example, at the time of this document (August 12, 2001), azmalink.net # is a known spam-friendly DNS provider (see doc/detailed/spammers/azmalink.net # for details.) Note that this is based on IPs, and azmalink.net constantly # changes IPs (as they constantly have to change ISPs) # 2002/10/12: Azmalink changed ISP again, this reflect their current ISP ipv4_alias["azmalink"] = "12.164.194.0/24" # As of September 20, 2001, hiddenonline.net is a known spam-friendly # DNS provider (see doc/detailed/spammers/hiddenonline for details). ipv4_alias["hiddenonline"] = "65.107.225.0/24" spammers = "azmalink,hiddenonline" # It is also possible to change the maximum number of times MaraDNS will # follow a CNAME record or a NS record with a glue A record. The default # value for this is ten. # max_glueless_level = 10 # In addition, one can change the maximum number of total queries that # MaraDNS will perform to look up a host name. The default value is 32. # max_queries_total = 32 # In addition, one can change the amount of time that MaraDNS will wait # for a DNS server to respond before giving up and trying the next DNS # server on a list. Note that, the larger this value is, the slower # MaraDNS will process recursive queries when a DNS server is not # responding to DNS queries. The default value is two seconds. timeout_seconds = 6 # And that does it for the caching at this point