<!-- Do *not* edit this file; it was automatically generated by ej2html
Look for a name.ej file with the same name as this filename -->
<!-- Last updated Fri Feb 28 02:23:31 2003 -->
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8">
</HEAD><BODY >
<pre>
Erre con erre cigarro
Erre con erre barril
Rápido ruedan los carros
En el ferrocarril
</pre>
<h1>NAME</h1>
maradns - DNS server
<h1>SYNOPSIS</h1>
<b>maradns [ -v | -f mararc_file_location ]</b>
<h1>TABLE OF CONTENTS</h1>
This man page has the following sections:
<blockquote>
<pre>
Name
Synopsis
Table of Contents
Description
Usage
Firewall Configuration
Frequently Asked Questions
Bugs
Unimplemented Features
Legal Disclaimer
Authors
</pre>
</blockquote>
<H1>DESCRIPTION</H1>
<b>maradns</b>
is a DNS server written with security, simplicity, and performance in mind.
<p>
<b>maradns</b>
has two forms of arguments, both of which are optional.
<p>
The first is the location of a
<b>mararc</b>
file which MaraDNS obtains all configuration information from.
The default location of this file is
<b>/etc/mararc</b>.
This is specified in the form
<b>maradns -f mararc_file_location</b>;
<i>mararc_file_location</i>
is the location of the mararc file.
<p>
It is also possible to have MaraDNS display the version number and
exit. This is specified by invoking maradns in the form
<b>maradns -v</b>
or
<b>maradns --version</b>
<H1>USAGE</H1>
If MaraDNS is functioning only as a recursive nameserver, just one file
needs to be set up: The mararc file.
<p>
In order for MaraDNS to function as an authoritative nameserver, two
or more files need to be set up: the mararc file and one or more "csv1" zone
files.
<p>
The configuration formation of a csv1 zone file can be obtained
from the
<b>csv1(5)</b>
manual page. The configuration format of the mararc file can be obtained
from the
<b>mararc(5)</b>
manual page.
<h1>FIREWALL CONFIGURATION</h1>
If MaraDNS is being used as an authoritative nameserver, allow UDP
connections from all hosts on the internet to UDP port 53 for the IP
that the authoritative nameserver uses.
<p>
If MaraDNS is being used as a recursive nameserver, the firewall needs
to allow the following packets to go to and from the IP the recursive
nameserver uses:
<ul>
<li>
Allow UDP connections from the MaraDNS-running server to any
machine on the internet where the UDP destination port is 53
<li>
Allow UDP connections from any machine on the internet to the IP of the
recursive server, where the source port from the remote server is 53, and the
destination port is between 15000 and 19095 (inclusive)
<li>
Allow UDP connections from IPs that use MaraDNS as a recursive DNS server
to port 53 of the MaraDNS server
</ul>
MaraDNS uses a strong secure RNG for both the query (16 bits of entropy)
and the source port of the query (12 bits of entropy). This makes spoofing
replies to a MaraDNS server more difficult, since the attacker has only a
one in 250 million chance that a given spoofed reply will be considered
valid.
<p>
<h1>FREQUENTLY ASKED QUESTIONS</h1>
<h2>INDEX</h2>
<BLOCKQUOTE>
1. <A HREF=#tryout>How to I try out MaraDNS?</A> <P>
2. <A HREF=#license>What license is MaraDNS released under?</A><P>
3. <A HREF=#ips>How do I get MaraDNS to bind to multiple IP addresses?</A><P>
4. <A HREF=#ipsbug>How come BIND 9 can not process MaraDNS queries when
MaraDNS is bound to multiple IP addresses?</A><P>
5. <A HREF=#bugzilla>How do I report bugs in MaraDNS?</A><P>
6. <A HREF=#chatter>Some of the postings to the mailing list do not talk
about MaraDNS!</A><P>
7. <A HREF=#unsub>How to I get off the mailing list?</A><P>
8. <A HREF=#rdns>How do I set up reverse DNS on MaraDNS?</A><P>
9. <A HREF=#timeout>I am on a slow network, and MaraDNS can not process
recursive queries</A><P>
10. <A HREF=#obtuse>When I try to run MaraDNS, I get a
<tt>Fatal error: Error running populate_main program</tt>
or a <tt>Fatal error: init_cache() failed</tt>
error message.</A><P>
11. <A HREF=#rrany>I am trying to register a domain under the .au or
the .de name space,and my registrar is not taking my domain name</A><P>
12. <A HREF=#netstat>After I start MaraDNS, I can not see the process
when I run netstat -na</A><P>
13. <A HREF=#jsstr>What string library does MaraDNS use?</A><P>
14. <A HREF=#license>Why is MaraDNS public domain instead of BSD or GPL
licensed?</A><P>
15. <A HREF=#whythreads>Why does MaraDNS use a multi-threaded model?</A><P>
16. <A HREF=#wishlist>I feel that XXX feature should be added to MaraDNS</A><P>
17. <A HREF=#docbook>I feel that MaraDNS should use another documentation
format</A><P>
18. <A HREF=#patch>Is there any process I need to follow to add a patch
to MaraDNS?</A><P>
19. <A HREF=#primary>Can MaraDNS act as a primary nameserver?</A><P>
20. <A HREF=#secondary>Can MaraDNS act as a secondary nameserver?</A><P>
21. <A HREF=#auth>What is the difference between an authoritative and
a recursive DNS server?</A><P>
22. <A HREF=#bailiwick>The getzone client isn't allowing me to add certain
hostnames to my zone</A><P>
23. <A HREF=#kosherzone>I have having problems transferring zones from
MaraDNS' zone server to a BIND zone transfer client</A><P>
24. <A HREF=#portable>Is MaraDNS portable?</A><P>
25. <A HREF=#openbsd>How do I compile MaraDNS on OpenBSD?</A><P>
26. <A HREF=#cygwin>Can I use MaraDNS in Windows?</A><P>
27. <A HREF=#upstream>MaraDNS freezes up after being used for a while</A><P>
28. <A HREF=#python>What kind of Python integration does MaraDNS have</A><P>
29. <A HREF=#kvar>Doesn't "kvar" mean "four" in Esperanto?</A><p>
30. <A HREF=#timestamp>How do I make MaraDNS' time stamps
human-readable?</A><p>
</BLOCKQUOTE>
<H2>ANSWERS</H2>
<A NAME=tryout>
<H2>1. How to I try out MaraDNS?</H2>
<p>Read the <A href=quickstart.html>quick start guide</A>, which
is the file named 0QuickStart in the MaraDNS distribution.
<p>
<A NAME=license>
<H2>2. What license is MaraDNS released under?</H2>
<p>None, actually. MaraDNS is released to the public domain.
<A NAME=ips>
<H2>3. How do I get MaraDNS to bind to multiple IP addresses?</H2>
<p>
The current method is to run multiple copies of MaraDNS, each using its
own mararc file.
<p>
E.g:
<blockquote>
<pre>
maradns -f /etc/mararc.1
maradns -f /etc/mararc.2
etc.
</pre>
</blockquote>
<p>
If you just want to bind to all IP addresses your computer has, bind to
the IP "0.0.0.0"; however this can cause problems. See the next
question.
<p>
I don't think this will be too hard to correctly implement, since I
already have code for specifying multiple IP addresses with the IP ACL
code used by the zone server. Until then, I will add this workaround to
the FAQ.
<A NAME=ipsbug>
<H2>4. How come BIND 9 can not process MaraDNS queries when MaraDNS is bound
to multiple IP addresses?</H2>
In certain cricumstances, when MaraDNS is bound to more than one IP
address, the underlying OS will send the UDP reply with a different IP
than the IP the UDP query was sent to. This will confuse BIND 9, since
BIND 9's method for listening for requests that BIND has sent out expects
the reply to come from the same IP that the request was sent to.
<p>
<A NAME=bugzilla>
<H2>5. How do I report bugs in MaraDNS?</H2>
<p>
Before reporting a bug that MaraDNS has, please read the relevant man
pages. The man pages should be installed when one installs MaraDNS, and,
in addition, are available in the <tt>doc/man</tt> directory of the
MaraDNS source tarball. (It is also possible that you are reading the man
page right now)
<p>
Some MaraDNS man pages (namely, the man pages for <B>maradns</B>,
<B>askmara</B>, <B>zoneserver</B>, and <B>mararc</B>) have a section,
titled "BUGS", which list already known bugs which I feel are not
important enough to fix before the 1.0 release of MaraDNS. Bug reports
which mention one of these bugs will be cheerfully ignored (or given a
polite "thanks for the report, in this man page the bug is already
mentioned" message if I am in a particularly good mood).
<p>
Subscribe to the mailing list by sending mail to
<A href=mailto:list-subscribe@maradns.org>list-subscribe@maradns.org</A>
with "subscribe" as the subject line,
and describe the bug by sending email to
<A href=mailto:list@maradns.org>list@maradns.org</A>.
<A NAME=chatter>
<H2>6. Some of the postings to the mailing list do not talk about MaraDNS!</H2>
In cases where I post something to the mailing list which does not directly
talk about MaraDNS, the subject line will not have [MARA] in it, but will
have some form of the word CHATTER in it.
<P>
This way, people who do not like this can set up mail filters to filter out
anything that comes from this list and doesn't have [MARA] in the subject
line, or simply unsubscribe from the list and read the list from the
archives; if one needs to report a bug, they can subscribe to the list
again, post their bug, then unsubscribe after a week.
<P>
Another option is to set up one's Freshmeat preferences to be notified
in email every time I update MaraDNS at Freshmeat. This will give one
email notice of any critical bug fixes without needing to be
subscribed to the mailing list.
<P>
The web page <A href=http://www.maradns.org>http://www.maradns.org/</A>
has a link to the mailing list archives.
<A NAME=unsub>
<H2>7. How to I get off the mailing list?</H2>
Send an email to list-request@maradns.org with "unsubscribe" as the
subject line.
<A NAME=rdns>
<H2>8. How do I set up reverse DNS on MaraDNS?</H2>
By using PTR (pointer) records. For example, the PTR record which performs
the reverse DNS lookup for the ip 1.2.3.4 looks like this in a CSV1 zone
file:
<blockquote>
<tt>
P4.3.2.1.in-addr.arpa.|86400|www.example.com.
</tt>
</blockquote>
<A NAME=timeout>
<H2>9. I am on a slow network, and MaraDNS can not process recursive
queries</H2>
MaraDNS, by default, only waits two seconds for a reply from a remote
DNS server. This default can be increased by adding a line like this
in the mararc file:
<blockquote>
<pre>
timeout_seconds = 5
</pre>
</blockquote>
Note that making this too high will slow MaraDNS down when DNS servers
are down, which is, alas, all too common on today's internet.
<A NAME=obtuse>
<H2>10. When I try to run MaraDNS, I get a
<tt>Fatal error: Error running populate_main program</tt>
or a <tt>Fatal error: init_cache() failed</tt> error message.</H2>
<p>If a line in a mararc file is too long, you will see, before the
"Fatal error: Error running populate_main program" message, a message
showing you the line number which is too long and the filename with
the offending line. While it is possible to increase this limit
by changing the appropriate variable in the MaraDns.h file, the
current limit is in line with the 512-byte limit that UDP DNS
packets have; MaraDNS does not currently support DNS over TCP.
<p>Otherwise, this error message should not be visible. If it appears,
subscribe to
the mailing list (see above), and describe your problem by sending email to
<A href=mailto:list@maradns.org>list@maradns.org</A>. Be sure to include
the following information:
<ul><li>The contents of your /etc/mararc file
<li>The contents of any files in /etc/maradns
<li>The full output MaraDNS generates
</ul>
<A NAME=rrany>
<H2>11. I am trying to register a domain under the .au or the .de name space,
and my registrar is not taking my domain name</H2>
<p>Both the German registrar and the Australian registrars require a RR_ANY
request to return NS and SOA records. MaraDNS can do this if you add the
following line to your mararc file:<p>
<tt>default_rrany_set = 15</tt>
<A NAME=netstat>
<H2>12. After I start MaraDNS, I can not see the process when I run netstat -na
</H2>
Udp services do not have a prominent "LISTEN" when netstat is run.
<p>
When MaraDNS is up, the relevant line in the netstat output looks
like this:
<tt>
udp 0 0 127.0.0.4:53 0.0.0.0:*
</tt>
<p>
While on the topic of netstat, if you run <TT>netstat -nap</TT> as root,
you can see the names of the processes which are providing internet
services.
<A NAME=jsstr>
<H2>13. What string library does MaraDNS use?</H2>
<p>MaraDNS uses her own string library, which is called the "js_string"
library. Man pages for most of the functions in the js_string library
are in the folder <tt>doc/man</tt> of the <A href=download.html>MaraDNS
distribution</A>
<A NAME=license>
<H2>14. Why is MaraDNS public domain instead of BSD or GPL licensed?</H2>
<p>The post-1.0.xx releases of MaraDNS are, in fact, under a simple
BSD license (without any "obnoxious" advertising clause).
<p>I used a public domain (non-)license so that MaraDNS could be integrated
with Python without trouble. While
Python is, I believe, currently GPL compatible, Python was not
GPL-compatible at the time I decided on a license for MaraDNS.
<A name=thythreads>
<H2>15. Why does MaraDNS use a multi-threaded model?</H2>
<p>The multi-threaded model is, plain and simple, the simplest way to write
a functioning recursive DNS server. There is a reason why MaraDNS, pdnsd, and
BIND 9 all use the multi-threaded model.
<A NAME=wishlist>
<H2>16. I feel that XXX feature should be added to MaraDNS</H2>
<p>
Before sending mail to the list with a feature request, please read
the UNIMPLEMENTED FEATURES section of the MaraDNS man page, which has a
list of feature requests other people have already sent me. If you do not
see your requested feature in this section of the man page, send an email to
the mailing list so that I can add your feature request to the
UNIMPLEMENTED FEATURES section of the MaraDNS man page.
<p>
Feature requests which include a patch which implements the feature in
question are may even be implemented by MaraDNS, as long as the patch comes
with a declaration that the patch is public domain.
<p>
Note that MaraDNS is currently "frozen". In other words, new features will
not be added until after the 1.0 release.
<A NAME=docbook>
<H2>17. I feel that MaraDNS should use another documentation format</H2>
<p>
The reason that MaraDNS uses its own documentation format is to satisfy both
the needs of translators to have a unified document format and my own
need to use a documentation format that is simple enough to be readily
understood and which I can add features on an
as needed basis.
<p>
The documentation format is essentially simplified HTML with some
special tags added to meet MaraDNS' special needs.
<p>
For people who prefer other formats of documentation, I am open to
making filters which convert from MaraDNS' own "EJ" documentation format
to the format in question after MaraDNS 1.0 is released.
<p>
Having a given program have its own documentation format is not
without precedent; Perl uses its own "pod" documentation format.
<A NAME=patch>
<H2>18. Is there any process I need to follow to add a patch to MaraDNS?</H2>
<p>Yes.
<p>Here is the procedure for making a proper patch:
<p>
<ul>
<li>Enter the directory that the file is in, for example
<tt>maradns-0.9.20/server</tt>
<li>Copy over the file that you wish to modify to another file
name. For example: <tt>cp MaraDNS.c MaraDNS.c.orig</tt>
<li>Edit the file in question, e.g: <tt>vi MaraDNS.c</tt>
<li>After editing, do something like this: <br><tt>
diff -u MaraDNS.c.orig MaraDNS.c > maradns.patch</tt>
<li>Make sure the modified version compiles cleanly
</ul>
Send a patch to me in email, along with a statement that you place
the contents of the patch in to the public domain. If I find that the patch
works well, I will integrate it in to MaraDNS.
<A NAME=primary>
<H2>19. Can MaraDNS act as a primary nameserver?</H2>
<p>Yes.
<p>The <tt>zoneserver</tt> program serves zones so that other DNS servers
can be secondaries for zones which MaraDNS serves. This is a separate
program from the <tt>maradns</tt> server, which processes both
authoritative and recursive UDP DNS queries.
<A NAME=secondary>
<H2>20. Can MaraDNS act as a secondary nameserver?</H2>
<p>Yes.
<p>The 'getzone' program obtains zone files from remote DNS servers,
outputting the contents of the zone file in MaraDNS' "csv1" zone
file format. This program can be run from cron. If one desires
more BIND-like functionality, getzone can be wrapped in a
shell script that uses askmara to look at the SOA record to see if
the serial number of the zone has changed.
<p>I feel that the traditional DNS design of having a single application
both serve DNS records and handle the maintenance of zone files is
not ideal; the best design is to have a number of simple applications
working together.
<A NAME=auth>
<H2>21. What is the difference between an authoritative and a recursive DNS
server?</H2>
A recursive DNS server is a DNS server that is able to contact other DNS
servers in order to resolve a given domain name label. This is the kind
of DNS server one points to in /etc/resolve.conf
<p>
An authoritative DNS server is a DNS server that a recursive server
contacts in order to find out the answer to a given DNS query.
<A NAME=bailiwick>
<H2>22. The getzone client isn't allowing me to add certain hostnames to
my zone</H2>
For security reasons, MaraDNS' getzone client does not
add records which are not part of the zone in question. For example,
if someone has a zone for example.com, and this record in the zone:
<p>
<tt>
P1.1.1.10.in-addr.arpa.|86400|dns.example.com.
</tt>
<p>
MaraDNS will not add the record, since the record is out-of-bailiwick. In
other words, it is a host name that does not end in .example.com.
<p>
There are two workarounds for this issue:
<UL>
<LI>Create a zone file for 1.1.10.in-addr.arpa., and put the PTR records
there.
<LI>Use rcp, rsync, or another method to copy over the zone files in
question.
</UL>
<A NAME=kosherzone>
<H2>23. I have having problems transferring zones from MaraDNS' zone server
to a BIND zone transfer client</H2>
<p>BIND is rather picky about what kind of data it will accept from
a zone server. Make sure the following is true with your domain:
<ul>
<li>Make sure that the authoritative NS records are at the top of your
zone, immediately after the SOA record
<li>Make sure that your authoritative NS records are NS records
for your zone
<li>To work around <A href=quirks.html>a known bug in MaraDNS</a>, make
sure you have at least one non-NS record between the authoritative NS
records for your zone and any delegation NS records that exist in the
zone.
</ul>
<p>
Here is an example bad zone file:
<PRE>
Sexample.com.|86400|example.com.|hostmaster@example.com.|1|86400|3600|6048000|86400
Nbad.example.com.|86400|ns1.example.com.
Nbad.example.com.|86400|ns2.example.com.
Nsubdomain.example.com.|86400|ns.subdomain.example.com.
Aexample.com.|12345|10.2.3.4
</PRE>
<p>
Here is the same zone file, with corrections:
<PRE>
Sexample.com.|86400|example.com.|hostmaster@example.com.|1|86400|3600|6048000|86400
Nexample.com.|86400|ns1.example.com.
Nexample.com.|86400|ns2.example.com.
Aexample.com.|12345|10.2.3.4
Nsubdomain.example.com.|86400|ns.subdomain.example.com.
</PRE>
<A NAME=portable>
<H2>24. Is MaraDNS portable?</H2>
<p>While I intend to have MaraDNS be a portable DNS server which will
compile on a variety of unices, right now all of MaraDNS's work development
is being done on Linux.
In terms of proprietary OSes, I know that SCO Open Server,
SCO UNIXware and <A href=solaris.html>Solaris</A> have issues running a
UDP or TCP server in a chroot() environment. Word is that, with
Solaris and UNIXware, placing /dev/tcp and /dev/udp in the chroot() jail
will allow a server like MaraDNS to function.
<A NAME=openbsd>
<H2>25. How do I compile MaraDNS on OpenBSD?</H2>
<p>
There are two ways to do this:
<P>
To use the native thread support add -pthread to the CFLAGS variable.
<P>
To use the GNU pthread library, install the pth package and add
-L/usr/local/lib/pth to the linker.
<P>
(Florin Iucha provided this tip)
<A NAME=cygwin>
<H2>26. Can I use MaraDNS in Windows?</H2>
<p>
Yes.
<p>
Provided, of course, that one has the Cygwin environment which emulates
a UNIX environment in Windows.
<p>
MaraDNS should now compile fine on Cygwin systems. If not, join the mailing
list and let me know; I will correct this FAQ entry.
<A NAME=upstream>
<H2>27. MaraDNS freezes up after being used for a while</H2>
If using your ISP's name servers or some other name servers which
are not, in fact, root name servers, please make sure that you are
using the upstream_servers dictionary variable instead of the
root_servers dictionary variable.
<p>
If you still see MaraDNS freeze up after making this correction, please
send a bug report to the mailing list.
<A NAME=python>
<H2>28. What kind of Python integration does MaraDNS have</H2>
The mararc file uses the same syntax that Python uses; in fact, Python
can parse a properly formatted mararc file.
<p>
There is currently no other integration with Python.
<A NAME=kvar>
<H2>29. Doesn't "kvar" mean "four" in Esperanto?</H2>
Indeed, it does. However the use of "kvar" in the MaraDNS source
code only coincidentally is an Esperanto word. "kvar" is short
for "Kiwi variable"; a lot of the parsing code comes from the code
used in the Kiwi spam filter project.
<A NAME=timestamp>
<H2>30. How do I make MaraDNS' time stamps human-readable?</H2>
MaraDNS uses standard UNIX timestamps; which is the number of
seconds since Midnight, January 1, 1970.
<p>
To make MaraDNS' time stamps human readable, use this awk script:
<pre>
maradns -f /etc/maradns | awk '
/Timestamp/{
gsub(/Timestamp: ([0-9]+)/,
strftime("%a, %d %b %Y %H:%M:%S",$2),$0)}
{print}' >> logfile
</pre>
The MaraDNS startup script has the option to use this Awk script
to convert the time stamp; read the script for details.
<p>
<h1>BUGS</h1>
The maximum allowed number of threads is 500; this is a hard limit because
there may be problems with some pthreads implementations causing MaraDNS to
hang if this number is higher.
<p>
The system startup script included with MaraDNS assumes that the only
MaraDNS processes running are started by the script; it stops <i>all</i>
MaraDNS processes running on the server when asked to stop MaraDNS.
<p>
When a resolver asks for an A record, and the A record is a CNAME
which points to a list of IPs, MaraDNS' recursive resolver only
returns the first IP listed along with the CNAME.
<p>
When a resolver asks for an A record, and the A record is a CNAME
that points to another CNAME (and possibly a longer CNAME chain), while
MaraDNS returns the correct IP (as long as the glueless level is not
exceeded), MaraDNS will incorrectly state that the first CNAME in the
chain directly points to the IP.
<p>
If a NS record points to a list of IPs, and the NS record in quesiton
is a "glueless" record (MaraDNS had to go back to the root servers to
find out the IP of the machine in question), MaraDNS' recursive resolver
only uses the first listed IP as a name server.
<p>
When MaraDNS' recursive resolver recives a "host not there" reply,
instead of using the SOA minimum of the "host not there" reply as
the TTL (Look at RFC1034 §4.3.4), MaraDNS uses the TTL of the SOA
reply.
<p>
MaraDNS keeps referral NS records in the cache for one day instead of
the TTL specified by the remote server.
<p>
MaraDNS has very limited support for DNS data over TCP. In particular,
MaraDNS only uses DNS-over-TCP for zone transfers, which is handled by
the companion program <b>zoneserver</b> (see <b>zoneserver(8)</b> for
usage information), and only allows authorized IPs to make zone transfer
requests.
<p>
MaraDNS handles the "any record" (255) request by only returning A and MX
records (optionally: NS and SOA records), instead of sending all of the
records assosciated with a given host name. The only places where I have
seen the "any record" query used is by MTAs, and by the .au and .de
registrars. In recursive mode, a request for "any record" is translated
in to separate A and MX requests, which MaraDNS subsequently concatenates
together.
<p>
MaraDNS never returns a NXDOMAIN (nothing in the answer section, SOA in
the authority section, result code of "name error" [3]). If a given
domain node label does not exist for any RR, MaraDNS will still
return a "no host" (nothing in the answer section, SOA in the authority
section, 0 result code), implying that the host name exists for at
least one RR type.
<p>
MaraDNS does not use the zone file ("master file") format specified in
chapter 5 of RFC1035.
<p>
If a wildcard MX record exists in the form "*.example.com", and
there is an A record for "www.example.com", but no MX record for
"www.example.com", the correct behavior (based on RFC1034 §4.3.3)
is to return "no host" (nothing in the answer section, SOA in the
authority section, 0 result code) for a MX request to "www.example.com".
Instead, MaraDNS returns the MX record attached to "*.example.com".
<p>
Star records (what RFC1034 calls "wildcards") can not be attached to
NS records.
<p>
MaraDNS' recursive resolver does not perform TTL aging; while MaraDNS will
expire a record TTL seconds after adding a record to her cache, the TTL
that MaraDNS' recursive resolver displays is always the TTL the authoritative
server gave MaraDNS. This means that records will stay in the cache longer
than the original domain name owner may desire if one is using upstream
or downstream dns servers.
<p>
MaraDNS recursive resolver treats any TTL shorter than min_ttl seconds
(min_ttl_cname seconds when the record is a CNAME record)
as if the TTL in question was min_ttl (or min_ttl_cname) seconds long when
determining when to expire a record from MaraDNS' cache.
<p>
TTLs which are shorter than 20 seconds long are given a TTL of 20
seconds; TTLs which are more than 63072000 (2 years) long are given
a TTL of 2 years.
<p>
MaraDNS' recursive resolver's method of deleting not recently accessed
records from the cache when the cache starts to fill up can deleted records
from the cache before they expire. Some people consider this undesirable
behavior; I feel it is necessary behavior if one wishes to place a limit on
the memory resources a DNS server may use.
<p>
MaraDNS' recursive resolver stops resolving when it finds an answer in the
AR section. This is a problem in the case where a given host name and IP
is registered with the root name servers, and the registered IP is out of
date. When this happens, a server "closer" to the root server will give
an out-of-date IP, even though the authoritative DNS servers for the
host in question have the correct IP. Note that resolving this will
result in increased DNS traffic.
<p>
MaraDNS, like every other known DNS implementation, only supports a
QDCOUNT of 0 or 1.
<p>
MaraDNS does not send more than one DNS packet to a given DNS server when
processing a DNS request; this is not a serious problem because most
client implenetations send multiple DNS packets to a recurisve DNS server
when processing a DNS request.
<p>
MaraDNS spawns a new thread for every single recursive DNS request
when the data in question is not in MaraDNS' cache; this
makes MaraDNS an excellent stress tester for pthread implementations.
Many pthread implementations can not handle this kind of load;
symptoms include high memory usage and termination of the MaraDNS
process.
<p>
MaraDNS does not handle the case of a glueless in-bailiwick NS referral
very gracefully; this usually causes the zone pointed to by the offending
NS record to be unreachable by MaraDNS, even if other DNS servers for
the domain have correct NS referrals.
<h1>UNIMPLEMENTED FEATURES</h1>
<i>These are features which will not be implemented in the 1.0 release
of MaraDNS:</i>
<p>
MaraDNS does not become a daemon. One can use a
shell with job control functionality to make MaraDNS a daemon process,
e.g:
<blockquote>
<pre>
nohup maradns > /dev/null &
</pre>
</blockquote>
<p>
MaraDNS does not use <i>syslog</i>
or any other logging facility to log messages that MaraDNS generates.
Instead, the messages are logged to standard output. One can use
a shell's output redirection to log messages to a file, e.g:
<blockquote>
<pre>
touch /var/log/maradns
nohup maradns >> /var/log/maradns &
</pre>
</blockquote>
MaraDNS does not have a "fully qualified host name" record, which would
automagically create a PTR record from an A record.
<p>
MaraDNS does not have support for a "default" zone, which would allow
one to add zones without needing to change MaraDNS configuration files.
<p>
MaraDNS, like every other known free DNS server implementation, does not
have SQL support.
<p>
MaraDNS does not have a disk-based caching scheme for authoritative
zones.
<p>
MaraDNS' UDP server only loads zone files while MaraDNS is first started.
UDP Zone information can only be updated by stopping MaraDNS, and restarting
MaraDNS again. Note that TCP zone files are loaded from the filesystem
at the time the client requests a zone.
<p>
MaraDNS does not have support for allowing given host names to only
resolve for a limited range of IPs querying the DNS server, or for host
names to resolve differently, depending on the IP querying the host name.
<p>
MaraDNS does not support IPv6.
<p>
MaraDNS has no signal handlers. Sending a HUP signal to MaraDNS terminates
the MaraDNS process instead of telling MaraDNS to reload the configuration
files.
<p>
With the exception of the ability to decompress some RR types not present in
RFC1035, MaraDNS does not support any DNS features which are not present
in RFC1034 and RFC1035.
<p>
MaraDNS, in accordance with RFC1034 §4.3.3, only allows wildcards
at the beginning of a host name. E.g. names with wildcards like
"foo.*.example.com" or "www.*" will not work.
<p>
<p>
MaraDNS does not have support for MRTG or any other SNMP-based logging
mechanism. In fact, MaraDNS does not even use syslog().
<h1>LEGAL DISCLAIMER</h1>
THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
<h1>AUTHORS</h1>
Sam Trenholme (<A href=http://www.samiam.org/>http://www.samiam.org</a>) is
responsible for this man page.
<p>
MaraDNS is written by me, Sam Trenholme, with a little help from my
friends. Naturally, all errors in MaraDNS are my own (but read the
disclaimer above).
<p>
Here is a partial list of people who have provided assistance:
<p>
Franky Van Liedekerke has provided much invaluable assistance. As just one
example, he provided invaluable assistance in getting MaraDNS to compile on
Solaris. In addition, he has provided much valuable SQA help.
<p>
Thomas Seyrat has provided French translations of the MaraDNS documentation.
<p>
Christian Kurz, who has provided invaluable bug reports, especially
when I had to re-implement the core hashing algorithm.
<p>
Remmy, who is providing both the web space and a mailing list
for maradns.org.
<p>
Phil Homewood, who provided invaluable assistance with finding and fixing
bugs in the authoritative portion of the MaraDNS server. He helped me
plug memory leaks, find uninitialized variables being used, and found a
number of bugs I was unable to find.
<p>
Albert Prats kindly provided Spanish translations for various text files.
<p>
Shin Zukeran provided a patch to recursive.c which properly makes a normal
null-terminated string from a js_string object, to send as an argument to
open() so we can get the rijndael key for the PRNG.
<p>
D Richard Felker III has provided invaluable bug reports. By looking at his
bug reports, I have been able to hunt down and fix many problems that the
recursive nameserver had, in addition to at least one problem with the
authoritative nameserver.
<p>
Ole Tange has also given me many valuable MaraDNS bug reports.
<p>
Florin Iucha provided a tip in the FAQ for how to compile MaraDNS on
OpenBSD.
<p>
Roy Arends (one of the BIND developers, as it turns out) found a serious
security problem with MaraDNS, where MaraDNS would answer answers, and
pointed it out to me.
<p>
Code used as the basis for the psudo-random-number generator was written
by Vincent Rijmen, Antoon Bosselaers, and Paulo Barreto. I appreciate
these programmers making the code public domain, which is the only license
under which I can add code to MaraDNS under.
<p>
I also appreciate the work of Dr. Brian Gladman and Fritz Schneider,
who have both written independent implementations of AES from which I
obtained test vectors. With the help of their hard work, I was able to
discover a subtle security problem that previous releases of MaraDNS
had.
</BODY></HTML>
