<!-- Do *not* edit this file; it was automatically generated by ej2html Look for a name.ej file with the same name as this filename --> <!-- Last updated Fri Feb 28 02:23:31 2003 --> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=utf-8"> </HEAD><BODY > <pre> Erre con erre cigarro Erre con erre barril Rápido ruedan los carros En el ferrocarril </pre> <h1>NAME</h1> maradns - DNS server <h1>SYNOPSIS</h1> <b>maradns [ -v | -f mararc_file_location ]</b> <h1>TABLE OF CONTENTS</h1> This man page has the following sections: <blockquote> <pre> Name Synopsis Table of Contents Description Usage Firewall Configuration Frequently Asked Questions Bugs Unimplemented Features Legal Disclaimer Authors </pre> </blockquote> <H1>DESCRIPTION</H1> <b>maradns</b> is a DNS server written with security, simplicity, and performance in mind. <p> <b>maradns</b> has two forms of arguments, both of which are optional. <p> The first is the location of a <b>mararc</b> file which MaraDNS obtains all configuration information from. The default location of this file is <b>/etc/mararc</b>. This is specified in the form <b>maradns -f mararc_file_location</b>; <i>mararc_file_location</i> is the location of the mararc file. <p> It is also possible to have MaraDNS display the version number and exit. This is specified by invoking maradns in the form <b>maradns -v</b> or <b>maradns --version</b> <H1>USAGE</H1> If MaraDNS is functioning only as a recursive nameserver, just one file needs to be set up: The mararc file. <p> In order for MaraDNS to function as an authoritative nameserver, two or more files need to be set up: the mararc file and one or more "csv1" zone files. <p> The configuration formation of a csv1 zone file can be obtained from the <b>csv1(5)</b> manual page. The configuration format of the mararc file can be obtained from the <b>mararc(5)</b> manual page. <h1>FIREWALL CONFIGURATION</h1> If MaraDNS is being used as an authoritative nameserver, allow UDP connections from all hosts on the internet to UDP port 53 for the IP that the authoritative nameserver uses. <p> If MaraDNS is being used as a recursive nameserver, the firewall needs to allow the following packets to go to and from the IP the recursive nameserver uses: <ul> <li> Allow UDP connections from the MaraDNS-running server to any machine on the internet where the UDP destination port is 53 <li> Allow UDP connections from any machine on the internet to the IP of the recursive server, where the source port from the remote server is 53, and the destination port is between 15000 and 19095 (inclusive) <li> Allow UDP connections from IPs that use MaraDNS as a recursive DNS server to port 53 of the MaraDNS server </ul> MaraDNS uses a strong secure RNG for both the query (16 bits of entropy) and the source port of the query (12 bits of entropy). This makes spoofing replies to a MaraDNS server more difficult, since the attacker has only a one in 250 million chance that a given spoofed reply will be considered valid. <p> <h1>FREQUENTLY ASKED QUESTIONS</h1> <h2>INDEX</h2> <BLOCKQUOTE> 1. <A HREF=#tryout>How to I try out MaraDNS?</A> <P> 2. <A HREF=#license>What license is MaraDNS released under?</A><P> 3. <A HREF=#ips>How do I get MaraDNS to bind to multiple IP addresses?</A><P> 4. <A HREF=#ipsbug>How come BIND 9 can not process MaraDNS queries when MaraDNS is bound to multiple IP addresses?</A><P> 5. <A HREF=#bugzilla>How do I report bugs in MaraDNS?</A><P> 6. <A HREF=#chatter>Some of the postings to the mailing list do not talk about MaraDNS!</A><P> 7. <A HREF=#unsub>How to I get off the mailing list?</A><P> 8. <A HREF=#rdns>How do I set up reverse DNS on MaraDNS?</A><P> 9. <A HREF=#timeout>I am on a slow network, and MaraDNS can not process recursive queries</A><P> 10. <A HREF=#obtuse>When I try to run MaraDNS, I get a <tt>Fatal error: Error running populate_main program</tt> or a <tt>Fatal error: init_cache() failed</tt> error message.</A><P> 11. <A HREF=#rrany>I am trying to register a domain under the .au or the .de name space,and my registrar is not taking my domain name</A><P> 12. <A HREF=#netstat>After I start MaraDNS, I can not see the process when I run netstat -na</A><P> 13. <A HREF=#jsstr>What string library does MaraDNS use?</A><P> 14. <A HREF=#license>Why is MaraDNS public domain instead of BSD or GPL licensed?</A><P> 15. <A HREF=#whythreads>Why does MaraDNS use a multi-threaded model?</A><P> 16. <A HREF=#wishlist>I feel that XXX feature should be added to MaraDNS</A><P> 17. <A HREF=#docbook>I feel that MaraDNS should use another documentation format</A><P> 18. <A HREF=#patch>Is there any process I need to follow to add a patch to MaraDNS?</A><P> 19. <A HREF=#primary>Can MaraDNS act as a primary nameserver?</A><P> 20. <A HREF=#secondary>Can MaraDNS act as a secondary nameserver?</A><P> 21. <A HREF=#auth>What is the difference between an authoritative and a recursive DNS server?</A><P> 22. <A HREF=#bailiwick>The getzone client isn't allowing me to add certain hostnames to my zone</A><P> 23. <A HREF=#kosherzone>I have having problems transferring zones from MaraDNS' zone server to a BIND zone transfer client</A><P> 24. <A HREF=#portable>Is MaraDNS portable?</A><P> 25. <A HREF=#openbsd>How do I compile MaraDNS on OpenBSD?</A><P> 26. <A HREF=#cygwin>Can I use MaraDNS in Windows?</A><P> 27. <A HREF=#upstream>MaraDNS freezes up after being used for a while</A><P> 28. <A HREF=#python>What kind of Python integration does MaraDNS have</A><P> 29. <A HREF=#kvar>Doesn't "kvar" mean "four" in Esperanto?</A><p> 30. <A HREF=#timestamp>How do I make MaraDNS' time stamps human-readable?</A><p> </BLOCKQUOTE> <H2>ANSWERS</H2> <A NAME=tryout> <H2>1. How to I try out MaraDNS?</H2> <p>Read the <A href=quickstart.html>quick start guide</A>, which is the file named 0QuickStart in the MaraDNS distribution. <p> <A NAME=license> <H2>2. What license is MaraDNS released under?</H2> <p>None, actually. MaraDNS is released to the public domain. <A NAME=ips> <H2>3. How do I get MaraDNS to bind to multiple IP addresses?</H2> <p> The current method is to run multiple copies of MaraDNS, each using its own mararc file. <p> E.g: <blockquote> <pre> maradns -f /etc/mararc.1 maradns -f /etc/mararc.2 etc. </pre> </blockquote> <p> If you just want to bind to all IP addresses your computer has, bind to the IP "0.0.0.0"; however this can cause problems. See the next question. <p> I don't think this will be too hard to correctly implement, since I already have code for specifying multiple IP addresses with the IP ACL code used by the zone server. Until then, I will add this workaround to the FAQ. <A NAME=ipsbug> <H2>4. How come BIND 9 can not process MaraDNS queries when MaraDNS is bound to multiple IP addresses?</H2> In certain cricumstances, when MaraDNS is bound to more than one IP address, the underlying OS will send the UDP reply with a different IP than the IP the UDP query was sent to. This will confuse BIND 9, since BIND 9's method for listening for requests that BIND has sent out expects the reply to come from the same IP that the request was sent to. <p> <A NAME=bugzilla> <H2>5. How do I report bugs in MaraDNS?</H2> <p> Before reporting a bug that MaraDNS has, please read the relevant man pages. The man pages should be installed when one installs MaraDNS, and, in addition, are available in the <tt>doc/man</tt> directory of the MaraDNS source tarball. (It is also possible that you are reading the man page right now) <p> Some MaraDNS man pages (namely, the man pages for <B>maradns</B>, <B>askmara</B>, <B>zoneserver</B>, and <B>mararc</B>) have a section, titled "BUGS", which list already known bugs which I feel are not important enough to fix before the 1.0 release of MaraDNS. Bug reports which mention one of these bugs will be cheerfully ignored (or given a polite "thanks for the report, in this man page the bug is already mentioned" message if I am in a particularly good mood). <p> Subscribe to the mailing list by sending mail to <A href=mailto:list-subscribe@maradns.org>list-subscribe@maradns.org</A> with "subscribe" as the subject line, and describe the bug by sending email to <A href=mailto:list@maradns.org>list@maradns.org</A>. <A NAME=chatter> <H2>6. Some of the postings to the mailing list do not talk about MaraDNS!</H2> In cases where I post something to the mailing list which does not directly talk about MaraDNS, the subject line will not have [MARA] in it, but will have some form of the word CHATTER in it. <P> This way, people who do not like this can set up mail filters to filter out anything that comes from this list and doesn't have [MARA] in the subject line, or simply unsubscribe from the list and read the list from the archives; if one needs to report a bug, they can subscribe to the list again, post their bug, then unsubscribe after a week. <P> Another option is to set up one's Freshmeat preferences to be notified in email every time I update MaraDNS at Freshmeat. This will give one email notice of any critical bug fixes without needing to be subscribed to the mailing list. <P> The web page <A href=http://www.maradns.org>http://www.maradns.org/</A> has a link to the mailing list archives. <A NAME=unsub> <H2>7. How to I get off the mailing list?</H2> Send an email to list-request@maradns.org with "unsubscribe" as the subject line. <A NAME=rdns> <H2>8. How do I set up reverse DNS on MaraDNS?</H2> By using PTR (pointer) records. For example, the PTR record which performs the reverse DNS lookup for the ip 1.2.3.4 looks like this in a CSV1 zone file: <blockquote> <tt> P4.3.2.1.in-addr.arpa.|86400|www.example.com. </tt> </blockquote> <A NAME=timeout> <H2>9. I am on a slow network, and MaraDNS can not process recursive queries</H2> MaraDNS, by default, only waits two seconds for a reply from a remote DNS server. This default can be increased by adding a line like this in the mararc file: <blockquote> <pre> timeout_seconds = 5 </pre> </blockquote> Note that making this too high will slow MaraDNS down when DNS servers are down, which is, alas, all too common on today's internet. <A NAME=obtuse> <H2>10. When I try to run MaraDNS, I get a <tt>Fatal error: Error running populate_main program</tt> or a <tt>Fatal error: init_cache() failed</tt> error message.</H2> <p>If a line in a mararc file is too long, you will see, before the "Fatal error: Error running populate_main program" message, a message showing you the line number which is too long and the filename with the offending line. While it is possible to increase this limit by changing the appropriate variable in the MaraDns.h file, the current limit is in line with the 512-byte limit that UDP DNS packets have; MaraDNS does not currently support DNS over TCP. <p>Otherwise, this error message should not be visible. If it appears, subscribe to the mailing list (see above), and describe your problem by sending email to <A href=mailto:list@maradns.org>list@maradns.org</A>. Be sure to include the following information: <ul><li>The contents of your /etc/mararc file <li>The contents of any files in /etc/maradns <li>The full output MaraDNS generates </ul> <A NAME=rrany> <H2>11. I am trying to register a domain under the .au or the .de name space, and my registrar is not taking my domain name</H2> <p>Both the German registrar and the Australian registrars require a RR_ANY request to return NS and SOA records. MaraDNS can do this if you add the following line to your mararc file:<p> <tt>default_rrany_set = 15</tt> <A NAME=netstat> <H2>12. After I start MaraDNS, I can not see the process when I run netstat -na </H2> Udp services do not have a prominent "LISTEN" when netstat is run. <p> When MaraDNS is up, the relevant line in the netstat output looks like this: <tt> udp 0 0 127.0.0.4:53 0.0.0.0:* </tt> <p> While on the topic of netstat, if you run <TT>netstat -nap</TT> as root, you can see the names of the processes which are providing internet services. <A NAME=jsstr> <H2>13. What string library does MaraDNS use?</H2> <p>MaraDNS uses her own string library, which is called the "js_string" library. Man pages for most of the functions in the js_string library are in the folder <tt>doc/man</tt> of the <A href=download.html>MaraDNS distribution</A> <A NAME=license> <H2>14. Why is MaraDNS public domain instead of BSD or GPL licensed?</H2> <p>The post-1.0.xx releases of MaraDNS are, in fact, under a simple BSD license (without any "obnoxious" advertising clause). <p>I used a public domain (non-)license so that MaraDNS could be integrated with Python without trouble. While Python is, I believe, currently GPL compatible, Python was not GPL-compatible at the time I decided on a license for MaraDNS. <A name=thythreads> <H2>15. Why does MaraDNS use a multi-threaded model?</H2> <p>The multi-threaded model is, plain and simple, the simplest way to write a functioning recursive DNS server. There is a reason why MaraDNS, pdnsd, and BIND 9 all use the multi-threaded model. <A NAME=wishlist> <H2>16. I feel that XXX feature should be added to MaraDNS</H2> <p> Before sending mail to the list with a feature request, please read the UNIMPLEMENTED FEATURES section of the MaraDNS man page, which has a list of feature requests other people have already sent me. If you do not see your requested feature in this section of the man page, send an email to the mailing list so that I can add your feature request to the UNIMPLEMENTED FEATURES section of the MaraDNS man page. <p> Feature requests which include a patch which implements the feature in question are may even be implemented by MaraDNS, as long as the patch comes with a declaration that the patch is public domain. <p> Note that MaraDNS is currently "frozen". In other words, new features will not be added until after the 1.0 release. <A NAME=docbook> <H2>17. I feel that MaraDNS should use another documentation format</H2> <p> The reason that MaraDNS uses its own documentation format is to satisfy both the needs of translators to have a unified document format and my own need to use a documentation format that is simple enough to be readily understood and which I can add features on an as needed basis. <p> The documentation format is essentially simplified HTML with some special tags added to meet MaraDNS' special needs. <p> For people who prefer other formats of documentation, I am open to making filters which convert from MaraDNS' own "EJ" documentation format to the format in question after MaraDNS 1.0 is released. <p> Having a given program have its own documentation format is not without precedent; Perl uses its own "pod" documentation format. <A NAME=patch> <H2>18. Is there any process I need to follow to add a patch to MaraDNS?</H2> <p>Yes. <p>Here is the procedure for making a proper patch: <p> <ul> <li>Enter the directory that the file is in, for example <tt>maradns-0.9.20/server</tt> <li>Copy over the file that you wish to modify to another file name. For example: <tt>cp MaraDNS.c MaraDNS.c.orig</tt> <li>Edit the file in question, e.g: <tt>vi MaraDNS.c</tt> <li>After editing, do something like this: <br><tt> diff -u MaraDNS.c.orig MaraDNS.c > maradns.patch</tt> <li>Make sure the modified version compiles cleanly </ul> Send a patch to me in email, along with a statement that you place the contents of the patch in to the public domain. If I find that the patch works well, I will integrate it in to MaraDNS. <A NAME=primary> <H2>19. Can MaraDNS act as a primary nameserver?</H2> <p>Yes. <p>The <tt>zoneserver</tt> program serves zones so that other DNS servers can be secondaries for zones which MaraDNS serves. This is a separate program from the <tt>maradns</tt> server, which processes both authoritative and recursive UDP DNS queries. <A NAME=secondary> <H2>20. Can MaraDNS act as a secondary nameserver?</H2> <p>Yes. <p>The 'getzone' program obtains zone files from remote DNS servers, outputting the contents of the zone file in MaraDNS' "csv1" zone file format. This program can be run from cron. If one desires more BIND-like functionality, getzone can be wrapped in a shell script that uses askmara to look at the SOA record to see if the serial number of the zone has changed. <p>I feel that the traditional DNS design of having a single application both serve DNS records and handle the maintenance of zone files is not ideal; the best design is to have a number of simple applications working together. <A NAME=auth> <H2>21. What is the difference between an authoritative and a recursive DNS server?</H2> A recursive DNS server is a DNS server that is able to contact other DNS servers in order to resolve a given domain name label. This is the kind of DNS server one points to in /etc/resolve.conf <p> An authoritative DNS server is a DNS server that a recursive server contacts in order to find out the answer to a given DNS query. <A NAME=bailiwick> <H2>22. The getzone client isn't allowing me to add certain hostnames to my zone</H2> For security reasons, MaraDNS' getzone client does not add records which are not part of the zone in question. For example, if someone has a zone for example.com, and this record in the zone: <p> <tt> P1.1.1.10.in-addr.arpa.|86400|dns.example.com. </tt> <p> MaraDNS will not add the record, since the record is out-of-bailiwick. In other words, it is a host name that does not end in .example.com. <p> There are two workarounds for this issue: <UL> <LI>Create a zone file for 1.1.10.in-addr.arpa., and put the PTR records there. <LI>Use rcp, rsync, or another method to copy over the zone files in question. </UL> <A NAME=kosherzone> <H2>23. I have having problems transferring zones from MaraDNS' zone server to a BIND zone transfer client</H2> <p>BIND is rather picky about what kind of data it will accept from a zone server. Make sure the following is true with your domain: <ul> <li>Make sure that the authoritative NS records are at the top of your zone, immediately after the SOA record <li>Make sure that your authoritative NS records are NS records for your zone <li>To work around <A href=quirks.html>a known bug in MaraDNS</a>, make sure you have at least one non-NS record between the authoritative NS records for your zone and any delegation NS records that exist in the zone. </ul> <p> Here is an example bad zone file: <PRE> Sexample.com.|86400|example.com.|hostmaster@example.com.|1|86400|3600|6048000|86400 Nbad.example.com.|86400|ns1.example.com. Nbad.example.com.|86400|ns2.example.com. Nsubdomain.example.com.|86400|ns.subdomain.example.com. Aexample.com.|12345|10.2.3.4 </PRE> <p> Here is the same zone file, with corrections: <PRE> Sexample.com.|86400|example.com.|hostmaster@example.com.|1|86400|3600|6048000|86400 Nexample.com.|86400|ns1.example.com. Nexample.com.|86400|ns2.example.com. Aexample.com.|12345|10.2.3.4 Nsubdomain.example.com.|86400|ns.subdomain.example.com. </PRE> <A NAME=portable> <H2>24. Is MaraDNS portable?</H2> <p>While I intend to have MaraDNS be a portable DNS server which will compile on a variety of unices, right now all of MaraDNS's work development is being done on Linux. In terms of proprietary OSes, I know that SCO Open Server, SCO UNIXware and <A href=solaris.html>Solaris</A> have issues running a UDP or TCP server in a chroot() environment. Word is that, with Solaris and UNIXware, placing /dev/tcp and /dev/udp in the chroot() jail will allow a server like MaraDNS to function. <A NAME=openbsd> <H2>25. How do I compile MaraDNS on OpenBSD?</H2> <p> There are two ways to do this: <P> To use the native thread support add -pthread to the CFLAGS variable. <P> To use the GNU pthread library, install the pth package and add -L/usr/local/lib/pth to the linker. <P> (Florin Iucha provided this tip) <A NAME=cygwin> <H2>26. Can I use MaraDNS in Windows?</H2> <p> Yes. <p> Provided, of course, that one has the Cygwin environment which emulates a UNIX environment in Windows. <p> MaraDNS should now compile fine on Cygwin systems. If not, join the mailing list and let me know; I will correct this FAQ entry. <A NAME=upstream> <H2>27. MaraDNS freezes up after being used for a while</H2> If using your ISP's name servers or some other name servers which are not, in fact, root name servers, please make sure that you are using the upstream_servers dictionary variable instead of the root_servers dictionary variable. <p> If you still see MaraDNS freeze up after making this correction, please send a bug report to the mailing list. <A NAME=python> <H2>28. What kind of Python integration does MaraDNS have</H2> The mararc file uses the same syntax that Python uses; in fact, Python can parse a properly formatted mararc file. <p> There is currently no other integration with Python. <A NAME=kvar> <H2>29. Doesn't "kvar" mean "four" in Esperanto?</H2> Indeed, it does. However the use of "kvar" in the MaraDNS source code only coincidentally is an Esperanto word. "kvar" is short for "Kiwi variable"; a lot of the parsing code comes from the code used in the Kiwi spam filter project. <A NAME=timestamp> <H2>30. How do I make MaraDNS' time stamps human-readable?</H2> MaraDNS uses standard UNIX timestamps; which is the number of seconds since Midnight, January 1, 1970. <p> To make MaraDNS' time stamps human readable, use this awk script: <pre> maradns -f /etc/maradns | awk ' /Timestamp/{ gsub(/Timestamp: ([0-9]+)/, strftime("%a, %d %b %Y %H:%M:%S",$2),$0)} {print}' >> logfile </pre> The MaraDNS startup script has the option to use this Awk script to convert the time stamp; read the script for details. <p> <h1>BUGS</h1> The maximum allowed number of threads is 500; this is a hard limit because there may be problems with some pthreads implementations causing MaraDNS to hang if this number is higher. <p> The system startup script included with MaraDNS assumes that the only MaraDNS processes running are started by the script; it stops <i>all</i> MaraDNS processes running on the server when asked to stop MaraDNS. <p> When a resolver asks for an A record, and the A record is a CNAME which points to a list of IPs, MaraDNS' recursive resolver only returns the first IP listed along with the CNAME. <p> When a resolver asks for an A record, and the A record is a CNAME that points to another CNAME (and possibly a longer CNAME chain), while MaraDNS returns the correct IP (as long as the glueless level is not exceeded), MaraDNS will incorrectly state that the first CNAME in the chain directly points to the IP. <p> If a NS record points to a list of IPs, and the NS record in quesiton is a "glueless" record (MaraDNS had to go back to the root servers to find out the IP of the machine in question), MaraDNS' recursive resolver only uses the first listed IP as a name server. <p> When MaraDNS' recursive resolver recives a "host not there" reply, instead of using the SOA minimum of the "host not there" reply as the TTL (Look at RFC1034 §4.3.4), MaraDNS uses the TTL of the SOA reply. <p> MaraDNS keeps referral NS records in the cache for one day instead of the TTL specified by the remote server. <p> MaraDNS has very limited support for DNS data over TCP. In particular, MaraDNS only uses DNS-over-TCP for zone transfers, which is handled by the companion program <b>zoneserver</b> (see <b>zoneserver(8)</b> for usage information), and only allows authorized IPs to make zone transfer requests. <p> MaraDNS handles the "any record" (255) request by only returning A and MX records (optionally: NS and SOA records), instead of sending all of the records assosciated with a given host name. The only places where I have seen the "any record" query used is by MTAs, and by the .au and .de registrars. In recursive mode, a request for "any record" is translated in to separate A and MX requests, which MaraDNS subsequently concatenates together. <p> MaraDNS never returns a NXDOMAIN (nothing in the answer section, SOA in the authority section, result code of "name error" [3]). If a given domain node label does not exist for any RR, MaraDNS will still return a "no host" (nothing in the answer section, SOA in the authority section, 0 result code), implying that the host name exists for at least one RR type. <p> MaraDNS does not use the zone file ("master file") format specified in chapter 5 of RFC1035. <p> If a wildcard MX record exists in the form "*.example.com", and there is an A record for "www.example.com", but no MX record for "www.example.com", the correct behavior (based on RFC1034 §4.3.3) is to return "no host" (nothing in the answer section, SOA in the authority section, 0 result code) for a MX request to "www.example.com". Instead, MaraDNS returns the MX record attached to "*.example.com". <p> Star records (what RFC1034 calls "wildcards") can not be attached to NS records. <p> MaraDNS' recursive resolver does not perform TTL aging; while MaraDNS will expire a record TTL seconds after adding a record to her cache, the TTL that MaraDNS' recursive resolver displays is always the TTL the authoritative server gave MaraDNS. This means that records will stay in the cache longer than the original domain name owner may desire if one is using upstream or downstream dns servers. <p> MaraDNS recursive resolver treats any TTL shorter than min_ttl seconds (min_ttl_cname seconds when the record is a CNAME record) as if the TTL in question was min_ttl (or min_ttl_cname) seconds long when determining when to expire a record from MaraDNS' cache. <p> TTLs which are shorter than 20 seconds long are given a TTL of 20 seconds; TTLs which are more than 63072000 (2 years) long are given a TTL of 2 years. <p> MaraDNS' recursive resolver's method of deleting not recently accessed records from the cache when the cache starts to fill up can deleted records from the cache before they expire. Some people consider this undesirable behavior; I feel it is necessary behavior if one wishes to place a limit on the memory resources a DNS server may use. <p> MaraDNS' recursive resolver stops resolving when it finds an answer in the AR section. This is a problem in the case where a given host name and IP is registered with the root name servers, and the registered IP is out of date. When this happens, a server "closer" to the root server will give an out-of-date IP, even though the authoritative DNS servers for the host in question have the correct IP. Note that resolving this will result in increased DNS traffic. <p> MaraDNS, like every other known DNS implementation, only supports a QDCOUNT of 0 or 1. <p> MaraDNS does not send more than one DNS packet to a given DNS server when processing a DNS request; this is not a serious problem because most client implenetations send multiple DNS packets to a recurisve DNS server when processing a DNS request. <p> MaraDNS spawns a new thread for every single recursive DNS request when the data in question is not in MaraDNS' cache; this makes MaraDNS an excellent stress tester for pthread implementations. Many pthread implementations can not handle this kind of load; symptoms include high memory usage and termination of the MaraDNS process. <p> MaraDNS does not handle the case of a glueless in-bailiwick NS referral very gracefully; this usually causes the zone pointed to by the offending NS record to be unreachable by MaraDNS, even if other DNS servers for the domain have correct NS referrals. <h1>UNIMPLEMENTED FEATURES</h1> <i>These are features which will not be implemented in the 1.0 release of MaraDNS:</i> <p> MaraDNS does not become a daemon. One can use a shell with job control functionality to make MaraDNS a daemon process, e.g: <blockquote> <pre> nohup maradns > /dev/null & </pre> </blockquote> <p> MaraDNS does not use <i>syslog</i> or any other logging facility to log messages that MaraDNS generates. Instead, the messages are logged to standard output. One can use a shell's output redirection to log messages to a file, e.g: <blockquote> <pre> touch /var/log/maradns nohup maradns >> /var/log/maradns & </pre> </blockquote> MaraDNS does not have a "fully qualified host name" record, which would automagically create a PTR record from an A record. <p> MaraDNS does not have support for a "default" zone, which would allow one to add zones without needing to change MaraDNS configuration files. <p> MaraDNS, like every other known free DNS server implementation, does not have SQL support. <p> MaraDNS does not have a disk-based caching scheme for authoritative zones. <p> MaraDNS' UDP server only loads zone files while MaraDNS is first started. UDP Zone information can only be updated by stopping MaraDNS, and restarting MaraDNS again. Note that TCP zone files are loaded from the filesystem at the time the client requests a zone. <p> MaraDNS does not have support for allowing given host names to only resolve for a limited range of IPs querying the DNS server, or for host names to resolve differently, depending on the IP querying the host name. <p> MaraDNS does not support IPv6. <p> MaraDNS has no signal handlers. Sending a HUP signal to MaraDNS terminates the MaraDNS process instead of telling MaraDNS to reload the configuration files. <p> With the exception of the ability to decompress some RR types not present in RFC1035, MaraDNS does not support any DNS features which are not present in RFC1034 and RFC1035. <p> MaraDNS, in accordance with RFC1034 §4.3.3, only allows wildcards at the beginning of a host name. E.g. names with wildcards like "foo.*.example.com" or "www.*" will not work. <p> <p> MaraDNS does not have support for MRTG or any other SNMP-based logging mechanism. In fact, MaraDNS does not even use syslog(). <h1>LEGAL DISCLAIMER</h1> THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <h1>AUTHORS</h1> Sam Trenholme (<A href=http://www.samiam.org/>http://www.samiam.org</a>) is responsible for this man page. <p> MaraDNS is written by me, Sam Trenholme, with a little help from my friends. Naturally, all errors in MaraDNS are my own (but read the disclaimer above). <p> Here is a partial list of people who have provided assistance: <p> Franky Van Liedekerke has provided much invaluable assistance. As just one example, he provided invaluable assistance in getting MaraDNS to compile on Solaris. In addition, he has provided much valuable SQA help. <p> Thomas Seyrat has provided French translations of the MaraDNS documentation. <p> Christian Kurz, who has provided invaluable bug reports, especially when I had to re-implement the core hashing algorithm. <p> Remmy, who is providing both the web space and a mailing list for maradns.org. <p> Phil Homewood, who provided invaluable assistance with finding and fixing bugs in the authoritative portion of the MaraDNS server. He helped me plug memory leaks, find uninitialized variables being used, and found a number of bugs I was unable to find. <p> Albert Prats kindly provided Spanish translations for various text files. <p> Shin Zukeran provided a patch to recursive.c which properly makes a normal null-terminated string from a js_string object, to send as an argument to open() so we can get the rijndael key for the PRNG. <p> D Richard Felker III has provided invaluable bug reports. By looking at his bug reports, I have been able to hunt down and fix many problems that the recursive nameserver had, in addition to at least one problem with the authoritative nameserver. <p> Ole Tange has also given me many valuable MaraDNS bug reports. <p> Florin Iucha provided a tip in the FAQ for how to compile MaraDNS on OpenBSD. <p> Roy Arends (one of the BIND developers, as it turns out) found a serious security problem with MaraDNS, where MaraDNS would answer answers, and pointed it out to me. <p> Code used as the basis for the psudo-random-number generator was written by Vincent Rijmen, Antoon Bosselaers, and Paulo Barreto. I appreciate these programmers making the code public domain, which is the only license under which I can add code to MaraDNS under. <p> I also appreciate the work of Dr. Brian Gladman and Fritz Schneider, who have both written independent implementations of AES from which I obtained test vectors. With the help of their hard work, I was able to discover a subtle security problem that previous releases of MaraDNS had. </BODY></HTML>