# Example mararc file
# The various zones we support
# First, we must initialize the csv1 hash, or things will fail with a
# (potentially) obscure error message
csv1 = {}
# This is just to show the format of the file
csv1["example.com."] = "db.example.com"
# The address this DNS server runs on. If you want to bind
# to all addresses a given machine has, use "0.0.0.0".
bind_address = "127.0.0.1"
# The directory with all of the zone files
chroot_dir = "/etc/maradns"
# The numeric UID MaraDNS will run as
maradns_uid = 99
# The maximum number of processes MaraDNS is allowed to use
maxprocs = 64
# The number of messages we log to stdout
# 0: No messages, except syntax error messages
# 1: Only startup messages logged (Default)
# 2: Error queries logged
# 3: All queries logged (not very verbosely right now)
verbose_level = 1
# Normally, MaraDNS has some MaraDNS-specific features, such as DDIP
# synthesizing, a special DNS query (erre-con-erre-cigarro.maradns.org.
# with a TXT query returns the version of MaraDNS that a server is
# running), unique handling of multiple QDCOUNTs, etc. Some people
# might not like these features, so I have added a switch that lets
# a sys admin disable all these features. Just give "no_fingerprint"
# a value of one here, and MaraDNS should be more or less
# indistinguishable from a tinydns server.
no_fingerprint = 0
# Normally, MaraDNS only returns A and MX records when given a
# QTYPE=* (all RR types) query. Changing the value of default_rrany_set
# to 15 causes MaraDNS to also return the MX and SOA records, which
# some registars require. The default value of this is 3
default_rrany_set = 3
# These constants limit the number of records we will display, in order
# to help keep packets 512 bytes or smaller. This, combined with
# round_robin record rotation, help to use DNS as a crude load-balancer.
# The maximum number of records to display in a chain of records (list
# of records) for a given host name
max_chain = 8
# The maximum number of records to display in a list of records in the
# additional section of a query. If this is any value besides one,
# round robin rotation is disabled (due to limitations in the current
# data structure MaraDNS uses)
max_ar_chain = 1
# The maximum number of records to show total for a given question
max_total = 20
# Initialize the IP aliases, which are used by the list of root
# name servers, the ACL for zone transfers, and the ACL of who
# gets to perform recursive queries
ipv4_alias = {}
# Various sets of root name servers
# Note: Netmasks can exist, but are ignored when specifying root
# name server
# ICANN, the most common and most controversial root name server
ipv4_alias["icann"] = "198.41.0.4,128.9.0.107,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,198.41.0.10,193.0.14.129,198.32.64.12,202.12.27.33"
# OSRC: http://www.open-rsc.org/
ipv4_alias["osrc"] = "199.166.24.1,205.189.73.102,199.166.24.3,204.80.125.130,207.126.103.16,195.117.6.10,199.166.31.3,199.166.31.250,199.5.157.128,205.189.73.10,204.57.55.100,213.196.2.97"
# AlterNIC: http://www.alternic.org/
ipv4_alias["alternic"] = "160.79.129.192,65.2.214.15,160.79.133.70,24.13.64.102,216.99.37.240,199.224.64.190,160.79.133.66,216.99.37.246,216.99.37.247"
# OpenNIC: http://www.opennic.unrated.net/
ipv4_alias["opennic"] = "209.21.75.51,216.74.72.7,216.74.72.8,209.21.75.53,209.104.33.250,209.104.63.249"
# Pacific Root: http://www.pacificroot.com/
ipv4_alias["pacificroot"] = "204.107.129.2,208.179.42.162,12.28.140.20,204.107.129.10,212.115.192.151,202.76.159.5,209.54.94.3,167.160.132.2"
# IRSC: http://www.irsc.ah.net/
ipv4_alias["irsc"] = "203.21.205.2,203.21.205.3,212.234.36.20,212.234.36.19,207.180.91.9,198.199.168.92,207.180.91.10"
# TINC: http://www.tinc-org.com/
ipv4_alias["tinc"] = "64.6.65.10,208.128.113.35,212.172.21.254,207.112.147.14,145.89.234.7,209.133.38.16"
# Super Root: http://www.superroot.org/
ipv4_alias["superroot"] = "195.117.6.10,199.166.31.3,199.5.157.128,205.189.73.10,199.166.31.250,199.166.24.1,205.189.73.102,199.166.24.3,204.80.125.130,207.126.103.16,204.57.55.100"
# Here is the ACL which restricts who is allowed to perform
# zone transfer from the zoneserver program
# VERY IMPORTANT: Do not put spaces in the zone_transfer_acl list
# Good: zone_transfer_acl = "office,home"
# Bad: zone_transfer_acl = "office, home"
# Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits
# in IP need to match) and 10.100.100.100/255.255.255.224
# (IP: 10.100.100.100, netmask 255.255.255.224) are allowed
# to connect to the zone server
# zone_transfer_acl = "10.1.1.1/24,10.100.100.100/255.255.255.224"
# More complex: We create two aliases: One called "office"
# and another called "home". We allow anyone in the office or
# at home to perform zone transfers
# ipv4_alias["office"] = "10.1.1.1/24"
# ipv4_alias["home"] = "10.100.100.100/255.255.255.224"
# zone_transfer_acl = "office,home"
# More complex then the last example. We have three employees,
# Susan, Becca, and Mia, whose computers we give zone transfer
# rights to. Susan and Becca are system administrators, and
# Mia is a developer. They are all part of the company. We
# give the entire company zone transfer access
# ipv4_alias["susan"] = "10.6.7.8/32" # Single IP allowed
# ipv4_alias["becca"] = "10.7.8.9" # also a single IP
# ipv4_alias["mia"] = "10.8.9.10/255.255.255.255" # 1 IP
# ipv4_alias["sysadmins"] = "susan,becca"
# ipv4_alias["devel"] = "mia"
# ipv4_alias["company"] = "sysadmins,devel"
# This is equivalent to the above line
# ipv4_alias["company"] = "susan,becca,mia"
# zone_transfer_acl = "company"
# Recursive ACL: Who is allowd to perform recursive queries.
# The format is identical to that of "zone_transfer_acl",
# including ipv4_alias support
# ipv4_alias["localhost"] = "127.0.0.0/8"
# recursive_acl = "localhost"
# Random seed file: The file form which we read 16 bytes from
# to get the 128-bit random Rijndael key. This is ideally a
# file which is a good source of random runbers, but can also be
# a fixed file if your OS does not have a decent random number
# generator (make sure the contents of that file is random and
# with 600 perms, owned by root, since we read the file *before*
# dropping root privledges)
# random_seed_file = "/dev/urandom"
# The maximum number of elements we can have in the cache. If
# we have more elements in the cache than this amount, the
# "custodian" kicks in to effect, removing elements at random from
# the cache (8 elements removed per query) until we are at the 99%
# level or so again.
# maximum_cache_elements = 1024
# The root servers which we use when making recursive queries.
# The following line must be uncommented to enable recursive queries
# root_servers = {}
# You can choose which set of root servers to use. Current
# values (set above) are: icann, osrc, alternic, opennic,
# pacificroot, irsc, tinc, and superroot.
# root_servers["."] = "osrc"
# You can tell MaraDNS to *not* query certain DNS servers when in
# recursive mode. This is mainly used to not allow spam-friendly
# domains to resolve, since spammers are starting to get in the habit
# of using spam-friendly DNS servers to resolve their domains, allowing
# them to hop from ISP to ISP. The format of this is the same as for
# zone_transfer_acl and recursive_acl
# As of August 12, 2001, azmalink.net is a known spam-friendly DNS
# provider (see doc/detailed/spammers/azmalink.net for details).
# Note that this is based on IPs, and azmalink.net constantly
# changes IPs (as they constantly have to change ISPs)
# Updated 2002/10/12 to reflect Azmalink's current ISP
ipv4_alias["azmalink"] = "12.164.194.0/24"
# As of September 20, 2001, hiddenonline.net is a known spam-friendly
# DNS provider (see doc/detailed/spammers/hiddenonline for details).
ipv4_alias["hiddenonline"] = "65.107.225.0/24"
spammers = "azmalink,hiddenonline"
