Good Day Everyone! I thought I'd share an OpenSource DNS system called MaraDNS with everyone. I never could figure out how to get BIND the Berkeley Internet Name Daemon configured. So, maybe others would find this of some use.
MaraDNS was written by Sam Trenholme. It is design to be an easy to use DNS server, that uses the minimun number of resources to act as full authoriative, recursive, caching name server. It only needs a 3 line configuration file to perform basic recursive caching. It features include a special string library which is resistant to buffer overflows. While it mandates running as an unprivileged user in a chroot() jail and protects itself from cache poisioning. It's designed to be small, secure. It can even be used in embedded applications and other environments where the server must use the absolute minimum number of resources possible. I been tracking and using MaraDNS since the 1.0 release, most users of MaraDNS are Linux users and a few BSD users. I thought if anyone was looking for a alternative to BIND, then MaraDNS is a great candidate. ========================================== knot in cables caused data stream to become twisted and kinked. http://groups.google.com/group/lispstl http://www.cwelug.org/ Patrick Pippen
MaraDNS an OpenSource Domain Name Service(DNS) First, I had trouble understanding all the complexity of the Berkeley Internet Name Daemon (BIND) configuration. So, I thought this might be of some use to others that prefer a secure DNS alternative. Installation & Configuration of MaraDNS. This how-to assumes a NetBSD install from pkgsrc. So update pkgsrc, if you haven't done so already. Maradns is also in the OpenBSD and FreeBSD packages collection. Thou Linux rpm's can be obtained at: http://sourceforge.net/project/showfiles.php?group_id=24033 or http://www.maradns.org/download.html Ready for a quick and easy DNS alternative then let's roll. $ cd /usr/pkgsrc/net/maradns $ make $ make install $ make clean Setting up a recursive(caching) server. This is the chroot directory maradns will run from. $ mkdir -p /etc/maradns/logger $ vi /etc/mararc This is maradns configuration file, below are it's config options. (Note: the documentation has more configuration options that mention here.) hide_disclaimer = "YES" no_fingerprint = 1 # disable MaraDNS fingerprint verbose_level = 3 # be verbose about query errors and log them. ipv4_bind_addresses = "192.168.15.1, 127.0.0.1" # address to listen on chroot_dir = "/etc/maradns" recursive_acl = "192.168.15.0/24, 127.0.0.1" # addresses that can access this server. upstream_servers["."] = "12.12.12.12" # your ISP's name server csv2 = {} csv2["domain.com."] = "db.domain.com" # our authoritative local zone file debug_msg_level = 0 # so no info about maradns will be made public. The default for debug_msg_level is 1 and in my opinion, it shouldn't give out information to the public about itself when making queries. The default gives out maradns version number. Consult the mararc man page for more variables that can be set. Let's create our local zone file which will be in /etc/maradns directory. vi /etc/maradns/db.domain.com papa.% 192.168.15.100 # client machine tango.% 192.168.15.120 # client machine zulu.% 192.168.15.1 # our dns cache machine The '%' will append domain.com to the above names when processing it's mara's shortcut for the lazy at heart.To add MX records you just need to add to the zone file these lines for each MX record serve. domain.com. MX 10 mail.domain.com. mail.domain.com. 192.168.15.130 This sets up mail for domain.com being mailed to mail.domain.com which has the ip address of 192.168.15.130. To be able to do reverse DNS lookups add to the zone file a PTR records. Which would look like this for our example domain. 100.15.168.192.in-addr-arpa. PTR papa.domain.com. 120.15.168.192.in-addr-arpa. PTR tango.domain.com. 130.15.168.192.in-addr-arpa. PTR mail.domain.com. 1.15.168.192.in-addr-arpa. PTR zulu.domain.com. To test it do: $ /usr/local/sbin/maradns Switch to another termial or xterm to see if it running and do a netstat -an (output edited for brevity) Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 127.0.0.1.53 *.* Look for this line, yes I see that the state isn't LISTEN udp services don't be in LISTEN state. To make this run on boot we need to edit the /etc/rc.local file and add this line. /etc/rc.local /usr/local/bin/duende /usr/local/sbin/maradns > /var/log/maradns.log 2>&1 The /var/log/maradns.log 2>&1 isn't really needed but I added it to catch any info that stdout and stderr might give out that you might would like to see. Be sure to create the /var/log/maradns.log file before rebooting. $ touch /var/log/maradns.log Administration Contents and permissions of /etc/maradns $ls -l /etc/maradns total 10 -rw-r--r-- 1 root wheel 59 Feb 28 16:44 db.domain.com drwxr-xr-x 2 root wheel 512 Feb 19 08:23 logger Next do some simple queries using askmara. $ askmara Ngoogle.com. $ askmara Nbsdforums.org. Maradns logs queries to /var/log/messages let's take a peek.(Again edited for brevity.) $ more /var/log/messages|egrep dns Jan 21 05:18:39 zulu /usr/local/sbin/maradns: Query from: 127.0.0.1 Ngoogle.com. Jan 21 05:18:39 zulu /usr/local/sbin/maradns: Log: Message received, processing Jan 21 05:19:03 zulu /usr/local/sbin/maradns: Query from: 127.0.0.1 Nbsdforums.com. Jan 21 05:19:03 zulu /usr/local/sbin/maradns: Log: Message received, processing If a weird crash or something uninspected happens to your server check your /var/log/maradns.log file which should be empty if everything is fine with your setup. $ ls -l /var/log/maradns.log -rw-r--r-- 1 root wheel 0 Mar 2 17:03 /var/log/maradns.log Firewall configuration. Simply don't allow outside IP addresses to hit the server on port 53 UDP. Allow them to hit this server on ports between 15000 - 19095 UDP where the source port from remote server is 53 UDP. Allow UDP connections from your clients on the lan that use the server's cache to hit port 53 UDP. Now, you're set reboot and you are good to go. I hope this you enjoyed reading this as much I as I enjoyed writing this. Note: Most of this was taken from the installation docs that come with MaraDNS. For more info about maradns check: http://www.maradns.org/index.html
_______________________________________________ CWE-LUG mailing list [email protected] http://www.cwelug.org/ http://www.cwelug.org/archives/ http://www.cwelug.org/mailinglist/
