Thomas Give a try to the more recent version available here: http://leaf.sourceforge.net/devel/jnilo/testing/maradns.lrp and see if it fixes your pb Jacques Le Jeudi 20 Novembre 2003 06:43, Thomas V. Fischer a �crit : > Hey all, > I am having problems with MaraDNS. I have tried to set it up to serve my > dns names for the internal network and also act as a dns proxy. > The problem is that maradns stop serving the my dns names after about one > or two queries. I can't find anything in the log. > Here is the configuration > --------------------------------------------------------------------------- >- ----- > # Example mararc file (unabridged version) hide_disclaimer = "yes" > # The various zones we support > # We must initialize the csv1 hash, or MaraDNS will be unable to # load any > zone files > csv1 = {} > # This is just to show the format of the file # csv1["example.com."] = > "db.example.com" > # Here is a pointer to a zone file for example.com #csv1["example.com."] = > "db.example.com" > # > csv1["home.tvf-prod.com."] = "db.home.tvf-prod.com" > csv1["tvf-prod.com."] = "db.tvf-prod.com" > # The address this DNS server runs on. If you want to bind # to all > addresses a given machine has, use "0.0.0.0". > bind_address = "192.168.51.254" > # The directory with all of the zone files chroot_dir = "/etc/maradns" > # The numeric UID MaraDNS will run as > # Bering: use dnscache uid > maradns_uid = 1001 > # The (optional) numeric GID MaraDNS will run as maradns_gid = 100 > # The maximum number of threads (or processes, with the zone server) # > MaraDNS is allowed to run maxprocs = 96 > # It is possible to specify a different maximum number of processes that # > the zone server can run. If this is not set, the maximum number of # > processes that the zone server can have defaults to the 'maxprocs' value # > above # max_tcp_procs = 64 > # Normally, MaraDNS has some MaraDNS-specific features, such as DDIP # > synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org." > # with a TXT query returns the version of MaraDNS that a server is # > running), unique handling of multiple QDCOUNTs, etc. Some people # might > not like these features, so I have added a switch that lets # a sys admin > disable all these features. Just give "no_fingerprint" > # a value of one here, and MaraDNS should be more or less # > indistinguishable from a tinydns server. > no_fingerprint = 0 > # Normally, MaraDNS only returns A and MX records when given a # QTYPE=* > (all RR types) query. Changing the value of default_rrany_set # to 15 > causes MaraDNS to also return the NS and SOA records, which # some > registars require. The default value of this is 3 default_rrany_set = 3 > # These constants limit the number of records we will display, in order # > to help keep packets 512 bytes or smaller. This, combined with round_robin > # record rotation, help to use DNS as a crude load-balancer. > # The maximum number of records to display in a chain of records (list # of > records) for a given host name max_chain = 8 # The maximum number of > records to display in a list of records in the # additional section of a > query. If this is any value besides one, # round robin rotation is disabled > (due to limitations in the current # data structure MaraDNS uses) > max_ar_chain = 1 # The maximum number of records to show total for a given > question max_total = 20 > # The number of messages we log to stdout # 0: No messages except for fatal > parsing errors and the legal disclaimer # 1: Only startup messages logged > (default) # 2: Error queries logged # 3: All queries logged (but not very > verbosely right now) verbose_level = 2 > # Initialize the IP aliases, which are used by the list of root name > servers, # the ACL for zone transfers, and the ACL of who gets to perform > recursive # queries ipv4_alias = {} > # Various sets of root name servers > # Note: Netmasks can exist, but are ignored when specifying root name > server # ICANN: the most common and most controversial root name server # > http://www.icann.org ipv4_alias["icann"] = > "198.41.0.4,128.9.0.107,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241, >1 > 92.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,198.32.64. >1 2,202.12.27.33" > # OSRC: http://www.open-rsc.org/ > ipv4_alias["osrc"] = > "199.166.24.1,205.189.73.102,199.166.24.3,207.126.103.16,195.117.6.10,205.1 >8 9.73.10,204.57.55.100,213.196.2.97" > # AlterNIC: http://www.alternic.org/ > ipv4_alias["alternic"] = > "160.79.129.192,24.6.78.12,160.79.133.70,65.15.8.202,216.162.42.240,195.224 >. 64.190,160.79.133.66,216.162.42.185" > # OpenNIC: http://www.opennic.unrated.net/ ipv4_alias["opennic"] = > "131.161.247.226,209.151.84.102,64.247.218.140,64.247.218.149,209.104.33.25 >0 > ,209.104.63.249,209.151.84.103,199.175.137.211,207.6.128.246,65.243.92.254" > # Pacific Root: http://www.pacificroot.com/ # Disabled because Pacific Root > no longer runs traditional style root # servers #ipv4_alias["pacificroot"] > = > "204.107.129.2,208.179.42.162,12.28.140.20,204.107.129.10,212.115.192.151,2 >0 2.76.159.5,209.54.94.3,167.160.132.2" > # IRSC: http://www.irsc.ah.net/ > # This group was terminated January 2002 #ipv4_alias["irsc"] = > "203.21.205.2,203.21.205.3,212.234.36.20,212.234.36.19,207.180.91.9,198.199 >. 168.92,207.180.91.10" > # TINC: http://www.tinc-org.com/ > # On 2002/11/15, the tinc domain was owned by a domain squatter # The only > working server on this list is 145.89.234.7 #ipv4_alias["tinc"] = > "64.6.65.10,208.128.113.35,212.172.21.254,207.112.147.14,145.89.234.7,209.1 >3 3.38.16" > # Super Root: http://www.superroot.org/ > # They no longer use a traditional list of root servers > #ipv4_alias["superroot"] = > "199.5.157.128,199.166.24.12,199.166.28.10,5.189.73.10,199.166.31.250,199.1 >6 > 6.24.1,205.189.73.102,199.166.24.3,204.80.125.130,207.126.103.16,204.57.55. >1 00" > # End of list of root name server lists > # Here is a ACL which restricts who is allowed to perform zone transfer > from # the zoneserver program > # VERY IMPORTANT: Do not put spaces in the zone_transfer_acl list # Good: > zone_transfer_acl = "office,home" > # Bad: zone_transfer_acl = "office, home" > # Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits in IP need to > match) # and 10.100.100.100/255.255.255.224 (IP: 10.100.100.100, netmask # > 255.255.255.224) are allowed to connect to the zone server # NOTE: The > "maradns" program does not serve zones. Zones are served # by the > "zoneserver" program. > # zone_transfer_acl = "10.1.1.1/24,10.100.100.100/255.255.255.224" > # More complex: We create two aliases: One called "office" and another # > called "home". We allow anyone in the office or at home to perform zone # > transfers # ipv4_alias["office"] = "10.1.1.1/24" > ipv4_alias["home"] = "192.168.51.0/255.255.255.0" > zone_transfer_acl = "home" > # More complex then the last example. We have three employees, # Susan, > Becca, and Mia, whose computers we give zone transfer rights to. > # Susan and Becca are system administrators, and Mia is a developer. > # They are all part of the company. We give the entire company zone # > transfer access > # ipv4_alias["susan"] = "10.6.7.8/32" # Single IP allowed > # ipv4_alias["becca"] = "10.7.8.9" # also a single IP > # ipv4_alias["mia"] = "10.8.9.10/255.255.255.255" # Also a single IP > # ipv4_alias["sysadmins"] = "susan,becca" > # ipv4_alias["devel"] = "mia" > # ipv4_alias["company"] = "sysadmins,devel" > # This is equivalent to the above line > # ipv4_alias["company"] = "susan,becca,mia" > # zone_transfer_acl = "company" > # If you want to enable recursion on the loopback interface, uncomment # > the relevent lines in the following section > # Recursive ACL: Who is allowd to perform recursive queries. The format # > is identical to that of "zone_transfer_acl", including ipv4_alias support > ipv4_alias["localhost"] = "127.0.0.0/8" > recursive_acl = "localhost,home" > # Random seed file: The file from which we read 16 bytes from to get the # > 128-bit random Rijndael key. This is ideally a file which is a good source > # of random numbers, but can also be a fixed file if your OS does not have > # a decent random number generator (make sure the contents of that file is > # random and with 600 perms, owned by root, since we read the file *before* > # dropping root privledges) > random_seed_file = "/dev/urandom" > # The maximum number of elements we can have in the cache. If we have more > # elements in the cache than this amount, the "custodian" kicks in to > effect, # removing elements not recently accessed from the cache (8 > elements removed # per query) until we are at the 99% level or so again. > # maximum_cache_elements = 1024 > # It is possible to change the minimul "time to live" for entries in the # > cache; this is the minimum time that an entry will stay in the cache. > # Value is in seconds; default is 300 (5 minutes) # min_ttl = 300 # CNAME > records generally take more effort to resolve in MaraDNS than # non-CNAME > records; it is a good idea to make this higher then min_ttl # default value > is to be the same as min_ttl # min_ttl_cname = 900 > # The root servers which we use when making recursive queries. > # The following line must be uncommented to enable recursive queries > root_servers = {} > # You can choose which set of root servers to use. Current values (set > above) # are: icann, osrc, alternic, opennic, pacificroot, irsc, tinc, and > # superroot. This line must also be uncommented to enable recursive # > queries. root_servers["."] = "osrc" > # You can tell MaraDNS to *not* query certain DNS servers when in recursive > # mode. This is mainly used to not allow spam-friendly domains to resolve, > # since spammers are starting to get in the habit of using spam-friendly # > DNS servers to resolve their domains, allowing them to hop from ISP to # > ISP. The format of this is the same as for zone_transfer_acl and # > recursive_acl # For example, at the time of this document (August 12, > 2001), azmalink.net # is a known spam-friendly DNS provider (see > doc/detailed/spammers/azmalink.net > # for details.) Note that this is based on IPs, and azmalink.net constantly > # changes IPs (as they constantly have to change ISPs) # 2002/10/12: > Azmalink changed ISP again, this reflect their current ISP > #ipv4_alias["azmalink"] = "12.164.194.0/24" > # As of September 20, 2001, hiddenonline.net is a known spam-friendly # DNS > provider (see doc/detailed/spammers/hiddenonline for details). > #ipv4_alias["hiddenonline"] = "65.107.225.0/24" > #spammers = "azmalink,hiddenonline" > # It is also possible to change the maximum number of times MaraDNS will # > follow a CNAME record or a NS record with a glue A record. The default # > value for this is ten. > # max_glueless_level = 10 > # In addition, one can change the maximum number of total queries that # > MaraDNS will perform to look up a host name. The default value is 32. > # max_queries_total = 32 > # In addition, one can change the amount of time that MaraDNS will wait # > for a DNS server to respond before giving up and trying the next DNS # > server on a list. Note that, the larger this value is, the slower # MaraDNS > will process recursive queries when a DNS server is not # responding to DNS > queries. The default value is two seconds. > # timeout_seconds = 2 > > # And that does it for the caching at this point > ------------------------------------------------------------------------- > Thanks for your help > Thomas > > > Thomas Fischer, MCSE mailto:[EMAIL PROTECTED] > mailto:[EMAIL PROTECTED] > Apple, WinNT, e-Mail, Groupware > mailto:[EMAIL PROTECTED] > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
