pantz.org banner
Configuration for a MaraDNS name server on OpenBSD
Posted on 11-02-2005 23:13:00 UTC | Updated on 11-02-2005 23:13:00 UTC
Section: /software/maradns/ | Permanent Link

MaraDNS is a program that implements the Domain Name Service (DNS), an essential internet service. MaraDNS is intended for environments where a DNS server must be secure and where the server must use the absolute minimum number of resources possible. This install is for MaraDNS 1.0.28 done on OpenBSD 3.8. Your milage may very. The setup below is for an internal lan that needs a DNS cache and internal DNS zone just for a local lookup. This zone will not work on the Internet it's just for your local users ease of use.

1. Install the MaraDNS package from "packages" on your current distro.

pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/maradns-1.0.28.tgz

2. Copy the example "mararc" (below) to /etc/mararc.

###################################
# Maradns config
###################################

# Hide legal disclaimer
hide_disclaimer = "YES"

# Disable MaraDNS-specific figerprint
no_fingerprint = 0

# MaraDNS only returns A and MX =3
# MaraDNS to also return the NS and SOA records =15
default_rrany_set = 3

# The maximum number of records to display in a chain of records (list
# of records) for a given host name
max_chain = 8

# The maximum number of records to display in a list of records in the
# additional section of a query.  If this is any value besides one,
# round robin rotation is disabled (due to limitations in the current
# data structure MaraDNS uses)
max_ar_chain = 1

# The maximum number of records to show total for a given question
max_total = 20

# minimum time that an entry will stay in the cache.
min_ttl = 300

# minimum time that a CNAME entry will stay in the cache.
min_ttl_cname = 900

# maximum number of times MaraDNS will follow a CNAME record or a NS
# record with a glue A record.
max_glueless_level = 10

# maximum number of total queries MaraDNS will perform to look up a host
# name.
max_queries_total = 32

# amount of time MaraDNS will wait for a DNS server to respond before
# giving up
# and trying the next DNS server on a list.
timeout_seconds = 1

# Authoratative zone files
csv1 = {}
csv1["domain.lan."] = "db.domain.lan"

# The address this DNS server runs on.  The IP address "0.0.0.0" binds
# to all addresses that a given machine has.
bind_address = "10.0.10.10"

# The directory with all of the zone files
chroot_dir = "/etc/maradns"

# The numeric UID MaraDNS will run as
maradns_uid = 1002

# The maximum number of threads (or processes, with the zone server)
maxprocs = 96

# The number of messages we log to stdout
# 0: No messages except for fatal parsing errors and the legal
# disclaimer
# 1: Only startup messages logged (default)
# 2: Error queries logged
# 3: All queries logged (but not very verbosely right now)
verbose_level = 2

# Initialize the IP aliases variable
ipv4_alias = {}

# Recursive ACL: Who is allowd to perform recursive queries.
recursive_acl = "10.0.10.0/24"

# Random seed file: The file form which we read 16 bytes from to get the
# 128-bit random seed.
random_seed_file = "/dev/urandom"

# The maximum number of elements we can have in the cache.
maximum_cache_elements = 1024

# Your ISP's DNS servers (no spaces) 
upstream_servers = {}
upstream_servers["."] = "111.111.111.111,222.222.222.222,333.333.333.333"

# Use local root DNS servers instead of your ISP's.
# Find close ones to you from: http://www.root-servers.org/
#root_servers = {}
#root_servers["."] = "198.41.0.4,128.8.10.90,128.63.2.53"

3. Copy the example "db.domain.lan" (below) to /etc/maradns/db.domain.lan. Replace the example hosts with your hosts.

#####################################
#          db.domain.lan            #
#####################################
# Zone file for domain.lan (example file)

# The SOA record must be first, followed by all authoritative NS
# records for this zone.
Sdomain.lan.|86400|domain.lan.|[email protected].|19771108|7200|3600|604800|1800
#Ndomain.lan.|86400|ns1.domain.lan.
#Ndomain.lan.|86400|ns2.domain.lan.

# Some 'IN A' records
Agateway.domain.lan.|86400|192.168.0.1
Astorage.domain.lan.|86400|192.168.0.10
Aworkstation.domain.lan.|86400|192.168.0.20
Amythtv.domain.lan.|86400|192.168.0.30
Adhcp241.domain.lan.|86400|192.168.0.241
Adhcp242.domain.lan.|86400|192.168.0.242
Adhcp243.domain.lan.|86400|192.168.0.243
Adhcp244.domain.lan.|86400|192.168.0.244
Adhcp245.domain.lan.|86400|192.168.0.245

#Amx.domain.lan.|86400|10.1.2.4
#Ans1.domain.lan.|86400|10.0.0.1
#Ans2.domain.lan.|86400|192.168.0.1

# An 'IN MX' record
#@domain.lan.|86400|10|mx.domain.lan.

# An 'IN CNAME' record
#Cwww.domain.lan.|86400|domain.lan.

# An 'IN TXT' record
#Tdomain.lan.|86400|Example.com: Buy examples of products online!

# An 'A' record showing the use of percent as a shortcut for the name
# of this zone (in this case, 'domain.lan.')
#Aftp.%|3600|10.7.8.9

# A 'TXT' record showing the use of the backslash which allows any
# octal code in the record
#Tpercent.%|7200|Get 50\045 off all \%items\% at domain.lan!

# A 'PTR' record which, while marked as unauthoritative, allows this
# program to work with the obsolete tool nslookup when bound on IP 127.0.0.3
# NOTE: This record is not part of the domain.lan domain, and,
# therefore, can not be transferred with the getzone client
#P3.0.0.127.in-addr.arpa.|1234|nslookup.bug.workaround.
P1.0.168.192.in-addr.arpa.|86400|gateway.domain.lan.
P10.0.168.192.in-addr.arpa.|86400|storage.domain.lan.
P20.0.168.192.in-addr.arpa.|86400|workstation.domain.lan.
P30.0.168.192.in-addr.arpa.|86400|mythtv.domain.lan.
P241.0.168.192.in-addr.arpa.|86400|dhcp241.domain.lan.
P242.0.168.192.in-addr.arpa.|86400|dhcp242.domain.lan.
P243.0.168.192.in-addr.arpa.|86400|dhcp243.domain.lan.
P244.0.168.192.in-addr.arpa.|86400|dhcp244.domain.lan.
P245.0.168.192.in-addr.arpa.|86400|dhcp245.domain.lan.

4. Edit the files information to suit your needs.

5. Put the startup line at the bottom of /etc/rc.local so MaraDNS starts on reboot.

# MaraDNS server
if [ -x /usr/local/sbin/maradns ]; then
echo -n ' maradns'
/usr/local/sbin/maradns  >>/var/log/maradns &
fi

Reddit!

Related stories


RSS Feed RSS feed logo

About


3com

3ware

alsa

alsactl

alsamixer

amd

android

apache

areca

arm

ati

auditd

awk

badblocks

bash

bind

bios

bonnie

cable

carp

cat5

cdrom

cellphone

centos

chart

chrome

chromebook

cifs

cisco

cloudera

comcast

commands

comodo

compiz-fusion

corsair

cpufreq

cpufrequtils

cpuspeed

cron

crontab

crossover

cu

cups

cvs

database

dbus

dd

dd_rescue

ddclient

debian

decimal

dhclient

dhcp

diagnostic

diskexplorer

disks

dkim

dns

dos

dovecot

drac

dsniff

dvdauthor

e-mail

echo

editor

emerald

encryption

ethernet

expect

ext3

ext4

fat32

fedora

fetchmail

fiber

filesystems

firefox

firewall

flac

flexlm

floppy

flowtools

fonts

format

freebsd

ftp

gdm

gmail

gnome

google

gpg

greasemonkey

greylisting

growisofs

grub

hacking

hadoop

harddrive

hba

hex

hfsc

html

html5

http

https

hulu

idl

ie

ilo

intel

ios

iperf

ipmi

iptables

ipv6

irix

javascript

kde

kernel

kickstart

kmail

kprinter

krecord

kubuntu

kvm

lame

ldap

linux

logfile

lp

lpq

lpr

maradns

matlab

memory

mencoder

mhdd

mkinitrd

mkisofs

moinmoin

motherboard

mouse

movemail

mplayer

multitail

mutt

myodbc

mysql

mythtv

nagios

nameserver

netflix

netflow

nginx

nic

ntfs

ntp

nvidia

odbc

openbsd

openntpd

openoffice

openssh

openssl

openvpn

opteron

parted

partimage

patch

perl

pf

pfflowd

pfsync

photorec

php

pop3

pop3s

ports

postfix

power

procmail

proftpd

proxy

pulseaudio

putty

pxe

python

qemu

r-studio

raid

recovery

redhat

router

rpc

rsync

ruby

saltstack

samba

schedule

screen

scsi

seagate

seatools

sed

sendmail

sgi

shell

siw

smtp

snort

solaris

soundcard

sox

spam

spamd

spf

spotify

sql

sqlite

squid

srs

ssh

ssh.com

ssl

su

subnet

subversion

sudo

sun

supermicro

switches

symbols

syslinux

syslog

systemd

systemrescuecd

t1

tcpip

tcpwrappers

telnet

terminal

testdisk

tftp

thttpd

thunderbird

timezone

ting

tls

tools

tr

trac

tuning

tunnel

ubuntu

unbound

vi

vpn

wget

wiki

windows

windowsxp

wireless

wpa_supplicant

x

xauth

xfree86

xfs

xinearama

xmms

youtube

zdump

zeromq

zic

zlib