pantz.org banner
Configuration for a MaraDNS name server on OpenBSD
Posted on 11-02-2005 23:13:00 UTC | Updated on 11-02-2005 23:13:00 UTC
Section: /software/maradns/ | Permanent Link

MaraDNS is a program that implements the Domain Name Service (DNS), an essential internet service. MaraDNS is intended for environments where a DNS server must be secure and where the server must use the absolute minimum number of resources possible. This install is for MaraDNS 1.0.28 done on OpenBSD 3.8. Your milage may very. The setup below is for an internal lan that needs a DNS cache and internal DNS zone just for a local lookup. This zone will not work on the Internet it's just for your local users ease of use.

1. Install the MaraDNS package from "packages" on your current distro.

pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/maradns-1.0.28.tgz

2. Copy the example "mararc" (below) to /etc/mararc.

###################################
# Maradns config
###################################

# Hide legal disclaimer
hide_disclaimer = "YES"

# Disable MaraDNS-specific figerprint
no_fingerprint = 0

# MaraDNS only returns A and MX =3
# MaraDNS to also return the NS and SOA records =15
default_rrany_set = 3

# The maximum number of records to display in a chain of records (list
# of records) for a given host name
max_chain = 8

# The maximum number of records to display in a list of records in the
# additional section of a query.  If this is any value besides one,
# round robin rotation is disabled (due to limitations in the current
# data structure MaraDNS uses)
max_ar_chain = 1

# The maximum number of records to show total for a given question
max_total = 20

# minimum time that an entry will stay in the cache.
min_ttl = 300

# minimum time that a CNAME entry will stay in the cache.
min_ttl_cname = 900

# maximum number of times MaraDNS will follow a CNAME record or a NS
# record with a glue A record.
max_glueless_level = 10

# maximum number of total queries MaraDNS will perform to look up a host
# name.
max_queries_total = 32

# amount of time MaraDNS will wait for a DNS server to respond before
# giving up
# and trying the next DNS server on a list.
timeout_seconds = 1

# Authoratative zone files
csv1 = {}
csv1["domain.lan."] = "db.domain.lan"

# The address this DNS server runs on.  The IP address "0.0.0.0" binds
# to all addresses that a given machine has.
bind_address = "10.0.10.10"

# The directory with all of the zone files
chroot_dir = "/etc/maradns"

# The numeric UID MaraDNS will run as
maradns_uid = 1002

# The maximum number of threads (or processes, with the zone server)
maxprocs = 96

# The number of messages we log to stdout
# 0: No messages except for fatal parsing errors and the legal
# disclaimer
# 1: Only startup messages logged (default)
# 2: Error queries logged
# 3: All queries logged (but not very verbosely right now)
verbose_level = 2

# Initialize the IP aliases variable
ipv4_alias = {}

# Recursive ACL: Who is allowd to perform recursive queries.
recursive_acl = "10.0.10.0/24"

# Random seed file: The file form which we read 16 bytes from to get the
# 128-bit random seed.
random_seed_file = "/dev/urandom"

# The maximum number of elements we can have in the cache.
maximum_cache_elements = 1024

# Your ISP's DNS servers (no spaces) 
upstream_servers = {}
upstream_servers["."] = "111.111.111.111,222.222.222.222,333.333.333.333"

# Use local root DNS servers instead of your ISP's.
# Find close ones to you from: http://www.root-servers.org/
#root_servers = {}
#root_servers["."] = "198.41.0.4,128.8.10.90,128.63.2.53"

3. Copy the example "db.domain.lan" (below) to /etc/maradns/db.domain.lan. Replace the example hosts with your hosts.

#####################################
#          db.domain.lan            #
#####################################
# Zone file for domain.lan (example file)

# The SOA record must be first, followed by all authoritative NS
# records for this zone.
Sdomain.lan.|86400|domain.lan.|root@domain.lan.|19771108|7200|3600|604800|1800
#Ndomain.lan.|86400|ns1.domain.lan.
#Ndomain.lan.|86400|ns2.domain.lan.

# Some 'IN A' records
Agateway.domain.lan.|86400|192.168.0.1
Astorage.domain.lan.|86400|192.168.0.10
Aworkstation.domain.lan.|86400|192.168.0.20
Amythtv.domain.lan.|86400|192.168.0.30
Adhcp241.domain.lan.|86400|192.168.0.241
Adhcp242.domain.lan.|86400|192.168.0.242
Adhcp243.domain.lan.|86400|192.168.0.243
Adhcp244.domain.lan.|86400|192.168.0.244
Adhcp245.domain.lan.|86400|192.168.0.245

#Amx.domain.lan.|86400|10.1.2.4
#Ans1.domain.lan.|86400|10.0.0.1
#Ans2.domain.lan.|86400|192.168.0.1

# An 'IN MX' record
#@domain.lan.|86400|10|mx.domain.lan.

# An 'IN CNAME' record
#Cwww.domain.lan.|86400|domain.lan.

# An 'IN TXT' record
#Tdomain.lan.|86400|Example.com: Buy examples of products online!

# An 'A' record showing the use of percent as a shortcut for the name
# of this zone (in this case, 'domain.lan.')
#Aftp.%|3600|10.7.8.9

# A 'TXT' record showing the use of the backslash which allows any
# octal code in the record
#Tpercent.%|7200|Get 50\045 off all \%items\% at domain.lan!

# A 'PTR' record which, while marked as unauthoritative, allows this
# program to work with the obsolete tool nslookup when bound on IP 127.0.0.3
# NOTE: This record is not part of the domain.lan domain, and,
# therefore, can not be transferred with the getzone client
#P3.0.0.127.in-addr.arpa.|1234|nslookup.bug.workaround.
P1.0.168.192.in-addr.arpa.|86400|gateway.domain.lan.
P10.0.168.192.in-addr.arpa.|86400|storage.domain.lan.
P20.0.168.192.in-addr.arpa.|86400|workstation.domain.lan.
P30.0.168.192.in-addr.arpa.|86400|mythtv.domain.lan.
P241.0.168.192.in-addr.arpa.|86400|dhcp241.domain.lan.
P242.0.168.192.in-addr.arpa.|86400|dhcp242.domain.lan.
P243.0.168.192.in-addr.arpa.|86400|dhcp243.domain.lan.
P244.0.168.192.in-addr.arpa.|86400|dhcp244.domain.lan.
P245.0.168.192.in-addr.arpa.|86400|dhcp245.domain.lan.

4. Edit the files information to suit your needs.

5. Put the startup line at the bottom of /etc/rc.local so MaraDNS starts on reboot.

# MaraDNS server
if [ -x /usr/local/sbin/maradns ]; then
echo -n ' maradns'
/usr/local/sbin/maradns  >>/var/log/maradns &
fi

Del.icio.us! | Digg Me! | Reddit!

Related stories


RSS Feed RSS feed logo
About


3com
3ware
alsa
alsactl
alsamixer
amd
android
apache
areca
arm
ati
auditd
awk
badblocks
bash
bind
bios
bonnie
cable
carp
cat5
cdrom
cellphone
centos
chart
chrome
cifs
cisco
cloudera
comcast
commands
comodo
compiz-fusion
corsair
cpufreq
cpufrequtils
cpuspeed
cron
crontab
crossover
cu
cups
cvs
database
dbus
dd
dd_rescue
ddclient
debian
decimal
dhclient
dhcp
diagnostic
diskexplorer
disks
dkim
dns
dos
dovecot
drac
dsniff
dvdauthor
e-mail
echo
editor
emerald
ethernet
expect
ext3
ext4
fat32
fedora
fetchmail
fiber
filesystems
firefox
firewall
flac
flexlm
floppy
flowtools
fonts
format
freebsd
ftp
gdm
gmail
gnome
greasemonkey
greylisting
growisofs
grub
hacking
hadoop
harddrive
hba
hex
hfsc
html
html5
http
https
idl
ie
ilo
intel
ios
iperf
ipmi
iptables
ipv6
irix
javascript
kde
kernel
kickstart
kmail
kprinter
krecord
kubuntu
kvm
lame
ldap
linux
logfile
lp
lpq
lpr
maradns
matlab
memory
mencoder
mhdd
mkinitrd
mkisofs
moinmoin
motherboard
mouse
movemail
mplayer
multitail
mutt
myodbc
mysql
mythtv
nagios
nameserver
netflix
netflow
nginx
nic
ntfs
ntp
nvidia
odbc
openbsd
openntpd
openoffice
openssh
openssl
openvpn
opteron
parted
partimage
patch
perl
pf
pfflowd
pfsync
photorec
php
pop3
pop3s
ports
postfix
power
procmail
proftpd
proxy
pulseaudio
putty
pxe
python
qemu
r-studio
raid
recovery
redhat
router
rpc
rsync
ruby
saltstack
samba
schedule
screen
scsi
seagate
seatools
sed
sendmail
sgi
shell
siw
smtp
snort
solaris
soundcard
sox
spam
spamd
spf
sql
sqlite
squid
srs
ssh
ssh.com
ssl
su
subnet
subversion
sudo
sun
supermicro
switches
symbols
syslinux
syslog
systemrescuecd
t1
tcpip
tcpwrappers
telnet
terminal
testdisk
tftp
thttpd
thunderbird
timezone
ting
tls
tools
tr
trac
tuning
tunnel
ubuntu
unbound
vi
vpn
wget
wiki
windows
windowsxp
wireless
wpa_supplicant
x
xauth
xfree86
xfs
xinearama
xmms
youtube
zdump
zeromq
zic
zlib