207
207
result in an error.
210
<h2>root_servers</h2>
212
root_servers: This is a special "dictionary" element that can
213
have multiple elements, where a given element points to either an
214
ip, or a pointer to an ipv4 alias. For example:
217
root_servers["."] = "list_of_servers"
220
In this example, "." indicates that this is a listing of root_servers
221
that will resolve any name not otherwise listed as a root_servers
224
list_of_servers is a list of root name servers in the exact same
225
format as ipv4_aliases.
228
The root_servers dictionary array can have multiple elements. Like csv2
229
elements, the names must be valid domain names that end with the
230
'.' character. When there are multiple root_servers elements, the
231
element with the most domain name labels that matches the end of
232
the hostname one is searching for is used.
235
For example, let us suppose we have the following root_servers entries:
238
root_servers["."] = "198.41.0.4"
239
root_servers["com."] = "192.5.6.30"
240
root_servers["example.net."] = "10.1.2.3,10.2.3.4"
243
In this example, we use use the name server with the IP 10.1.2.3 or
244
10.2.3.4 to start resolving "www.example.net", the name server with the
245
IP 192.5.6.30 to start resolving "www.google.com", and the name server
246
with the IP 198.41.0.4 to start resolving "www.maradns.org".
249
Note that, while ips in a listing of root name servers can have
250
netmasks, the netmask portion is ignored.
253
The root_servers should point to root servers. If one wishes to use
254
MaraDNS as a forwarding name server, which forwards DNS requests on to
255
another server, use the upstream_servers variable instead.
257
<h2>upstream_servers</h2>
259
This is identical to the root_servers variable (can have multiple
260
elements, the elements are a list of ipv4_addresses, the variable is a
261
dictionary variable, etc.), but is used
262
when one wishes to use MaraDNS to query other recursive servers, instead
263
of querying the actual root name servers for an answer.
266
Note that one can not have both root_servers and upstream_servers set
267
in a given mararc file; MaraDNS will return with a fatal error if one
271
Like root_servers, this is a dictionary variable that can have multiple
272
elements. For example:
275
upstream_servers["."] = "10.5.6.7"
276
upstream_servers["cl."] = "10.2.19.83"
279
Here, we use 10.2.19.83 to resolve host names that end in "cl", and
280
10.5.6.7 to resolve all other host names.
210
282
<h1>NORMAL VARIABLE FORMAT</h1>
212
284
Normal variables. These are variables that can only take
498
585
The default GID is 99.
587
<h2>maximum_cache_elements</h2>
588
maximum_cache_elements: The maximum number of elements we can have
589
in the cache of recursive queries.
592
This cache of recursive queries is used to store entries we have
593
previously obtained from recursive queries.
596
If we approach this limit, the "custodian" kicks in to effect.
597
The custodian removes elements at random from the cache (8 elements
598
removed per query) until we are at the 99% or so level again.
600
<p> The default value for this variable is 1024.
602
maxprocs: The maximum number of threads or processes that MaraDNS
603
is allowed to run at the same time.
606
This variable is used to minimize the impact on the server when
607
MaraDNS is heavily loaded. When this number is reached, it is
608
impossible for MaraDNS to spawn new threads/processes until the
609
number of threads/processes is reduced.
610
<p> The default value for this variable is 64.
612
The maximum value this can have is 500.
500
613
<h2>max_ar_chain</h2>
501
614
max_ar_chain: The maximum number of records to display if a record in
502
615
the additional section (e.g., the IP of a NS server
563
676
use, and in addition, to allocate 1536 bytes for each element we
564
677
can have in the cache or DNS record that we are authoritatively serving.
680
min_ttl: The minimum amount of time a resource record will stay in
681
MaraDNS' cache, regardless of the TTL the remote server specifies.
684
Setting this value changes the minimum amount of time MaraDNS'
685
recursive server will keep a record in the cache. The value is
689
The default value of this is 300 (5 minutes); the minimum value
690
for this is 180 (2 minutes).
692
<h2>min_ttl_cname</h2>
693
min_ttl_cname: The minimum amount of time a resource record
694
will stay in MaraDNS' cache, regardless of the TTL the remote server
698
Setting this value changes the amount of time a CNAME record stays
699
in the cache. The value is in seconds.
702
The default value for this is the value min_ttl has; the minimum value
703
for this is 180 (2 minutes).
566
705
<h2>min_visible_ttl</h2>
567
706
min_visible_ttl: The minimum value that we will will show as the TTL (time
568
707
to live) value for a resource record to other DNS servers and stub resolvers.
573
712
The value is in seconds. The default value for this is 30; the minimum
574
value this can have is 5.
713
value this can have is 5. People running highly loaded MaraDNS servers
714
may wish to increase this value to 3600 (one hour) in order to reduce the
715
number of queries recursively processed by MaraDNS.
577
718
As an aside, RFC1123 section 6.1.2.1 implies that zero-length TTL records
578
719
should be passed on with a TTL of zero. This, unfortunately, breaks some
579
720
stub resolvers (such as Mozilla's stub resolver).
724
This parameter, if set, causes MaraDNS' recursive resolver to return a
725
0-TTL synthetic IP for non-existent hostnames instead of a "this host does
726
not exist" DNS reply. The IP returned is the value for this parameter.
729
For example, if one wishes to send the IP 10.11.12.13 to clients whenever
730
MaraDNS' recursive resolver gets a "this host does not exist" reply, set
734
notthere_ip = "10.11.12.13"
737
If one also wishes to have this IP returned when there is no reply
738
from remote DNS servers, set handle_noreply thusly:
744
This parameter only affects the recursive resolver, and doesn't affect
745
authoritative zones that MaraDNS serves. This parameter only affects
746
A queries, and doesn't affect other DNS query types.
748
<h2>random_seed_file</h2>
749
random_seed_file: The file from which we read 16 bytes from to
750
get the 128-bit seed for the secure pseudo random number generator.
753
The location of this file is relative to the root of the
754
filesystem, not MaraDNS' chroot directory.
757
This is ideally a file which is a good source of random numbers
758
(e.g. /dev/urandom), but can also be a fixed file if your OS does not
759
have a decent random number generator. In that case, make sure the
760
contents of that file is random and with 600 perms, owned by root.
761
We read the file <b>before</b> dropping root privileges.
763
<h2>recurse_delegation</h2>
764
recurse_delegation: Whether to recurse in the case of us finding a NS
765
delegation record, but the user/stub resolver sent a query that
766
desires recursion. Before MaraDNS 1.3, this was the default behavior.
769
When recurse_delegation has a value of 1, we recurse in this case.
770
Otherwise, we do not.
773
This parameter has a default value of 0.
775
<h2>recurse_min_bind_port</h2>
776
MaraDNS, by default, binds to a UDP port with a value between 15000 and
777
19095 when making a recursive query. This variable, and the
778
recurse_number_ports variable, allow this value to be changed.
781
recurse_min_bind_port is the lowest port number that MaraDNS will bind
782
to when making recursive queries. The default value for this is 15000.
784
<h2>recurse_number_ports</h2>
785
This determines the size of the port range MaraDNS will bind to when
786
making recursive queries. MaraDNS, when making a recursive query, will
787
locally bind to a port number between recurse_min_bin_port and
788
recurse_min_bind_port + recurse_number_ports - 1.
791
This number must be a power of 2 between
792
256 and 32768. In other words, this must have the value 256, 512, 1024,
793
2048, 4096, 8192, 16384, or 32768. The default value for this is 4096.
796
The sum of the values for recurse_min_bind_port + recurse_number_ports must
797
fit within the 16-bit value used for UDP ports. In other words, these
798
two parameters, added together, can not be greater than 65534.
800
<h2>recursive_acl</h2>
801
recursive_acl: List of ips allowed to perform recursive queries with
802
the recursive portion of the MaraDNS server
805
The format of this string is identical to the format of an ipv4_alias
809
If this has a value of 1, a bogus SOA "not there" reply is sent whenever
810
an AAAA query is sent to MaraDNS. In other words, every time a program asks
811
MaraDNS for an IPv6 IP address, instead of trying to process the request,
812
when this is set to 1, MaraDNS pretends the host name in question does not
813
have an IPv6 address.
816
This is useful for people who aren't using IPv6 but use applications (usually
817
*NIX command like applications like "telnet") which slow things down trying
818
to find an IPv6 address.
821
If this has a value of 1, a bogus SOA "not there" reply is sent whenever
822
an PTR query is sent to MaraDNS. In other words, every time a program asks
823
MaraDNS for an IP-to-name mapping, instead of trying to process the request,
824
when this is set to 1, MaraDNS pretends the IP in question does not
828
This is useful for people who don't need this data but use applications
829
(usually *NIX command like applications like "telnet") which slow things
830
down trying to look up a host name for an IP.
581
832
<h2>remote_admin</h2>
582
833
remote_admin: Whether we allow <tt>verbose_level</tt> to be changed
583
834
after MaraDNS is started.
596
847
resolving, then decreasing <tt>verbose_level</tt> so as to minimize
597
848
the size of MaraDNS' log.
850
<h2>retry_cycles</h2>
851
retry_cycles: The number of times the recursive resolver will try to contact
852
all of the DNS servers to resolve a given name before giving up. This
853
has a default value of 2.
856
spammers: A list of DNS servers which the recursive resolver will
860
This is mainly used to not allow spam-friendly domains to
861
resolve, since spammers are starting to get in the habit of using
862
spam-friendly DNS servers to resolve their domains, allowing them
863
to hop from ISP to ISP.
866
The format of this string is identical to the format of an ipv4_alias
599
869
<h2>synth_soa_origin</h2>
600
870
When a CSV2 zone file doesn't have a SOA record in it, MaraDNS generates
601
871
a SOA record on the fly. This variable determines the host name for