1
<h1>MaraDNS 1.0: Do not use</h1>
3
This page used to contain a FAQ for version 1.0 of MaraDNS. This
4
release is no longer maintained and has known security problems.
5
Please update to version 1.4 (or 2.0 if feasible); a guide for
6
updating MaraDNS is available <A href=/tutorial/update.html>here</A>.
1
<h1>FREQUENTLY ASKED QUESTIONS</h1>
3
<h3>This FAQ is for version 1.0 of MaraDNS. An updated FAQ for version
4
1.2 of MaraDNS is available <A href="http://www.maradns.org/faq.html">here</A>
9
1. <A href="#tryout">How to I try out MaraDNS?</A> <P>
10
2. <A href="#license">What license is MaraDNS released under?</A><P>
12
3. <A href="#ips">How do I get MaraDNS to bind to multiple IP addresses?</A><P>
14
4. <A href="#ipsbug">How come BIND 9 can not process MaraDNS queries when
15
MaraDNS is bound to multiple IP addresses?</A><P>
17
5. <A href="#bugzilla">How do I report bugs in MaraDNS?</A><P>
19
6. <A href="#chatter">Some of the postings to the mailing list do not talk
22
7. <A href="#unsub">How to I get off the mailing list?</A><P>
24
8. <A href="#rdns">How do I set up reverse DNS on MaraDNS?</A><P>
26
9. <A href="#timeout">I am on a slow network, and MaraDNS can not process
27
recursive queries</A><P>
29
10. <A href="#obtuse">When I try to run MaraDNS, I get a
30
<tt>Fatal error: Error running populate_main program</tt>
31
or a <tt>Fatal error: init_cache() failed</tt>
34
11. <A href="#rrany">I am trying to register a domain under the .au or
35
the .de name space,and my registrar is not taking my domain name</A><P>
37
12. <A href="#netstat">After I start MaraDNS, I can not see the process
38
when I run netstat -na</A><P>
40
13. <A href="#jsstr">What string library does MaraDNS use?</A><P>
42
14. <A href="#license">Why is MaraDNS public domain instead of BSD or GPL
45
15. <A href="#whythreads">Why does MaraDNS use a multi-threaded model?</A><P>
47
16. <A href="#wishlist">I feel that XXX feature should be added to MaraDNS</A><P>
49
17. <A href="#docbook">I feel that MaraDNS should use another documentation
52
18. <A href="#patch">Is there any process I need to follow to add a patch
55
19. <A href="#primary">Can MaraDNS act as a primary nameserver?</A><P>
57
20. <A href="#secondary">Can MaraDNS act as a secondary nameserver?</A><P>
59
21. <A href="#auth">What is the difference between an authoritative and
60
a recursive DNS server?</A><P>
62
22. <A href="#bailiwick">The getzone client isn't allowing me to add certain
63
hostnames to my zone</A><P>
65
23. <A href="#kosherzone">I have having problems transferring zones from
66
MaraDNS' zone server to a BIND zone transfer client</A><P>
68
24. <A href="#portable">Is MaraDNS portable?</A><P>
70
25. <A href="#openbsd">How do I compile MaraDNS on OpenBSD?</A><P>
72
26. <A href="#cygwin">Can I use MaraDNS in Windows?</A><P>
74
27. <A href="#upstream">MaraDNS freezes up after being used for a while</A><P>
76
28. <A href="#python">What kind of Python integration does MaraDNS have</A><P>
78
29. <A href="#kvar">Doesn't "kvar" mean "four" in Esperanto?</A><p>
80
30. <A href="#timestamp">How do I make MaraDNS' time stamps
81
human-readable?</A><p>
83
31. <A href="#scability">How scalable is MaraDNS?</A><p>
85
32. <A href="#dcname">I'm getting a warning about dangling CNAME entries</A><p>
90
<a name="tryout"> </a>
91
<H2>1. How to I try out MaraDNS?</H2>
93
<p>Read the <A href="quickstart.html">quick start guide</A>, which
94
is the file named 0QuickStart in the MaraDNS distribution.
96
<a name="license"> </a>
97
<H2>2. What license is MaraDNS released under?</H2>
98
<p>None, actually. MaraDNS is released to the public domain.
101
<H2>3. How do I get MaraDNS to bind to multiple IP addresses?</H2>
103
The current method is to run multiple copies of MaraDNS, each using its
110
maradns -f /etc/mararc.1
111
maradns -f /etc/mararc.2
116
If you just want to bind to all IP addresses your computer has, bind to
117
the IP "0.0.0.0"; however this can cause problems. See the next
120
I don't think this will be too hard to correctly implement, since I
121
already have code for specifying multiple IP addresses with the IP ACL
122
code used by the zone server. Until then, I will add this workaround to
125
<a name="ipsbug"> </a>
126
<H2>4. How come BIND 9 can not process MaraDNS queries when MaraDNS is bound
127
to multiple IP addresses?</H2>
128
In certain cricumstances, when MaraDNS is bound to more than one IP
129
address, the underlying OS will send the UDP reply with a different IP
130
than the IP the UDP query was sent to. This will confuse BIND 9, since
131
BIND 9's method for listening for requests that BIND has sent out expects
132
the reply to come from the same IP that the request was sent to.
135
<a name="bugzilla"> </a>
136
<H2>5. How do I report bugs in MaraDNS?</H2>
139
Before reporting a bug that MaraDNS has, please read the relevant man
140
pages. The man pages should be installed when one installs MaraDNS, and,
141
in addition, are available in the <tt>doc/man</tt> directory of the
142
MaraDNS source tarball. (It is also possible that you are reading the man
146
Some MaraDNS man pages (namely, the man pages for <B>maradns</B>,
147
<B>askmara</B>, <B>zoneserver</B>, and <B>mararc</B>) have a section,
148
titled "BUGS", which list already known bugs which I feel are not
149
important enough to fix before the 1.0 release of MaraDNS. Bug reports
150
which mention one of these bugs will be cheerfully ignored (or given a
151
polite "thanks for the report, in this man page the bug is already
152
mentioned" message if I am in a particularly good mood).
155
Subscribe to the mailing list by sending mail to
156
<A href="mailto:list-subscribe@maradns.org">list-subscribe@maradns.org</A>
157
with "subscribe" as the subject line,
158
and describe the bug by sending email to
159
<A href="mailto:list@maradns.org">list@maradns.org</A>.
161
<a name="chatter"> </a>
162
<H2>6. Some of the postings to the mailing list do not talk about MaraDNS!</H2>
163
In cases where I post something to the mailing list which does not directly
164
talk about MaraDNS, the subject line will not have [MARA] in it, but will
165
have some form of the word CHATTER in it.
167
This way, people who do not like this can set up mail filters to filter out
168
anything that comes from this list and doesn't have [MARA] in the subject
169
line, or simply unsubscribe from the list and read the list from the
170
archives; if one needs to report a bug, they can subscribe to the list
171
again, post their bug, then unsubscribe after a week.
173
Another option is to set up one's Freshmeat preferences to be notified
174
in email every time I update MaraDNS at Freshmeat. This will give one
175
email notice of any critical bug fixes without needing to be
176
subscribed to the mailing list.
178
The web page <A href="http://www.maradns.org">http://www.maradns.org/</A>
179
has a link to the mailing list archives.
181
<a name="unsub"> </a>
182
<H2>7. How to I get off the mailing list?</H2>
183
Send an email to list-request@maradns.org with "unsubscribe" as the
187
<H2>8. How do I set up reverse DNS on MaraDNS?</H2>
189
By using PTR (pointer) records. For example, the PTR record which performs
190
the reverse DNS lookup for the ip 1.2.3.4 looks like this in a CSV1 zone
194
P4.3.2.1.in-addr.arpa.|86400|www.example.com.
198
If you wish to have a PTR (reverse DNS lookup; getting a DNS name from a
199
numeric IP) record work on the internet at large, it is not a simple
200
matter of just adding a record like this to a MaraDNS zonefile. One also
201
needs control of the appropriate in-addr.arpa. domain.
205
While it can make logical sense to contact the IP 10.11.12.13 when trying
206
to get the reverse DNS lookup (fully qualified domain name) for a given
207
IP, DNS servers don't do this. DNS server, instead, contact the root
208
DNS servers for a given in-addr.arpa name to get the reverse DNS lookup,
209
just like they do with any other record type.
213
When an internet service provider is given a block of IPs, they are also
214
given control of the DNS zones which allow them to control reverse DNS
215
lookups for those IPs. While it is possible to obtain a domain and run
216
a DNS server without the knowledge or intervention of an ISP, being
217
able to control reverse DNS loookups for those IPs requires ISP
220
<a name="timeout"> </a>
221
<H2>9. I am on a slow network, and MaraDNS can not process recursive
224
MaraDNS, by default, only waits two seconds for a reply from a remote
225
DNS server. This default can be increased by adding a line like this
234
Note that making this too high will slow MaraDNS down when DNS servers
235
are down, which is, alas, all too common on today's internet.
237
<a name="obtuse"> </a>
239
<H2>10. When I try to run MaraDNS, I get a
240
<tt>Fatal error: Error running populate_main program</tt>
241
or a <tt>Fatal error: init_cache() failed</tt> error message.</H2>
243
<p>If a line in a mararc file is too long, you will see, before the
244
"Fatal error: Error running populate_main program" message, a message
245
showing you the line number which is too long and the filename with
246
the offending line. While it is possible to increase this limit
247
by changing the appropriate variable in the MaraDns.h file, the
248
current limit is in line with the 512-byte limit that UDP DNS
249
packets have; MaraDNS does not currently support DNS over TCP.
251
<p>Otherwise, this error message should not be visible. If it appears,
253
the mailing list (see above), and describe your problem by sending email to
254
<A href="mailto:list@maradns.org">list@maradns.org</A>. Be sure to include
255
the following information:
257
<ul><li>The contents of your /etc/mararc file
259
<li>The contents of any files in /etc/maradns
261
<li>The full output MaraDNS generates
265
<a name="rrany"> </a>
266
<H2>11. I am trying to register a domain under the .au or the .de name space,
267
and my registrar is not taking my domain name</H2>
269
<p>Both the German registrar and the Australian registrars require a RR_ANY
270
request to return NS and SOA records. MaraDNS can do this if you add the
271
following line to your mararc file:<p>
273
<tt>default_rrany_set = 15</tt>
275
<a name="netstat"> </a>
276
<H2>12. After I start MaraDNS, I can not see the process when I run netstat -na
279
Udp services do not have a prominent "LISTEN" when netstat is run.
281
When MaraDNS is up, the relevant line in the netstat output looks
284
udp 0 0 127.0.0.4:53 0.0.0.0:*
287
While on the topic of netstat, if you run <TT>netstat -nap</TT> as root,
288
you can see the names of the processes which are providing internet
291
<a name="jsstr"> </a>
292
<H2>13. What string library does MaraDNS use?</H2>
294
<p>MaraDNS uses her own string library, which is called the "js_string"
295
library. Man pages for most of the functions in the js_string library
296
are in the folder <tt>doc/man</tt> of the <A href="download.html">MaraDNS
299
<a name="license"> </a>
300
<H2>14. Why is MaraDNS public domain instead of BSD or GPL licensed?</H2>
302
<p>The post-1.0.xx releases of MaraDNS are, in fact, under a simple
303
BSD license (without any "obnoxious" advertising clause).
304
<p>I used a public domain (non-)license so that MaraDNS could be integrated
305
with Python without trouble. While
306
Python is, I believe, currently GPL compatible, Python was not
307
GPL-compatible at the time I decided on a license for MaraDNS.
309
<a name="thythreads"> </a>
310
<H2>15. Why does MaraDNS use a multi-threaded model?</H2>
312
<p>The multi-threaded model is, plain and simple, the simplest way to write
313
a functioning recursive DNS server. There is a reason why MaraDNS, pdnsd, and
314
BIND 9 all use the multi-threaded model.
316
<a name="wishlist"> </a>
317
<H2>16. I feel that XXX feature should be added to MaraDNS</H2>
319
Before sending mail to the list with a feature request, please read
320
the UNIMPLEMENTED FEATURES section of the MaraDNS man page, which has a
321
list of feature requests other people have already sent me. If you do not
322
see your requested feature in this section of the man page, send an email to
323
the mailing list so that I can add your feature request to the
324
UNIMPLEMENTED FEATURES section of the MaraDNS man page.
326
Feature requests which include a patch which implements the feature in
327
question are may even be implemented by MaraDNS, as long as the patch comes
328
with a declaration that the patch is public domain.
330
Note that MaraDNS is currently "frozen". In other words, new features will
331
not be added until after the 1.0 release.
333
<a name="docbook"> </a>
334
<H2>17. I feel that MaraDNS should use another documentation format</H2>
336
The reason that MaraDNS uses its own documentation format is to satisfy both
337
the needs of translators to have a unified document format and my own
338
need to use a documentation format that is simple enough to be readily
339
understood and which I can add features on an
342
The documentation format is essentially simplified HTML with some
343
special tags added to meet MaraDNS' special needs.
345
For people who prefer other formats of documentation, I am open to
346
making filters which convert from MaraDNS' own "EJ" documentation format
347
to the format in question after MaraDNS 1.0 is released.
349
Having a given program have its own documentation format is not
350
without precedent; Perl uses its own "pod" documentation format.
352
<a name="patch"> </a>
353
<H2>18. Is there any process I need to follow to add a patch to MaraDNS?</H2>
357
<p>Here is the procedure for making a proper patch:
362
<li>Enter the directory that the file is in, for example
363
<tt>maradns-0.9.20/server</tt>
365
<li>Copy over the file that you wish to modify to another file
366
name. For example: <tt>cp MaraDNS.c MaraDNS.c.orig</tt>
368
<li>Edit the file in question, e.g: <tt>vi MaraDNS.c</tt>
370
<li>After editing, do something like this: <br><tt>
371
diff -u MaraDNS.c.orig MaraDNS.c > maradns.patch</tt>
373
<li>Make sure the modified version compiles cleanly
377
Send a patch to me in email, along with a statement that you place
378
the contents of the patch in to the public domain. If I find that the patch
379
works well, I will integrate it in to MaraDNS.
381
<a name="primary"> </a>
382
<H2>19. Can MaraDNS act as a primary nameserver?</H2>
386
<p>The <tt>zoneserver</tt> program serves zones so that other DNS servers
387
can be secondaries for zones which MaraDNS serves. This is a separate
388
program from the <tt>maradns</tt> server, which processes both
389
authoritative and recursive UDP DNS queries.
391
<a name="secondary"> </a>
392
<H2>20. Can MaraDNS act as a secondary nameserver?</H2>
396
<p>The 'getzone' program obtains zone files from remote DNS servers,
397
outputting the contents of the zone file in MaraDNS' "csv1" zone
398
file format. This program can be run from cron. If one desires
399
more BIND-like functionality, getzone can be wrapped in a
400
shell script that uses askmara to look at the SOA record to see if
401
the serial number of the zone has changed.
403
<p>I feel that the traditional DNS design of having a single application
404
both serve DNS records and handle the maintenance of zone files is
405
not ideal; the best design is to have a number of simple applications
409
<H2>21. What is the difference between an authoritative and a recursive DNS
412
A recursive DNS server is a DNS server that is able to contact other DNS
413
servers in order to resolve a given domain name label. This is the kind
414
of DNS server one points to in /etc/resolve.conf
418
An authoritative DNS server is a DNS server that a recursive server
419
contacts in order to find out the answer to a given DNS query.
421
<a name="bailiwick"> </a>
422
<H2>22. The getzone client isn't allowing me to add certain hostnames to
425
For security reasons, MaraDNS' getzone client does not
426
add records which are not part of the zone in question. For example,
427
if someone has a zone for example.com, and this record in the zone:
431
P1.1.1.10.in-addr.arpa.|86400|dns.example.com.
434
MaraDNS will not add the record, since the record is out-of-bailiwick. In
435
other words, it is a host name that does not end in .example.com.
437
There are two workarounds for this issue:
439
<LI>Create a zone file for 1.1.10.in-addr.arpa., and put the PTR records
441
<LI>Use rcp, rsync, or another method to copy over the zone files in
445
<a name="kosherzone"> </a>
446
<H2>23. I have having problems transferring zones from MaraDNS' zone server
447
to a BIND zone transfer client</H2>
449
<p>BIND is rather picky about what kind of data it will accept from
450
a zone server. Make sure the following is true with your domain:
452
<li>Make sure that the authoritative NS records are at the top of your
453
zone, immediately after the SOA record
454
<li>Make sure that your authoritative NS records are NS records
456
<li>To work around <A href="quirks.html">a known bug in MaraDNS</a>, make
457
sure you have at least one non-NS record between the authoritative NS
458
records for your zone and any delegation NS records that exist in the
462
Here is an example bad zone file (with a linefeed added to the SOA
465
Sexample.com.|86400|example.com.|
466
hostmaster@example.com.|1|86400|3600|6048000|86400
467
Nbad.example.com.|86400|ns1.example.com.
468
Nbad.example.com.|86400|ns2.example.com.
469
Nsubdomain.example.com.|86400|ns.subdomain.example.com.
470
Aexample.com.|12345|10.2.3.4
473
Here is the same zone file, with corrections (and a linefeed added to the
476
Sexample.com.|86400|example.com.|
477
hostmaster@example.com.|1|86400|3600|6048000|86400
478
Nexample.com.|86400|ns1.example.com.
479
Nexample.com.|86400|ns2.example.com.
480
Aexample.com.|12345|10.2.3.4
481
Nsubdomain.example.com.|86400|ns.subdomain.example.com.
483
<a name="portable"> </a>
484
<H2>24. Is MaraDNS portable?</H2>
486
<p>While I intend to have MaraDNS be a portable DNS server which will
487
compile on a variety of unices, right now all of MaraDNS's work development
488
is being done on Linux.
489
In terms of proprietary OSes, I know that SCO Open Server,
490
SCO UNIXware and <A href="solaris.html">Solaris</A> have issues running a
491
UDP or TCP server in a chroot() environment. Word is that, with
492
Solaris and UNIXware, placing /dev/tcp and /dev/udp in the chroot() jail
493
will allow a server like MaraDNS to function.
495
<a name="openbsd"> </a>
496
<H2>25. How do I compile MaraDNS on OpenBSD?</H2>
499
There are two ways to do this:
502
To use the native thread support add -pthread to the CFLAGS variable.
504
To use the GNU pthread library, install the pth package and add
505
-L/usr/local/lib/pth to the linker.
507
(Florin Iucha provided this tip)
509
<a name="cygwin"> </a>
510
<H2>26. Can I use MaraDNS in Windows?</H2>
516
Provided, of course, that one has the Cygwin environment which emulates
517
a UNIX environment in Windows.
520
MaraDNS should now compile fine on Cygwin systems. If not, join the mailing
521
list and let me know; I will correct this FAQ entry.
523
<a name="upstream"> </a>
524
<H2>27. MaraDNS freezes up after being used for a while</H2>
526
If using your ISP's name servers or some other name servers which
527
are not, in fact, root name servers, please make sure that you are
528
using the upstream_servers dictionary variable instead of the
529
root_servers dictionary variable.
533
If you still see MaraDNS freeze up after making this correction, please
534
send a bug report to the mailing list.
536
<a name="python"> </a>
537
<H2>28. What kind of Python integration does MaraDNS have</H2>
539
The mararc file uses the same syntax that Python uses; in fact, Python
540
can parse a properly formatted mararc file.
542
There is currently no other integration with Python.
545
<H2>29. Doesn't "kvar" mean "four" in Esperanto?</H2>
547
Indeed, it does. However the use of "kvar" in the MaraDNS source
548
code only coincidentally is an Esperanto word. "kvar" is short
549
for "Kiwi variable"; a lot of the parsing code comes from the code
550
used in the Kiwi spam filter project.
552
<a name="timestamp"> </a>
553
<H2>30. How do I make MaraDNS' time stamps human-readable?</H2>
555
MaraDNS uses standard UNIX timestamps; which is the number of
556
seconds since Midnight, January 1, 1970.
558
To make MaraDNS' time stamps human readable, use this awk script:
561
maradns -f /etc/maradns | awk '
563
gsub(/Timestamp: ([0-9]+)/,
564
strftime("%a, %d %b %Y %H:%M:%S",$2),$0)}
568
The MaraDNS startup script has the option to use this Awk script
569
to convert the time stamp; read the script for details.
571
<a name="scability"> </a>
572
<H2>31. How scalable is MaraDNS?</H2>
574
MaraDNS is optimized for serving a small number of domains as quickly
575
as possible. That said, MaraDNS is remarkably efficnent for serving a
576
large number of domains, as long as the server MaraDNS is on has the
577
memory to fit all of the domains, and as long as the startup time for
578
loading a large number of domains can be worked around.
580
The "big-O" or "theta" growth rates for various MaraDNS functions
581
are as follows, where N is the number of authoritative host names being
587
Processing incoming DNS requests 1
590
As can be seen, MaraDNS will process 1 or 100000 domains in the same amount
591
of time, once the domain names are loaded in to memory.
593
<a name="dcname"> </a>
594
<H2>I'm getting a warning about dangling CNAME entries</H2>
596
Let us suppose we have a CNAME record without an A record in the local
597
DNS server's database, such as:
600
Cgoogle.example.com.|86400|www.google.com.
604
This record, which is a CNAME record for "google.example.com", points
605
to "www.google.com". Some DNS servers will recursively look up
606
www.google.com, and render the above record like this:
609
Cgoogle.example.com.|86400|www.google.com.
610
Awww.google.com.|900|66.102.7.104
615
For security reasons, MaraDNS doesn't do this. Instead, MaraDNS will simply
619
Cgoogle.example.com.|86400|www.google.com.
622
Some stub resolvers will be unable to resolve google.example.com as
626
If you want to remove these warnings, add the following to your mararc file:
629
no_cname_warnings = 1
634
Information about how to get MaraDNS to resolve dangling CNAME
635
records is in the tutorial file <A
636
href="http://www.maradns.org/tutorial/dangling.html">dangling.html</A>
638
<!-- <a name="memusage"> </a>
639
<H2>32. How much memory does MaraDNS use?</H2> -->