1
--- maradns-2.0.02/doc/en/webpage/maradns-1.2-top.html 2010-09-26 12:49:51.000000000 -0400
2
+++ maradns-2.0.03/doc/en/webpage/maradns-1.2-top.html 2011-03-18 13:06:32.000000000 -0400
5
<a href="index.html">Main</a>
6
<a href="download.html">Download</a>
7
+ <a href="changelog.html">Changelog</a>
8
<a href="notes.html">Documentation</a>
9
+ <a href="search.html">Search</a>
10
<a href="/blog">Blog</a>
11
- <a href="changelog.html">Changelog</a>
12
+ <a href="security.html">Security</a>
13
</div> <!-- maradns-l -->
14
<script type="text/javascript">
18
<table><tr><td class=content width=596>
22
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
23
+<input type="hidden" name="cmd" value="_s-xclick">
24
+<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but04.gif" border="0" name="submit" alt="PayPal Donate">
25
+<input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHLwYJKoZIhvcNAQcEoIIHIDCCBxwCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYA9Nwuu0ttKwa5d+XlH72dMuPfwlJFi3ohwNwhKMHHFM8oGkJzQZEoxmCFUNYwHbU23nZLRtG9VDWNqU0dXjLp+as35K+YhSX4/9mbHZVjfUKSRAcdw3ceBjpPjV0PiyoSsEdsFzPjjnK7fTzKVBDtDmKlrSVcdzN3xQ0VnbASVwjELMAkGBSsOAwIaBQAwgawGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIhqiVIQRAj8qAgYhtT0+SDskyUncn8rgsm5jyCgQFp3vhNHx3VqkiZeCt+yMM6hkf4enKUZbKAueuWkcAZTcQV/ZLWivUqHLkr8dOpF+Z7gnfeeGUAa0dyJhVf75heYttZ/dSdrl+PLiSHguLh8/jDhzcCBrIiOTVp5iE4d4MZFfuhq/T+XL1eUv4p/HeVlxNUuDMoIIDhzCCA4MwggLsoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMB4XDTA0MDIxMzEwMTMxNVoXDTM1MDIxMzEwMTMxNVowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBR07d/ETMS1ycjtkpkvjXZe9k+6CieLuLsPumsJ7QC1odNz3sJiCbs2wC0nLE0uLGaEtXynIgRqIddYCHx88pb5HTXv4SZeuv0Rqq4+axW9PLAAATU8w04qqjaSXgbGLP3NmohqM6bV9kZZwZLR/klDaQGo1u9uDb9lr4Yn+rBQIDAQABo4HuMIHrMB0GA1UdDgQWBBSWn3y7xm8XvVk/UtcKG+wQ1mSUazCBuwYDVR0jBIGzMIGwgBSWn3y7xm8XvVk/UtcKG+wQ1mSUa6GBlKSBkTCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCBXzpWmoBa5e9fo6ujionW1hUhPkOBakTr3YCDjbYfvJEiv/2P+IobhOGJr85+XHhN0v4gUkEDI8r2/rNk1m0GA8HKddvTjyGw/XqXa+LSTlDYkqI8OwR8GEYj4efEtcRpRYBxV8KxAW93YDWzFGvruKnnLbDAF6VR5w/cCMn5hzGCAZowggGWAgEBMIGUMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYxMjIwMDAzMTE3WjAjBgkqhkiG9w0BCQQxFgQUxkXiKgzuVHNlG0VLqllkOj/5XQAwDQYJKoZIhvcNAQEBBQAEgYB17oonnjrk0sG0chHKkb8jPX/Ic7F3kSjBu3oF807dttqJz4370BodKrhym0Lljqvhis67fMzqmuPkhjxvF19lXUr6ufNqQWo8lrE2Qc7jk0j0iKLiOWq2kxDUzI5IacNTVFRduuVrt3xuXkiIo6WiRk1IlO6w3zGsSGovSZIdGQ==-----END PKCS7-----
31
--- maradns-2.0.02/doc/en/webpage/advocacy.embed 2010-09-26 12:58:10.000000000 -0400
32
+++ maradns-2.0.03/doc/en/webpage/advocacy.embed 2011-03-18 13:06:32.000000000 -0400
35
<h2>MaraDNS Advocacy</h2>
37
This article discusses the advantages and disadvantages of using MaraDNS,
39
MaraDNS has a long history of being maintained and updated.
40
Actively developed since 2001,
41
MaraDNS continues to be supported: The most recent
42
-release was done on September 25, 2010. Deadwood, the recursive code that will
43
-become part of MaraDNS 2.0, is currently <A href=deadwood/>stable code</A>.
44
+release was done on February 5, 2011. Deadwood, the recursive code that is
45
+part of MaraDNS 2.0, is <A href=deadwood/>stable code</A>.
46
<li><b>Easy to use</b>. A basic recursive configuration needs only a
47
single three-line configuration file. A basic authoritative configuration
48
needs only a four-line configuration file and a one-line zone file.
50
be for you. MaraDNS has the following, ummm, features:
53
-<li>MaraDNS currently spawns a thread for every recursive request that
54
- is not in the cache. In other words, MaraDNS needs a good thread
55
- implementation in order to process a large number of recursive
56
- requests. Make sure your operating system has a robust threading
57
- library before using MaraDNS to process a large number of recursive
60
- I do plan on fixing this, but it requires a complete rewrite of
61
- the recursive code, which will take six months to a year to
64
<li>In order to change any DNS records, MaraDNS needs to be restarted.
65
This is because MaraDNS uses a model that pulls DNS records from memory
66
- very quickly. This will not be addressed until I adress the issue
67
- with recursive threads.
70
-<li>MaraDNS has support for BIND zone files only in the beta-test
71
- branch, using a Python script to convert zone files from BIND's format
72
- to MaraDNS' BIND-like format.
73
+<li>MaraDNS support for BIND zone files uses a Python script to convert
74
+ zone files from BIND's format to MaraDNS' BIND-like format.
77
Many, many DNS server projects have come and gone over the years; to
78
--- maradns-2.0.02/doc/en/webpage/dns_software.embed 2009-12-21 10:28:41.000000000 -0500
79
+++ maradns-2.0.03/doc/en/webpage/dns_software.embed 2011-03-18 13:06:32.000000000 -0400
81
<LI><A href="http://www.digitallumber.com/oak">Oak DNS</A> is a DNS
82
server written completely in python. It is compatible (I think) with
83
both BIND zone files and cache files. The file can be downloaded
84
-<A href="http://www.digitallumber.com/oak/code/oak-1.2.tar.gz">here</A>,
85
<A href="http://www.maradns.org/download/non-maradns/oak-1.2.tar.gz">here</A>,
86
or <A href="http://www.lpthe.jussieu.fr/~talon/oak-1.2.tar.gz">here</A>.
87
-The most recent alpha version can be downloaded <A
88
-href="http://www.digitallumber.com/oak/code/oak-1.4.tar.gz">here</A>
90
+The most recent alpha version can be downloaded
92
href="http://www.maradns.org/download/non-maradns/oak-1.4.tar.gz">here</A>.
93
-The most recent file in this alpha is from February of 2003; until
94
-this program has a more recent update, I am marking this abandoned.
95
+The most recent file in this alpha is from February of 2003; the original
96
+website is now owned by a cyber-squatter.
97
(Thanks, Michel Talon, for the update)
102
<h2>Proprietary DNS solutions</h2>
104
-<em>No, I don't really care to list every single DNS server that exists here.
105
-I find the idea of using proprietary software for anything that
106
-matters repulsive; however I try to keep this list up-to-date</em>
107
+<em>No, I have not listed every single DNS server that exists here.</em>
110
<LI><A href="http://www.ultradns.com">UltraDNS</A></LI>
111
--- maradns-2.0.02/doc/en/webpage/faq-1.0.embed 2010-09-26 12:55:54.000000000 -0400
112
+++ maradns-2.0.03/doc/en/webpage/faq-1.0.embed 2011-03-18 13:06:32.000000000 -0400
114
-<h1>FREQUENTLY ASKED QUESTIONS</h1>
116
-<h3>This FAQ is for version 1.0 of MaraDNS. An updated FAQ for version
117
-1.2 of MaraDNS is available <A href="http://www.maradns.org/faq.html">here</A>
122
-1. <A href="#tryout">How to I try out MaraDNS?</A> <P>
123
-2. <A href="#license">What license is MaraDNS released under?</A><P>
125
-3. <A href="#ips">How do I get MaraDNS to bind to multiple IP addresses?</A><P>
127
-4. <A href="#ipsbug">How come BIND 9 can not process MaraDNS queries when
128
-MaraDNS is bound to multiple IP addresses?</A><P>
130
-5. <A href="#bugzilla">How do I report bugs in MaraDNS?</A><P>
132
-6. <A href="#chatter">Some of the postings to the mailing list do not talk
133
- about MaraDNS!</A><P>
135
-7. <A href="#unsub">How to I get off the mailing list?</A><P>
137
-8. <A href="#rdns">How do I set up reverse DNS on MaraDNS?</A><P>
139
-9. <A href="#timeout">I am on a slow network, and MaraDNS can not process
140
- recursive queries</A><P>
142
-10. <A href="#obtuse">When I try to run MaraDNS, I get a
143
- <tt>Fatal error: Error running populate_main program</tt>
144
- or a <tt>Fatal error: init_cache() failed</tt>
145
- error message.</A><P>
147
-11. <A href="#rrany">I am trying to register a domain under the .au or
148
- the .de name space,and my registrar is not taking my domain name</A><P>
150
-12. <A href="#netstat">After I start MaraDNS, I can not see the process
151
- when I run netstat -na</A><P>
153
-13. <A href="#jsstr">What string library does MaraDNS use?</A><P>
155
-14. <A href="#license">Why is MaraDNS public domain instead of BSD or GPL
158
-15. <A href="#whythreads">Why does MaraDNS use a multi-threaded model?</A><P>
160
-16. <A href="#wishlist">I feel that XXX feature should be added to MaraDNS</A><P>
162
-17. <A href="#docbook">I feel that MaraDNS should use another documentation
165
-18. <A href="#patch">Is there any process I need to follow to add a patch
168
-19. <A href="#primary">Can MaraDNS act as a primary nameserver?</A><P>
170
-20. <A href="#secondary">Can MaraDNS act as a secondary nameserver?</A><P>
172
-21. <A href="#auth">What is the difference between an authoritative and
173
- a recursive DNS server?</A><P>
175
-22. <A href="#bailiwick">The getzone client isn't allowing me to add certain
176
- hostnames to my zone</A><P>
178
-23. <A href="#kosherzone">I have having problems transferring zones from
179
- MaraDNS' zone server to a BIND zone transfer client</A><P>
181
-24. <A href="#portable">Is MaraDNS portable?</A><P>
183
-25. <A href="#openbsd">How do I compile MaraDNS on OpenBSD?</A><P>
185
-26. <A href="#cygwin">Can I use MaraDNS in Windows?</A><P>
187
-27. <A href="#upstream">MaraDNS freezes up after being used for a while</A><P>
189
-28. <A href="#python">What kind of Python integration does MaraDNS have</A><P>
191
-29. <A href="#kvar">Doesn't "kvar" mean "four" in Esperanto?</A><p>
193
-30. <A href="#timestamp">How do I make MaraDNS' time stamps
194
- human-readable?</A><p>
196
-31. <A href="#scability">How scalable is MaraDNS?</A><p>
198
-32. <A href="#dcname">I'm getting a warning about dangling CNAME entries</A><p>
203
-<a name="tryout"> </a>
204
-<H2>1. How to I try out MaraDNS?</H2>
206
-<p>Read the <A href="quickstart.html">quick start guide</A>, which
207
- is the file named 0QuickStart in the MaraDNS distribution.
209
-<a name="license"> </a>
210
-<H2>2. What license is MaraDNS released under?</H2>
211
-<p>None, actually. MaraDNS is released to the public domain.
214
-<H2>3. How do I get MaraDNS to bind to multiple IP addresses?</H2>
216
-The current method is to run multiple copies of MaraDNS, each using its
223
-maradns -f /etc/mararc.1
224
-maradns -f /etc/mararc.2
229
-If you just want to bind to all IP addresses your computer has, bind to
230
-the IP "0.0.0.0"; however this can cause problems. See the next
233
-I don't think this will be too hard to correctly implement, since I
234
-already have code for specifying multiple IP addresses with the IP ACL
235
-code used by the zone server. Until then, I will add this workaround to
238
-<a name="ipsbug"> </a>
239
-<H2>4. How come BIND 9 can not process MaraDNS queries when MaraDNS is bound
240
-to multiple IP addresses?</H2>
241
-In certain cricumstances, when MaraDNS is bound to more than one IP
242
-address, the underlying OS will send the UDP reply with a different IP
243
-than the IP the UDP query was sent to. This will confuse BIND 9, since
244
-BIND 9's method for listening for requests that BIND has sent out expects
245
-the reply to come from the same IP that the request was sent to.
248
-<a name="bugzilla"> </a>
249
-<H2>5. How do I report bugs in MaraDNS?</H2>
252
-Before reporting a bug that MaraDNS has, please read the relevant man
253
-pages. The man pages should be installed when one installs MaraDNS, and,
254
-in addition, are available in the <tt>doc/man</tt> directory of the
255
-MaraDNS source tarball. (It is also possible that you are reading the man
259
-Some MaraDNS man pages (namely, the man pages for <B>maradns</B>,
260
-<B>askmara</B>, <B>zoneserver</B>, and <B>mararc</B>) have a section,
261
-titled "BUGS", which list already known bugs which I feel are not
262
-important enough to fix before the 1.0 release of MaraDNS. Bug reports
263
-which mention one of these bugs will be cheerfully ignored (or given a
264
-polite "thanks for the report, in this man page the bug is already
265
-mentioned" message if I am in a particularly good mood).
268
-Subscribe to the mailing list by sending mail to
269
-<A href="mailto:list-subscribe@maradns.org">list-subscribe@maradns.org</A>
270
-with "subscribe" as the subject line,
271
-and describe the bug by sending email to
272
-<A href="mailto:list@maradns.org">list@maradns.org</A>.
274
-<a name="chatter"> </a>
275
-<H2>6. Some of the postings to the mailing list do not talk about MaraDNS!</H2>
276
-In cases where I post something to the mailing list which does not directly
277
-talk about MaraDNS, the subject line will not have [MARA] in it, but will
278
-have some form of the word CHATTER in it.
280
-This way, people who do not like this can set up mail filters to filter out
281
-anything that comes from this list and doesn't have [MARA] in the subject
282
-line, or simply unsubscribe from the list and read the list from the
283
-archives; if one needs to report a bug, they can subscribe to the list
284
-again, post their bug, then unsubscribe after a week.
286
-Another option is to set up one's Freshmeat preferences to be notified
287
-in email every time I update MaraDNS at Freshmeat. This will give one
288
-email notice of any critical bug fixes without needing to be
289
-subscribed to the mailing list.
291
-The web page <A href="http://www.maradns.org">http://www.maradns.org/</A>
292
-has a link to the mailing list archives.
294
-<a name="unsub"> </a>
295
-<H2>7. How to I get off the mailing list?</H2>
296
-Send an email to list-request@maradns.org with "unsubscribe" as the
299
-<a name="rdns"> </a>
300
-<H2>8. How do I set up reverse DNS on MaraDNS?</H2>
302
-By using PTR (pointer) records. For example, the PTR record which performs
303
-the reverse DNS lookup for the ip 1.2.3.4 looks like this in a CSV1 zone
307
-P4.3.2.1.in-addr.arpa.|86400|www.example.com.
311
-If you wish to have a PTR (reverse DNS lookup; getting a DNS name from a
312
-numeric IP) record work on the internet at large, it is not a simple
313
-matter of just adding a record like this to a MaraDNS zonefile. One also
314
-needs control of the appropriate in-addr.arpa. domain.
318
-While it can make logical sense to contact the IP 10.11.12.13 when trying
319
-to get the reverse DNS lookup (fully qualified domain name) for a given
320
-IP, DNS servers don't do this. DNS server, instead, contact the root
321
-DNS servers for a given in-addr.arpa name to get the reverse DNS lookup,
322
-just like they do with any other record type.
326
-When an internet service provider is given a block of IPs, they are also
327
-given control of the DNS zones which allow them to control reverse DNS
328
-lookups for those IPs. While it is possible to obtain a domain and run
329
-a DNS server without the knowledge or intervention of an ISP, being
330
-able to control reverse DNS loookups for those IPs requires ISP
333
-<a name="timeout"> </a>
334
-<H2>9. I am on a slow network, and MaraDNS can not process recursive
337
-MaraDNS, by default, only waits two seconds for a reply from a remote
338
-DNS server. This default can be increased by adding a line like this
347
-Note that making this too high will slow MaraDNS down when DNS servers
348
-are down, which is, alas, all too common on today's internet.
350
-<a name="obtuse"> </a>
352
-<H2>10. When I try to run MaraDNS, I get a
353
-<tt>Fatal error: Error running populate_main program</tt>
354
-or a <tt>Fatal error: init_cache() failed</tt> error message.</H2>
356
-<p>If a line in a mararc file is too long, you will see, before the
357
-"Fatal error: Error running populate_main program" message, a message
358
-showing you the line number which is too long and the filename with
359
-the offending line. While it is possible to increase this limit
360
-by changing the appropriate variable in the MaraDns.h file, the
361
-current limit is in line with the 512-byte limit that UDP DNS
362
-packets have; MaraDNS does not currently support DNS over TCP.
364
-<p>Otherwise, this error message should not be visible. If it appears,
366
-the mailing list (see above), and describe your problem by sending email to
367
-<A href="mailto:list@maradns.org">list@maradns.org</A>. Be sure to include
368
-the following information:
370
-<ul><li>The contents of your /etc/mararc file
372
-<li>The contents of any files in /etc/maradns
374
-<li>The full output MaraDNS generates
378
-<a name="rrany"> </a>
379
-<H2>11. I am trying to register a domain under the .au or the .de name space,
380
-and my registrar is not taking my domain name</H2>
382
-<p>Both the German registrar and the Australian registrars require a RR_ANY
383
-request to return NS and SOA records. MaraDNS can do this if you add the
384
-following line to your mararc file:<p>
386
-<tt>default_rrany_set = 15</tt>
388
-<a name="netstat"> </a>
389
-<H2>12. After I start MaraDNS, I can not see the process when I run netstat -na
392
-Udp services do not have a prominent "LISTEN" when netstat is run.
394
-When MaraDNS is up, the relevant line in the netstat output looks
397
-udp 0 0 127.0.0.4:53 0.0.0.0:*
400
-While on the topic of netstat, if you run <TT>netstat -nap</TT> as root,
401
-you can see the names of the processes which are providing internet
404
-<a name="jsstr"> </a>
405
-<H2>13. What string library does MaraDNS use?</H2>
407
-<p>MaraDNS uses her own string library, which is called the "js_string"
408
-library. Man pages for most of the functions in the js_string library
409
-are in the folder <tt>doc/man</tt> of the <A href="download.html">MaraDNS
412
-<a name="license"> </a>
413
-<H2>14. Why is MaraDNS public domain instead of BSD or GPL licensed?</H2>
415
-<p>The post-1.0.xx releases of MaraDNS are, in fact, under a simple
416
- BSD license (without any "obnoxious" advertising clause).
417
-<p>I used a public domain (non-)license so that MaraDNS could be integrated
418
- with Python without trouble. While
419
-Python is, I believe, currently GPL compatible, Python was not
420
-GPL-compatible at the time I decided on a license for MaraDNS.
422
-<a name="thythreads"> </a>
423
-<H2>15. Why does MaraDNS use a multi-threaded model?</H2>
425
-<p>The multi-threaded model is, plain and simple, the simplest way to write
426
-a functioning recursive DNS server. There is a reason why MaraDNS, pdnsd, and
427
-BIND 9 all use the multi-threaded model.
429
-<a name="wishlist"> </a>
430
-<H2>16. I feel that XXX feature should be added to MaraDNS</H2>
432
-Before sending mail to the list with a feature request, please read
433
-the UNIMPLEMENTED FEATURES section of the MaraDNS man page, which has a
434
-list of feature requests other people have already sent me. If you do not
435
-see your requested feature in this section of the man page, send an email to
436
-the mailing list so that I can add your feature request to the
437
-UNIMPLEMENTED FEATURES section of the MaraDNS man page.
439
-Feature requests which include a patch which implements the feature in
440
-question are may even be implemented by MaraDNS, as long as the patch comes
441
-with a declaration that the patch is public domain.
443
-Note that MaraDNS is currently "frozen". In other words, new features will
444
-not be added until after the 1.0 release.
446
-<a name="docbook"> </a>
447
-<H2>17. I feel that MaraDNS should use another documentation format</H2>
449
-The reason that MaraDNS uses its own documentation format is to satisfy both
450
-the needs of translators to have a unified document format and my own
451
-need to use a documentation format that is simple enough to be readily
452
-understood and which I can add features on an
455
-The documentation format is essentially simplified HTML with some
456
-special tags added to meet MaraDNS' special needs.
458
-For people who prefer other formats of documentation, I am open to
459
-making filters which convert from MaraDNS' own "EJ" documentation format
460
-to the format in question after MaraDNS 1.0 is released.
462
-Having a given program have its own documentation format is not
463
-without precedent; Perl uses its own "pod" documentation format.
465
-<a name="patch"> </a>
466
-<H2>18. Is there any process I need to follow to add a patch to MaraDNS?</H2>
470
-<p>Here is the procedure for making a proper patch:
475
-<li>Enter the directory that the file is in, for example
476
- <tt>maradns-0.9.20/server</tt>
478
-<li>Copy over the file that you wish to modify to another file
479
- name. For example: <tt>cp MaraDNS.c MaraDNS.c.orig</tt>
481
-<li>Edit the file in question, e.g: <tt>vi MaraDNS.c</tt>
483
-<li>After editing, do something like this: <br><tt>
484
- diff -u MaraDNS.c.orig MaraDNS.c > maradns.patch</tt>
486
-<li>Make sure the modified version compiles cleanly
490
-Send a patch to me in email, along with a statement that you place
491
-the contents of the patch in to the public domain. If I find that the patch
492
-works well, I will integrate it in to MaraDNS.
494
-<a name="primary"> </a>
495
-<H2>19. Can MaraDNS act as a primary nameserver?</H2>
499
-<p>The <tt>zoneserver</tt> program serves zones so that other DNS servers
500
-can be secondaries for zones which MaraDNS serves. This is a separate
501
-program from the <tt>maradns</tt> server, which processes both
502
-authoritative and recursive UDP DNS queries.
504
-<a name="secondary"> </a>
505
-<H2>20. Can MaraDNS act as a secondary nameserver?</H2>
509
-<p>The 'getzone' program obtains zone files from remote DNS servers,
510
- outputting the contents of the zone file in MaraDNS' "csv1" zone
511
- file format. This program can be run from cron. If one desires
512
- more BIND-like functionality, getzone can be wrapped in a
513
- shell script that uses askmara to look at the SOA record to see if
514
- the serial number of the zone has changed.
516
-<p>I feel that the traditional DNS design of having a single application
517
- both serve DNS records and handle the maintenance of zone files is
518
- not ideal; the best design is to have a number of simple applications
521
-<a name="auth"> </a>
522
-<H2>21. What is the difference between an authoritative and a recursive DNS
525
-A recursive DNS server is a DNS server that is able to contact other DNS
526
-servers in order to resolve a given domain name label. This is the kind
527
-of DNS server one points to in /etc/resolve.conf
531
-An authoritative DNS server is a DNS server that a recursive server
532
-contacts in order to find out the answer to a given DNS query.
534
-<a name="bailiwick"> </a>
535
-<H2>22. The getzone client isn't allowing me to add certain hostnames to
538
-For security reasons, MaraDNS' getzone client does not
539
-add records which are not part of the zone in question. For example,
540
-if someone has a zone for example.com, and this record in the zone:
544
-P1.1.1.10.in-addr.arpa.|86400|dns.example.com.
547
-MaraDNS will not add the record, since the record is out-of-bailiwick. In
548
-other words, it is a host name that does not end in .example.com.
550
-There are two workarounds for this issue:
552
-<LI>Create a zone file for 1.1.10.in-addr.arpa., and put the PTR records
554
-<LI>Use rcp, rsync, or another method to copy over the zone files in
558
-<a name="kosherzone"> </a>
559
-<H2>23. I have having problems transferring zones from MaraDNS' zone server
560
- to a BIND zone transfer client</H2>
562
-<p>BIND is rather picky about what kind of data it will accept from
563
-a zone server. Make sure the following is true with your domain:
565
-<li>Make sure that the authoritative NS records are at the top of your
566
- zone, immediately after the SOA record
567
-<li>Make sure that your authoritative NS records are NS records
569
-<li>To work around <A href="quirks.html">a known bug in MaraDNS</a>, make
570
- sure you have at least one non-NS record between the authoritative NS
571
- records for your zone and any delegation NS records that exist in the
575
-Here is an example bad zone file (with a linefeed added to the SOA
578
-Sexample.com.|86400|example.com.|
579
-hostmaster@example.com.|1|86400|3600|6048000|86400
580
-Nbad.example.com.|86400|ns1.example.com.
581
-Nbad.example.com.|86400|ns2.example.com.
582
-Nsubdomain.example.com.|86400|ns.subdomain.example.com.
583
-Aexample.com.|12345|10.2.3.4
586
-Here is the same zone file, with corrections (and a linefeed added to the
589
-Sexample.com.|86400|example.com.|
590
-hostmaster@example.com.|1|86400|3600|6048000|86400
591
-Nexample.com.|86400|ns1.example.com.
592
-Nexample.com.|86400|ns2.example.com.
593
-Aexample.com.|12345|10.2.3.4
594
-Nsubdomain.example.com.|86400|ns.subdomain.example.com.
596
-<a name="portable"> </a>
597
-<H2>24. Is MaraDNS portable?</H2>
599
-<p>While I intend to have MaraDNS be a portable DNS server which will
600
-compile on a variety of unices, right now all of MaraDNS's work development
601
-is being done on Linux.
602
-In terms of proprietary OSes, I know that SCO Open Server,
603
-SCO UNIXware and <A href="solaris.html">Solaris</A> have issues running a
604
-UDP or TCP server in a chroot() environment. Word is that, with
605
-Solaris and UNIXware, placing /dev/tcp and /dev/udp in the chroot() jail
606
-will allow a server like MaraDNS to function.
608
-<a name="openbsd"> </a>
609
-<H2>25. How do I compile MaraDNS on OpenBSD?</H2>
612
-There are two ways to do this:
615
-To use the native thread support add -pthread to the CFLAGS variable.
617
-To use the GNU pthread library, install the pth package and add
618
--L/usr/local/lib/pth to the linker.
620
-(Florin Iucha provided this tip)
622
-<a name="cygwin"> </a>
623
-<H2>26. Can I use MaraDNS in Windows?</H2>
629
-Provided, of course, that one has the Cygwin environment which emulates
630
-a UNIX environment in Windows.
633
-MaraDNS should now compile fine on Cygwin systems. If not, join the mailing
634
-list and let me know; I will correct this FAQ entry.
636
-<a name="upstream"> </a>
637
-<H2>27. MaraDNS freezes up after being used for a while</H2>
639
-If using your ISP's name servers or some other name servers which
640
-are not, in fact, root name servers, please make sure that you are
641
-using the upstream_servers dictionary variable instead of the
642
-root_servers dictionary variable.
646
-If you still see MaraDNS freeze up after making this correction, please
647
-send a bug report to the mailing list.
649
-<a name="python"> </a>
650
-<H2>28. What kind of Python integration does MaraDNS have</H2>
652
-The mararc file uses the same syntax that Python uses; in fact, Python
653
-can parse a properly formatted mararc file.
655
-There is currently no other integration with Python.
657
-<a name="kvar"> </a>
658
-<H2>29. Doesn't "kvar" mean "four" in Esperanto?</H2>
660
-Indeed, it does. However the use of "kvar" in the MaraDNS source
661
-code only coincidentally is an Esperanto word. "kvar" is short
662
-for "Kiwi variable"; a lot of the parsing code comes from the code
663
-used in the Kiwi spam filter project.
665
-<a name="timestamp"> </a>
666
-<H2>30. How do I make MaraDNS' time stamps human-readable?</H2>
668
-MaraDNS uses standard UNIX timestamps; which is the number of
669
-seconds since Midnight, January 1, 1970.
671
-To make MaraDNS' time stamps human readable, use this awk script:
674
-maradns -f /etc/maradns | awk '
676
- gsub(/Timestamp: ([0-9]+)/,
677
- strftime("%a, %d %b %Y %H:%M:%S",$2),$0)}
678
- {print}' >> logfile
681
-The MaraDNS startup script has the option to use this Awk script
682
-to convert the time stamp; read the script for details.
684
-<a name="scability"> </a>
685
-<H2>31. How scalable is MaraDNS?</H2>
687
-MaraDNS is optimized for serving a small number of domains as quickly
688
-as possible. That said, MaraDNS is remarkably efficnent for serving a
689
-large number of domains, as long as the server MaraDNS is on has the
690
-memory to fit all of the domains, and as long as the startup time for
691
-loading a large number of domains can be worked around.
693
-The "big-O" or "theta" growth rates for various MaraDNS functions
694
-are as follows, where N is the number of authoritative host names being
700
-Processing incoming DNS requests 1
703
-As can be seen, MaraDNS will process 1 or 100000 domains in the same amount
704
-of time, once the domain names are loaded in to memory.
706
-<a name="dcname"> </a>
707
-<H2>I'm getting a warning about dangling CNAME entries</H2>
709
-Let us suppose we have a CNAME record without an A record in the local
710
-DNS server's database, such as:
713
- Cgoogle.example.com.|86400|www.google.com.
717
-This record, which is a CNAME record for "google.example.com", points
718
-to "www.google.com". Some DNS servers will recursively look up
719
-www.google.com, and render the above record like this:
722
- Cgoogle.example.com.|86400|www.google.com.
723
- Awww.google.com.|900|66.102.7.104
728
-For security reasons, MaraDNS doesn't do this. Instead, MaraDNS will simply
732
- Cgoogle.example.com.|86400|www.google.com.
735
-Some stub resolvers will be unable to resolve google.example.com as
739
-If you want to remove these warnings, add the following to your mararc file:
742
- no_cname_warnings = 1
747
-Information about how to get MaraDNS to resolve dangling CNAME
748
-records is in the tutorial file <A
749
-href="http://www.maradns.org/tutorial/dangling.html">dangling.html</A>
751
-<!-- <a name="memusage"> </a>
752
-<H2>32. How much memory does MaraDNS use?</H2> -->
753
+<h1>MaraDNS 1.0: Do not use</h1>
755
+This page used to contain a FAQ for version 1.0 of MaraDNS. This
756
+release is no longer maintained and has known security problems.
757
+Please update to version 1.4 (or 2.0 if feasible); a guide for
758
+updating MaraDNS is available <A href=/tutorial/update.html>here</A>.
759
--- maradns-2.0.02/doc/en/webpage/faq.embed 2010-09-26 12:56:37.000000000 -0400
760
+++ maradns-2.0.03/doc/en/webpage/faq.embed 2011-03-18 13:06:32.000000000 -0400
761
@@ -141,18 +141,25 @@
763
<H2>1. I'm using an older version of MaraDNS</H2>
765
-Upgrade to MaraDNS 1.4. MaraDNS 1.4 is compatible with older versions
766
-of MaraDNS, with the relatively few changes need to upgrade
767
+Upgrade to MaraDNS 1.4 or MaraDNS 2.0. MaraDNS 1.4 is compatible with
768
+older versions of MaraDNS, with the relatively few changes need to upgrade
769
<A href=http://maradns.org/tutorial/update.html>documented</A>.
773
+Use MaraDNS 2.0 if there are any issues using MaraDNS 1.4 to recursively
774
+resolve records (via <tt>recursive_acl</tt>); the recursive resolver
775
+in MaraDNS 1.4 is deprecated and only critical security issues are fixed
776
+with it. MaraDNS 2.0 uses the separate daemon Deadwood to recursively
781
MaraDNS 1.0 and 1.2 are only supported for critical security updates, and
782
will no longer be supported on December 21, 2010. MaraDNS 1.3 is also only
783
supported for critical security updates, and support will stop on December
784
-21, 2012. MaraDNS 1.4 will be fully supported (security and other important
785
-bug fixes) for the foreseeable future, alongside MaraDNS 2.0 when and if
787
+21, 2012. MaraDNS 1.4 and MaraDNS 2.0 are both fully supported (security
788
+and other important bug fixes) for the foreseeable future.
792
@@ -257,10 +264,10 @@
796
-<H2>8. I am on a slow network, and MaraDNS can not process recursive
797
+<H2>8. I am on a slow network, and Deadwood can not process recursive
800
-MaraDNS, by default, only waits two seconds for a reply from a remote
801
+Deadwood, by default, only waits two seconds for a reply from a remote
802
DNS server. This default can be increased by adding a line like this
805
@@ -321,35 +328,22 @@
807
<H2>12. Why does MaraDNS use a multi-threaded model?</H2>
809
-<p>The multi-threaded model is, plain and simple, the simplest way to write
810
-a functioning recursive DNS server. There is a reason why MaraDNS, pdnsd, and
811
-BIND 9 all use the multi-threaded model.
812
+<p>MaraDNS 2.0 no longer uses threads.
814
-<p>MaraDNS 2.0, when and if it is released, will not use threads.
815
+<p>The multi-threaded model was the simplest way to write
816
+a functioning recursive DNS server for MaraDNS 1.0. There is a reason
817
+why MaraDNS, pdnsd, and BIND 9 all use the multi-threaded model.
819
+<p>It took me nearly three years to rewrite MaraDNS' recursive resolver
820
+as a separate non-threaded daemon. This has been done, and now all recursion
821
+is done with Deadwood which does not need threads.
825
<H2>13. I feel that XXX feature should be added to MaraDNS</H2>
827
-The only thing that will convince me to implement a given feature for
828
-MaraDNS is cold, hard cash. If you want me to keep a given feature
829
-proprietary, you better have lots of cold hard cash.
831
-The only feature I will implement for free is to finish up full
832
-recursion in Deadwood, including IPv6 support. I have <A
833
-href=http://maradns.blogspot.com/2009/06/why-i-will-not-implement-dns-curve.html>no
834
-plans to implement DNS curve</A>, nor <A
835
-href=http://maradns.blogspot.com/2009/11/maradns-wish-list-status.html>DNSsec,
836
-Geo IP, or whatever feature you want me to implement for fun and for free</A>.
838
-Keep in mind that both the BIND and NSD name servers were
839
-developed by having the programmers paid to work on the programs.
840
-PowerDNS was originally commercial software with the author only
841
-reluctantly made GPL after seeing that the market
842
-for a commercial DNS server is very small. All of the other DNS servers
843
-which have been developed as hobbyist projects (Posadis, Pdnsd, and djbdns)
844
-are no longer being actively worked on by the primary developer.
846
+There are no plans to add new features to MaraDNS or Deadwood at
851
@@ -411,10 +405,11 @@
853
<p>The <tt>zoneserver</tt> program serves zones so that other DNS servers
854
can be secondaries for zones which MaraDNS serves. This is a separate
855
-program from the <tt>maradns</tt> server, which processes both
856
-authoritative and recursive UDP DNS queries.
857
+program from the <tt>maradns</tt> server, which processes
858
+authoritative UDP DNS queries, and Deadwood which processes recursive
861
-<p>See the <A href="http://www.maradns.org/tutorial/1.2/dnsmaster.html">DNS
862
+<p>See the <A href="http://www.maradns.org/tutorial/dnsmaster.html">DNS
863
master</A> document in the MaraDNS tutorial for details.
870
-<p>Please read the <A href="http://www.maradns.org/tutorial/1.2/dnsslave.html">
871
+<p>Please read the <A href="http://www.maradns.org/tutorial/dnsslave.html">
872
DNS slave</A> document, which is part of the MaraDNS tutorial.
877
<H2>18. What is the difference between an authoritative and a recursive DNS
878
@@ -434,12 +428,14 @@
880
A recursive DNS server is a DNS server that is able to contact other DNS
881
servers in order to resolve a given domain name label. This is the kind
882
-of DNS server one points to in <tt>/etc/resolve.conf</tt>
883
+of DNS server one points to in <tt>/etc/resolve.conf</tt>. MaraDNS uses
884
+the Deadwood daemon to process recursive DNS queries.
888
An authoritative DNS server is a DNS server that a recursive server
889
-contacts in order to find out the answer to a given DNS query.
890
+contacts in order to find out the answer to a given DNS query. The
891
+maradns daemon processes authoritative DNS queries.
895
@@ -548,22 +544,23 @@
897
<h2>26. I am having problems setting <tt>upstream_servers</tt></h2>
899
-The <tt>upstream_servers</tt> mararc variable is set thusly:
900
+<tt>upstream_servers</tt> is only supported by Deadwood, and is no
901
+longer supported in MaraDNS 2.0.
903
+The <tt>upstream_servers</tt> dwood3rc variable is set thusly:
906
<tt>upstream_servers["."] = "10.3.28.79, 10.2.19.83"</tt>
909
-Note the <tt>["."]</tt>. The reason for this is so future versions
910
-of MaraDNS may have more fine-grained control over the
911
-<tt>upstream_servers</tt> and <tt>root_servers</tt> values.
912
+Note the <tt>["."]</tt>.
916
Note that the <tt>upstream_servers</tt> variable needs to be initialized
917
before being used via <tt>upstream_servers = {}</tt> (the reason for this
918
-is so that a mararc file has 100% Python-compatible syntax). A complete
919
-mararc file that uses <tt>upstream_servers</tt> may look like this:
920
+is so that a dwood3rc file has 100% Python-compatible syntax). A complete
921
+dwood3rc file that uses <tt>upstream_servers</tt> may look like this:
924
ipv4_bind_addresses = "127.0.0.1"
926
<h2>31. I have a NS delegation, and MaraDNS is doing
929
-In the case of there being a NS delegation, MaraDNS handles recursive
930
-queries and non-recursive DNS queries differently. Basically, unless
931
-you use <tt>askmara</tt> with the <tt>-n</tt> option, dig with the
932
-<tt>+norecuse</tt> option, or <tt>nslookup</tt> with the <tt>-norec</tt>
933
-option, MaraDNS will try to recursively resolve the record that is
938
-The thinking is this: A normal recursive DNS query is usually one
939
-where one wants to know the final DNS output. So, if MaraDNS
940
-delegates a given record to another DNS server, and gets a recursive
941
-request for said query, MaraDNS will recursively resolve the query
946
-For example, let us suppose we have a <tt>mararc</tt> file that looks
950
-chroot_dir = "/etc/maradns"
951
-ipv4_bind_addresses = "10.1.2.3"
952
-chroot_dir = "/etc/maradns"
953
-recursive_acl = "127.0.0.1/8, 10.0.0.0/8"
955
-csv2["example.com."] = "db.example.com"
958
-And a <tt>db.example.com</tt> file that looks like this:
961
-www.example.com. 10.1.2.3
962
-joe.example.com. NS ns.joe.example.com.
963
-ns.joe.example.com. A 10.1.2.4
966
-Next, you are trying to find out why www.joe.example.com is not
967
-resolving. If you naively send a query to 10.1.2.3 for www.joe.example.com
968
-as <tt>askmara Awww.joe.example.com. 10.1.2.3</tt> or as
969
-<tt>dig @10.1.2.3 www.joe.example.com.</tt> or as
970
-<tt>nslookup www.joe.example.com. 10.1.2.3</tt>, you will <b>not</b>
971
-get any information that will help you solve the problem, since 10.1.2.3
972
-will try to contact 10.1.2.4 to resolve www.joe.example.com.
976
-The solution is to run your DNS query client thusly:
979
-<li>Askmara would be run thusly:
980
-<p><tt>askmara -n Awww.joe.example.com. 10.1.2.3</tt><p>
981
-<li>Dig would be run thusly:
982
-<p><tt>dig +norecurse @10.1.2.3 www.joe.example.com</tt><p>
983
-<li>Nslookup would be run thusly:
984
-<p><tt>nslookup -norec www.joe.example.com 10.1.2.3</tt><p>
987
-This will allow you to see that packets MaraDNS actually sends to
988
-a recursive DNS server.
992
-As an aside, this particular problem will not happen if MaraDNS is
993
-run only as an authoritative nameserver.
994
+This is only an issue in MaraDNS 1.4. MaraDNS 2.0 does not allow
995
+the same IP to both authoritatively and recursively resolve records.
997
<A name="synthns"> </A>
1000
<A name=roothints> </A>
1001
<h2>33. Where is the root.hints file?</h2>
1003
-MaraDNS, unlike BIND, does not need a complicated root.hints file in
1004
-order to have custom root servers. In order to change the root.hints
1005
-file, add something like this to your mararc file:
1006
+MaraDNS (actually, Deadwood), unlike BIND, does not need a complicated
1007
+root.hints file in order to have custom root servers. In order to change
1008
+the root.hints file, add something like this to your dwood3rc file:
1011
root_servers["."] = "131.161.247.232,"
1019
In more detail, MaraDNS does not use autoconf for the following reasons:
1020
@@ -1026,7 +959,7 @@
1022
This bug has been fixed in MaraDNS 1.3 and 1.4; since this is not a
1023
security bug (there is a perfectly good workaround), this bug will not
1024
-be fixed in MaraDNS 1.2.
1025
+be fixed in MaraDNS 1.2 unless you pay me to fix it.
1029
@@ -1039,17 +972,17 @@
1033
-<li> MaraDNS version 1.4 needs to be used; if you're using an
1034
+<li> MaraDNS version 1.4 or 2.0 needs to be used; if you're using an
1035
older version of MaraDNS, upgrade.
1037
-<li> It is necessary to have recursion disabled. This can be done either by
1038
-compiling MaraDNS without recursive support (./configure --authonly ; make),
1039
+<li> It is necessary to have recursion disabled, if using MaraDNS 1.4, either
1040
+by compiling MaraDNS without recursive support (./configure --authonly ; make),
1041
or by making sure MaraDNS does not have recursion enabled (by not having
1042
-<tt>recursive_acl</tt> set in one's mararc file)
1043
+<tt>recursive_acl</tt> set in one's MaraDNS 1.4 mararc file)
1047
-If one wishes to both register domains with AFNIC and use MaraDNS as a
1048
+If one wishes to both register domains with AFNIC and use MaraDNS 1.4 as a
1049
recursive DNS server, it is required to have the recursive server be a
1050
separate instance of MaraDNS on a separate IP. It is not possible to have
1051
the same DNS server both send DNS packets in a way that both makes AFNIC
1052
@@ -1069,8 +1002,8 @@
1054
<h2>43. I can't see the full answers for subdomains I have delegated</h2>
1056
-To have the subdomains be visible to recursive nameservers, add the following
1057
-to your mararc file:
1058
+To have the subdomains be visible to MaraDNS 1.4 recursive nameservers,
1059
+add the following to your mararc file:
1061
<tt>recurse_delegation = 1</tt>
1063
@@ -1078,7 +1011,7 @@
1065
<h2>44. MaraDNS 1 has a problem resolving a domain</h2>
1067
-This issue should be fixed when I release MaraDNS 2.0.
1068
+This issue should be fixed in MaraDNS 2.0.
1072
@@ -1089,7 +1022,7 @@
1075
The new recursive resolver is called "Deadwood"; right now it's fully
1076
-functional and undergoing beta-testing. More information is here:
1077
+functional and part of MaraDNS 2.0. More information is here:
1079
<A href=http://maradns.blogspot.com/search/label/Deadwood>http://maradns.blogspot.com/search/label/Deadwood</A>
1081
@@ -1097,11 +1030,8 @@
1083
Since the old recursive code is a bit difficult to maintain, and since I
1084
in the process of rewriting the recursive code, my rule is that I will only
1085
-resolve security issues with MaraDNS 1.0's recursive resolver without
1087
+resolve security issues with MaraDNS 1.0's recursive resolver.
1089
-If resolving a given domain with MaraDNS' code is an urgent issue
1090
-for you, please consider helping beta-test Deadwood.
1092
<A name=nxdomain2> </A>
1093
<h2>45. MaraDNS 1.2 has issues with NXDOMAINS and case sensitivity.</h2>
1094
@@ -1115,8 +1045,9 @@
1097
If this is an issue for your organization, please upgrade to a newer
1098
-version of MaraDNS; MaraDNS 1.4 does not have
1100
+version of MaraDNS; MaraDNS 1.4 and 2.0 do not have
1101
+this bug. If you want to see this bug fixed in MaraDNS 1.2, please
1102
+help sponsor MaraDNS.
1104
<A name=phishing> </A>
1105
<h2>46. Can MaraDNS offer protection from phishing and
1106
--- maradns-2.0.02/doc/en/webpage/index.embed 2010-09-26 12:57:25.000000000 -0400
1107
+++ maradns-2.0.03/doc/en/webpage/index.embed 2011-03-18 13:06:32.000000000 -0400
1109
MaraDNS has a long history of being maintained and updated.
1110
Actively developed since 2001,
1111
MaraDNS continues to be supported: The most recent
1112
-release was done on September 25, 2010. Deadwood, the recursive code that will
1113
-become part of MaraDNS 2.0, is currently <A href=deadwood/>stable code</A>.
1114
+release was done on February 5, 2011. Deadwood, the recursive code that
1115
+is part of MaraDNS 2.0, is currently <A href=deadwood/>stable code</A>.
1116
<li><b>Easy to use</b>. A basic recursive configuration needs only a
1117
single three-line configuration file. A basic authoritative configuration
1118
needs only a four-line configuration file and a one-line zone file.
1119
--- maradns-2.0.02/doc/en/webpage/license.embed 2010-02-02 12:12:44.000000000 -0500
1120
+++ maradns-2.0.03/doc/en/webpage/license.embed 2011-03-18 13:06:32.000000000 -0400
1122
MaraDNS' license is as follows:
1125
-Copyright (c) 2002-2010 Sam Trenholme and others
1126
+Copyright (c) 2002-2011 Sam Trenholme and others
1130
--- maradns-2.0.02/doc/en/webpage/products.embed 2010-09-26 12:52:38.000000000 -0400
1131
+++ maradns-2.0.03/doc/en/webpage/products.embed 2011-03-18 13:06:32.000000000 -0400
1133
-<h1>MaraDNS: Forever Free</h1>
1134
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
1135
+<html><head><title>MaraDNS - a security-aware DNS server</title>
1136
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
1137
+<link rel="stylesheet" title="Woodson (Default)"
1138
+ type="text/css" media="screen, projection" href="maradns-1.2-s.css">
1139
+<link rel="alternate stylesheet" title="Large Print"
1140
+ type="text/css" media="screen, projection" href="maradns-1.2-l.css">
1141
+<link rel="stylesheet" type="text/css" media="print"
1142
+ href="maradns-1.2-p.css">
1143
+<link rel="stylesheet" type="text/css" media="handheld"
1144
+ href="maradns-1.2-h.css">
1145
+<script type=text/javascript src=styleswitcher.js></script>
1149
-I would like to thank everyone who has helped with MaraDNS development
1150
-over the years. I now have a job with a living wage in the United States
1151
-and therefore no longer need to solicit donations for MaraDNS.
1152
+<div align=center id=maradns-all>
1156
+<td valign=top width=340>
1157
+<font id=maradns-name size="+4"><i><b>MaraDNS</b></i></font>
1160
+A security-aware DNS server
1163
+<td> </td>
1164
+<td valign=top id=topright width=220>
1165
+ <div align=right><table><tr><td id=trabalengua>
1167
+ Erre con erre cigarro<br>
1168
+ Erre con erre barril<br>
1169
+ Rápido ruedan los carros<br>
1170
+ En el ferrocarril<br></i>
1171
+ </td></tr></table></div>
1174
+<script type=text/javascript>
1178
+ <a href="index.html">Main</a>
1179
+ <a href="download.html">Download</a>
1180
+ <a href="notes.html">Documentation</a>
1181
+ <a href="/blog">Blog</a>
1182
+ <a href="changelog.html">Changelog</a>
1184
+ <a href="sponsors.html">Sponsors</a>
1185
+ <a href="products.html">Products</a>
1187
+</div> <!-- maradns-l -->
1188
+<script type="text/javascript">
1190
+if(isOKbrowser()) {
1191
+document.write("<p class=nocss><font size=-1>The following links that change text size will do nothing on your browser because your browser does not support CSS. This page is otherwise usable in a non-CSS browser.");
1192
+document.write("<\/font><\/p><div class=makelarge><div class=iebug>");
1193
+document.write("To make the font larger, <A href=\"#\" onclick=\"setActiveStyleSheet('Large Print');return false;\">click here<\/A><\/div><\/div><p class=makenormal>");
1194
+document.write("To see this without using a large font, <A href=\"#\" onclick=\"setActiveStyleSheet('Woodson (Default)');return false;\">click here<\/A><\/p>");
1200
+<table><tr><td class=content width=596>
1202
+<!-- end header -->
1203
+<h1>MaraDNS products</h1>
1205
+Sponsorship is what made continued MaraDNS development possible.
1209
+For a while, I accepted sponsorship for people who helped compensate me
1210
+for the hard work I did developing MaraDNS. <b>I no longer need donations
1211
+to help with MaraDNS development</b>
1213
--- maradns-2.0.02/doc/en/webpage/search.embed 2011-03-18 13:29:45.000000000 -0400
1214
+++ maradns-2.0.03/doc/en/webpage/search.embed 2011-03-18 13:06:32.000000000 -0400
1216
+<h1>Search MaraDNS documentation</h1>
1218
+If you wish to search this site, please enter what you
1219
+are looking for in the following box. <p>
1221
+<!-- Google Custom Search Element -->
1222
+<div id="cse" style="width:100%;">Loading</div>
1223
+<script src="http://www.google.com/jsapi" type="text/javascript"></script>
1224
+<script type="text/javascript">
1225
+ google.load('search', '1');
1226
+ google.setOnLoadCallback(function(){
1227
+ new google.search.CustomSearchControl().draw('cse');
1230
+<noscript>Please enable JavaScript if you wish to search this site.
1231
+If you do not wish to or can not enable JavaScript, go to <A
1232
+href=http://google.com>google.com</A> and type in a query like
1233
+"<A href=http://www.google.com.mx/search?q=whatever+site%3Amaradns.org>whatever site:maradns.org</A>"</noscript>
1235
--- maradns-2.0.02/doc/en/webpage/Makefile 2009-12-21 10:28:41.000000000 -0500
1236
+++ maradns-2.0.03/doc/en/webpage/Makefile 2011-03-18 13:06:32.000000000 -0400
1238
all: changelog.html contact.html dns_software.html download.html \
1239
faq-1.0.html faq.html index.html license.html notes.html \
1240
sponsors.html security.html advocacy.html debian.html \
1242
+ products.html search.html
1244
changelog.html: changelog.embed maradns-1.2-top.html maradns-1.2-bottom.html
1245
./make.page changelog.embed
1247
security.html: security.embed maradns-1.2-top.html maradns-1.2-bottom.html
1248
./make.page security.embed
1250
+# Added 2011.03.18: Make it easier for users to search the docs
1251
+search.html: security.embed maradns-1.2-top.html maradns-1.2-bottom.html
1252
+ ./make.page search.embed
1254
advocacy.html: advocacy.embed maradns-1.2-top.html maradns-1.2-bottom.html
1255
./make.page advocacy.embed
1257
--- maradns-2.0.02/doc/en/webpage/security.embed 2010-02-02 12:12:44.000000000 -0500
1258
+++ maradns-2.0.03/doc/en/webpage/security.embed 2011-03-18 13:30:39.000000000 -0400
1261
<i>For people who just want to quickly get current with MaraDNS' security
1262
history should jump to the <A href="#history">history section</A>. Note
1263
-that MaraDNS last reported security problem was on February 2, 2010</i><p>
1264
+that MaraDNS last reported security problem was on or before
1265
+February 5, 2011</i>
1267
-MaraDNS should be a secure DNS server.
1269
+For people with a security bug to report: <A
1270
+href=http://samiam.org/mailme.php>Contact me</A>
1272
+<p>MaraDNS should be a secure DNS server.
1276
@@ -344,4 +349,25 @@
1278
Impact: Denial of service.
1281
+An array of integers was allocated in bytes instead of sizeof(int) units.
1282
+The resulted in a buffer being too small, allowing it to be overwritten.
1283
+Since the data placed in the overwritten array can not be remotely controlled
1284
+(it is a list of increasing integers), there is no way to increase privileges
1285
+exploiting this bug.
1289
+This bug was fixed in MaraDNS 1.3.07.11, MaraDNS 1.4.06, and MaraDNS 2.0.02,
1290
+released on or before February 5, 2011. This bug also impacts MaraDNS 1.0
1291
+and MaraDNS 1.2; since these versions of MaraDNS have passed their end of
1292
+life, they have not been updated.
1296
+More information is at <A href=http://samiam.org/blog/20110129.html>this blog