92
92
See csv2(5) for a description of this file's format.
94
The dictionary index (zone name) can not have a * in it. If it
95
does, MaraDNS will terminate with an "Illegal zone name" error.
96
99
csv1: Used to indicate the filename to use for a given zone
194
197
elements, the element with the most domain name labels that
195
198
matches the end of the hostname one is searching for is used.
197
For exmaple, let us suppose we have the following root_servers
200
For example, let us suppose we have the following root_servers
200
203
root_servers["."] = "198.41.0.4"
284
287
This accepts a single IP in dotted-decimal (e.g. "127.0.0.1")
285
288
notation, and specifies what IP address the MaraDNS server will
286
289
listen on. Note that ipv4_bind_addresses has the same
287
functionality. This name is included so that MaraDNS 1.0
288
configuration files will continue to work with MaraDNS 1.2.
290
functionality. This name is included so that old MaraDNS
291
configuration files will continue to work with new MaraDNS
290
294
bind_star_handling
348
352
* Stars are allowed at the end of hostnames
349
353
* A SOA record is mandatory
350
354
* NS records are mandatory
351
* Neither CNAME nor FQDN4 records are permitted in the zone
355
* Neither CNAME, FQDN4, nor FQDN6 records are permitted in the
353
357
* Delegation NS records are not permitted in the zone file
354
358
* Default zonefiles may not be transferred via zone transfer
355
359
* Both recursion and default zonefiles may not be enabled at
358
362
csv2_synthip_list
375
379
value between 0 and 3 (four possible values). The way the csv2
376
380
parser acts at different csv2_tilde_handling levels:
378
* 0) The csv2 parser behaves the same as it does in MaraDNS
379
1.2: The tilde has no special significance to the parser.
382
* 0) The csv2 parser behaves the same as it does in old
383
MaraDNS releases: The tilde has no special significance to
380
385
* 1) A tilde is not allowed anywhere in a csv2 zone file.
381
386
* 2) A tilde is only allowed between records in a csv2 zone
382
387
file. If a tilde is between the first record and the second
389
394
The default value for csv2_tilde_handling is 2; this allows
390
compatibility with all 1.2 zone files without tildes while
395
compatibility with older zone files without tildes while
391
396
allowing zone files to be updated to use the tilde to separate
392
397
resource records.
412
417
MaraDNS has allocated. Note that the overhead for tracking
413
418
memory usage is considerable and that compiling MaraDNS with
414
419
"make debug" will greatly slow down MaraDNS. A debug build of
415
MaraDNS is not reccomended for production use.
420
MaraDNS is not recommended for production use.
417
422
When set to three or higher, a Ttimestamp.maradns. query will
418
423
return, in seconds since the UNIX epoch, the timestamp for the
421
426
default_rrany_set
423
428
This variable used to determine what kind of resource records
424
were returned when an ANY query was sent. In MaraDNS 1.2, the
425
data structures have been revised to return any resource record
429
were returned when an ANY query was sent. In MaraDNS, the data
430
structures have since been revised to return any resource record
426
431
type when an ANY query is sent; this variable does nothing, and
427
is only here so that MaraDNS 1.0 mararc files will continue to
432
is only here so that old MaraDNS mararc files will continue to
428
433
work. The only accepted values for this variable were 3 and 15.
439
444
If this is set to a non-zero value, certain features of MaraDNS
440
445
will be disabled in order to speed up MaraDNS' response time.
441
This is designed for situtations when a MaraDNS server is
446
This is designed for situations when a MaraDNS server is
442
447
receiving a large number of queries, such as during a denial of
449
454
* A dos_protection_level between 1 and 78 (inclusive) disables
450
455
getting MaraDNS status information remotely.
451
456
* A dos_protection_level of 8 or above disables CNAME lookups.
452
* A dos_protection_level or 12 or above diables delegation NS
457
* A dos_protection_level or 12 or above disables delegation NS
454
459
* A dos_protection_level of 14 or above disables ANY record
475
480
This is a numeric variable which determines how the recursive
476
481
resolver informs the client that Mara was unable to contact any
477
482
remote DNS servers when trying to resolve a given domain. If
478
this is set to 0, no reponse will be sent to the DNS client. If
483
this is set to 0, no response will be sent to the DNS client. If
479
484
this is set to 1, a "server fail" message will be sent to the
480
DNS client. If this is set to 2, a "this host does not exist"
481
message will be sent to the DNS client. The default value for
485
DNS client. If this is set to 2, either a "this host does not
486
exist" message will be sent to the DNS client if notthere_ip is
487
not set, or the IP specified in notthere_ip will be sent if set.
488
The default value for this is 1.
654
660
As an aside, RFC1123 section 6.1.2.1 implies that zero-length
655
661
TTL records should be passed on with a TTL of zero. This,
656
unfortunatly, breaks some stub resolvers (such as Mozilla's stub
662
unfortunately, breaks some stub resolvers (such as Mozilla's
667
This parameter, if set, causes MaraDNS' recursive resolver to
668
return a 0-TTL synthetic IP for non-existent hostnames instead
669
of a "this host does not exist" DNS reply. The IP returned is
670
the value for this parameter.
672
For example, if one wishes to send the IP 10.11.12.13 to clients
673
whenever MaraDNS' recursive resolver gets a "this host does not
674
exist" reply, set notthere_ip thusly:
676
notthere_ip = "10.11.12.13"
678
If one also wishes to have this IP returned when there is no
679
reply from remote DNS servers, set handle_noreply thusly:
683
This parameter only affects the recursive resolver, and doesn't
684
affect authoritative zones that MaraDNS serves. This parameter
685
only affects A queries, and doesn't affect other DNS query
661
randsom_seed_file: The file from which we read 16 bytes from to
690
random_seed_file: The file from which we read 16 bytes from to
662
691
get the 128-bit seed for the secure pseudo random number
665
This localcation of this file is relative to the root of the
694
The location of this file is relative to the root of the
666
695
filesystem, not MaraDNS' chroot directory.
668
697
This is ideally a file which is a good source of random numbers
741
770
retry_cycles: The number of times the recursive resolver will
742
771
try to contact all of the DNS servers to resolve a given name
743
before giving up. This feature was added to MaraDNS 1.2.08, and
744
has a default value of 2.
772
before giving up. This has a default value of 2.
848
876
timestamp_type: The type of timestamp to display. The main
849
purpose of this option is to supress the output of timestamps.
877
purpose of this option is to suppress the output of timestamps.
850
878
Since duende uses syslog() to output data, and since syslog()
851
879
adds its own timestamp, this option should be set to 5 when
852
880
maradns is invoked with the duende tool.
892
920
contact other DNS servers. This is usually 53 (the default
893
921
value), but certain unusual MaraDNS setups (such as when
894
922
resolving dangling CNAME records on but a single IP) may need to
895
have a different valur for this.
923
have a different value for this.
980
1008
# Normally, MaraDNS only returns A and MX records when given a
981
1009
# QTYPE=* (all RR types) query. Changing the value of default_rrany_set
982
1010
# to 15 causes MaraDNS to also return the NS and SOA records, which
983
# some registars require. The default value of this is 3
1011
# some registrars require. The default value of this is 3
984
1012
default_rrany_set = 3
986
1014
# These constants limit the number of records we will display, in order
1019
1047
ipv4_alias["icann"] = "198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90,"
1020
1048
ipv4_alias["icann"] += "192.203.230.10, 192.5.5.241, 192.112.36.4,"
1021
1049
ipv4_alias["icann"] += "128.63.2.53, 192.36.148.17, 192.58.128.30,"
1022
ipv4_alias["icann"] += "193.0.14.129, 198.32.64.12, 202.12.27.33"
1050
ipv4_alias["icann"] += "193.0.14.129, 199.7.83.42, 202.12.27.33"
1024
1052
# OpenNIC: http://www.opennic.unrated.net/
1025
1053
# Current as of 2005/11/30; these servers change frequently so please
1064
1092
#zone_transfer_acl = "company"
1066
1094
# If you want to enable recursion on the loopback interface, uncomment
1067
# the relevent lines in the following section
1095
# the relevant lines in the following section
1069
# Recursive ACL: Who is allowd to perform recursive queries. The format
1097
# Recursive ACL: Who is allowed to perform recursive queries. The format
1070
1098
# is identical to that of "zone_transfer_acl", including ipv4_alias support
1072
1100
#ipv4_alias["localhost"] = "127.0.0.0/8"
1089
1117
#maximum_cache_elements = 1024
1091
# It is possible to change the minimul "time to live" for entries in the
1119
# It is possible to change the minimal "time to live" for entries in the
1092
1120
# cache; this is the minimum time that an entry will stay in the cache.
1093
1121
# Value is in seconds; default is 300 (5 minutes)