1 | # Example mararc file (unabridged version)
|
---|
2 |
|
---|
3 | # The various zones we support
|
---|
4 |
|
---|
5 | # We must initialize the csv2 hash, or MaraDNS will be unable to
|
---|
6 | # load any csv2 zone files
|
---|
7 | csv2 = {}
|
---|
8 |
|
---|
9 | # This is just to show the format of the file
|
---|
10 | #csv2["example.com."] = "db.example.com"
|
---|
11 |
|
---|
12 | csv2["wleiden.net."] = "db.wleiden.net."
|
---|
13 | csv2["16.172.in-addr.arpa."] = "db.16.172.in-addr.arpa."
|
---|
14 | csv2["17.172.in-addr.arpa."] = "db.17.172.in-addr.arpa."
|
---|
15 | csv2["18.172.in-addr.arpa."] = "db.18.172.in-addr.arpa."
|
---|
16 | csv2["19.172.in-addr.arpa."] = "db.19.172.in-addr.arpa."
|
---|
17 | csv2["20.172.in-addr.arpa."] = "db.20.172.in-addr.arpa."
|
---|
18 | csv2["21.172.in-addr.arpa."] = "db.21.172.in-addr.arpa."
|
---|
19 | csv2["22.172.in-addr.arpa."] = "db.22.172.in-addr.arpa."
|
---|
20 | csv2["23.172.in-addr.arpa."] = "db.23.172.in-addr.arpa."
|
---|
21 | csv2["24.172.in-addr.arpa."] = "db.24.172.in-addr.arpa."
|
---|
22 | csv2["25.172.in-addr.arpa."] = "db.25.172.in-addr.arpa."
|
---|
23 | csv2["26.172.in-addr.arpa."] = "db.26.172.in-addr.arpa."
|
---|
24 | csv2["27.172.in-addr.arpa."] = "db.27.172.in-addr.arpa."
|
---|
25 | csv2["28.172.in-addr.arpa."] = "db.28.172.in-addr.arpa."
|
---|
26 | csv2["29.172.in-addr.arpa."] = "db.29.172.in-addr.arpa."
|
---|
27 | csv2["30.172.in-addr.arpa."] = "db.30.172.in-addr.arpa."
|
---|
28 | csv2["31.172.in-addr.arpa."] = "db.31.172.in-addr.arpa."
|
---|
29 |
|
---|
30 | # The address this DNS server runs on. If you want to bind
|
---|
31 | # to multiple addresses, separate them with a comma like this:
|
---|
32 | ipv4_bind_addresses = "127.0.0.1"
|
---|
33 | # The directory with all of the zone files
|
---|
34 | chroot_dir = "/usr/local/etc/maradns"
|
---|
35 | # The numeric UID MaraDNS will run as
|
---|
36 | maradns_uid = 53
|
---|
37 | # The (optional) numeric GID MaraDNS will run as
|
---|
38 | maradns_gid = 53
|
---|
39 | # The maximum number of threads (or processes, with the zone server)
|
---|
40 | # MaraDNS is allowed to run
|
---|
41 | maxprocs = 96
|
---|
42 | # It is possible to specify a different maximum number of processes that
|
---|
43 | # the zone server can run. If this is not set, the maximum number of
|
---|
44 | # processes that the zone server can have defaults to the 'maxprocs' value
|
---|
45 | # above
|
---|
46 | # max_tcp_procs = 64
|
---|
47 |
|
---|
48 | # Normally, MaraDNS has some MaraDNS-specific features, such as DDIP
|
---|
49 | # synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org."
|
---|
50 | # with a TXT query returns the version of MaraDNS that a server is
|
---|
51 | # running), unique handling of multiple QDCOUNTs, etc. Some people
|
---|
52 | # might not like these features, so I have added a switch that lets
|
---|
53 | # a sys admin disable all these features. Just give "no_fingerprint"
|
---|
54 | # a value of one here, and MaraDNS should be more or less
|
---|
55 | # indistinguishable from a tinydns server.
|
---|
56 | no_fingerprint = 0
|
---|
57 |
|
---|
58 | # Normally, MaraDNS only returns A and MX records when given a
|
---|
59 | # QTYPE=* (all RR types) query. Changing the value of default_rrany_set
|
---|
60 | # to 15 causes MaraDNS to also return the NS and SOA records, which
|
---|
61 | # some registrars require. The default value of this is 3
|
---|
62 | default_rrany_set = 3
|
---|
63 |
|
---|
64 | # These constants limit the number of records we will display, in order
|
---|
65 | # to help keep packets 512 bytes or smaller. This, combined with round_robin
|
---|
66 | # record rotation, help to use DNS as a crude load-balancer.
|
---|
67 |
|
---|
68 | # The maximum number of records to display in a chain of records (list
|
---|
69 | # of records) for a given host name
|
---|
70 | max_chain = 8
|
---|
71 | # The maximum number of records to display in a list of records in the
|
---|
72 | # additional section of a query. If this is any value besides one,
|
---|
73 | # round robin rotation is disabled (due to limitations in the current
|
---|
74 | # data structure MaraDNS uses)
|
---|
75 | max_ar_chain = 1
|
---|
76 | # The maximum number of records to show total for a given question
|
---|
77 | max_total = 20
|
---|
78 |
|
---|
79 | # The number of messages we log to stdout
|
---|
80 | # 0: No messages except for fatal parsing errors and the legal disclaimer
|
---|
81 | # 1: Only startup messages logged (default)
|
---|
82 | # 2: Error queries logged
|
---|
83 | # 3: All queries logged (but not very verbosely right now)
|
---|
84 | verbose_level = 1
|
---|
85 |
|
---|
86 | # Initialize the IP aliases, which are used by the list of root name servers,
|
---|
87 | # the ACL for zone transfers, and the ACL of who gets to perform recursive
|
---|
88 | # queries
|
---|
89 | ipv4_alias = {}
|
---|
90 |
|
---|
91 | # Various sets of root name servers
|
---|
92 | # Note: Netmasks can exist, but are ignored when specifying root name server
|
---|
93 |
|
---|
94 | # ICANN: the most common and most controversial root name server
|
---|
95 | # http://www.icann.org
|
---|
96 | # This list can be seen at http://www.root-servers.org/
|
---|
97 | ipv4_alias["icann"] = "198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90,"
|
---|
98 | ipv4_alias["icann"] += "192.203.230.10, 192.5.5.241, 192.112.36.4,"
|
---|
99 | ipv4_alias["icann"] += "128.63.2.53, 192.36.148.17, 192.58.128.30,"
|
---|
100 | ipv4_alias["icann"] += "193.0.14.129, 199.7.83.42, 202.12.27.33"
|
---|
101 |
|
---|
102 | # OpenNIC: http://www.opennic.unrated.net/
|
---|
103 | # Current as of 2005/11/30; these servers change frequently so please
|
---|
104 | # look at their web page
|
---|
105 | ipv4_alias["opennic"] = "157.238.46.24, 209.104.33.250, 209.104.63.249,"
|
---|
106 | ipv4_alias["opennic"] += "130.94.168.216, 209.21.75.53, 64.114.34.119,"
|
---|
107 | ipv4_alias["opennic"] += "207.6.128.246, 167.216.255.199, 62.208.181.95,"
|
---|
108 | ipv4_alias["opennic"] += "216.87.153.98, 216.178.136.116"
|
---|
109 |
|
---|
110 | # End of list of root name server lists
|
---|
111 |
|
---|
112 | # Here is a ACL which restricts who is allowed to perform zone transfer from
|
---|
113 | # the zoneserver program
|
---|
114 |
|
---|
115 | # Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits in IP need to match)
|
---|
116 | # and 10.100.100.100/255.255.255.224 (IP: 10.100.100.100, netmask
|
---|
117 | # 255.255.255.224) are allowed to connect to the zone server
|
---|
118 | # NOTE: The "maradns" program does not serve zones. Zones are served
|
---|
119 | # by the "zoneserver" program.
|
---|
120 | #zone_transfer_acl = "10.1.1.1/24, 10.100.100.100/255.255.255.224"
|
---|
121 |
|
---|
122 | # More complex: We create two aliases: One called "office" and another
|
---|
123 | # called "home". We allow anyone in the office or at home to perform zone
|
---|
124 | # transfers
|
---|
125 | #ipv4_alias["office"] = "10.1.1.1/24"
|
---|
126 | #ipv4_alias["home"] = "10.100.100.100/255.255.255.224"
|
---|
127 | #zone_transfer_acl = "office, home"
|
---|
128 |
|
---|
129 | # More complex then the last example. We have three employees,
|
---|
130 | # Susan, Becca, and Mia, whose computers we give zone transfer rights to.
|
---|
131 | # Susan and Becca are system administrators, and Mia is a developer.
|
---|
132 | # They are all part of the company. We give the entire company zone
|
---|
133 | # transfer access
|
---|
134 | #ipv4_alias["susan"] = "10.6.7.8/32" # Single IP allowed
|
---|
135 | #ipv4_alias["becca"] = "10.7.8.9" # also a single IP
|
---|
136 | #ipv4_alias["mia"] = "10.8.9.10/255.255.255.255" # Also a single IP
|
---|
137 | #ipv4_alias["sysadmins"] = "susan, becca"
|
---|
138 | #ipv4_alias["devel"] = "mia"
|
---|
139 | #ipv4_alias["company"] = "sysadmins, devel"
|
---|
140 | # This is equivalent to the above line
|
---|
141 | #ipv4_alias["company"] = "susan, becca, mia"
|
---|
142 | #zone_transfer_acl = "company"
|
---|
143 |
|
---|
144 | # If you want to enable recursion on the loopback interface, uncomment
|
---|
145 | # the relevant lines in the following section
|
---|
146 |
|
---|
147 | # Recursive ACL: Who is allowed to perform recursive queries. The format
|
---|
148 | # is identical to that of "zone_transfer_acl", including ipv4_alias support
|
---|
149 |
|
---|
150 | ipv4_alias["wleiden"] = "172.16.0.0/12"
|
---|
151 | ipv4_alias["localhost"] = "127.0.0.0/8"
|
---|
152 | recursive_acl = "localhost, wleiden"
|
---|
153 |
|
---|
154 | # Random seed file: The file from which we read 16 bytes from to get the
|
---|
155 | # 128-bit random Rijndael key. This is ideally a file which is a good source
|
---|
156 | # of random numbers, but can also be a fixed file if your OS does not have
|
---|
157 | # a decent random number generator (make sure the contents of that file is
|
---|
158 | # random and with 600 perms, owned by root, since we read the file *before*
|
---|
159 | # dropping root privileges)
|
---|
160 |
|
---|
161 | #random_seed_file = "/dev/urandom"
|
---|
162 |
|
---|
163 | # The maximum number of elements we can have in the cache. If we have more
|
---|
164 | # elements in the cache than this amount, the "custodian" kicks in to effect,
|
---|
165 | # removing elements not recently accessed from the cache (8 elements removed
|
---|
166 | # per query) until we are at the 99% level or so again.
|
---|
167 |
|
---|
168 | #maximum_cache_elements = 1024
|
---|
169 |
|
---|
170 | # It is possible to change the minimal "time to live" for entries in the
|
---|
171 | # cache; this is the minimum time that an entry will stay in the cache.
|
---|
172 | # Value is in seconds; default is 300 (5 minutes)
|
---|
173 | #min_ttl = 300
|
---|
174 | # CNAME records generally take more effort to resolve in MaraDNS than
|
---|
175 | # non-CNAME records; it is a good idea to make this higher then min_ttl
|
---|
176 | # default value is to be the same as min_ttl
|
---|
177 | #min_ttl_cname = 900
|
---|
178 |
|
---|
179 | # The root servers which we use when making recursive queries.
|
---|
180 |
|
---|
181 | # The following line must be uncommented to enable custom root servers
|
---|
182 | # for recursive queries
|
---|
183 | # root_servers = {}
|
---|
184 |
|
---|
185 | # You can choose which set of root servers to use. Current values (set above)
|
---|
186 | # are: icann, osrc, alternic, opennic, pacificroot, irsc, tinc, and
|
---|
187 | # superroot.
|
---|
188 | # root_servers["."] = "icann"
|
---|
189 |
|
---|
190 | upstream_servers = {}
|
---|
191 |
|
---|
192 | # If you prefer to contact other recursive DNS servers instead of the ICANN
|
---|
193 | # root servers, this is done with the upstream_servers mararc variable:
|
---|
194 | upstream_servers["."] = "8.8.8.8, 8.8.4.4"
|
---|
195 |
|
---|
196 | # You can tell MaraDNS to *not* query certain DNS servers when in recursive
|
---|
197 | # mode. This is mainly used to not allow spam-friendly domains to resolve,
|
---|
198 | # since spammers are starting to get in the habit of using spam-friendly
|
---|
199 | # DNS servers to resolve their domains, allowing them to hop from ISP to
|
---|
200 | # ISP. The format of this is the same as for zone_transfer_acl and
|
---|
201 | # recursive_acl
|
---|
202 |
|
---|
203 | # For example, at the time of this document (August 12, 2001), azmalink.net
|
---|
204 | # is a known spam-friendly DNS provider (see doc/detailed/spammers/azmalink.net
|
---|
205 | # for details.) Note that this is based on IPs, and azmalink.net constantly
|
---|
206 | # changes IPs (as they constantly have to change ISPs)
|
---|
207 | # 2002/10/12: Azmalink changed ISP again, this reflect their current ISP
|
---|
208 | ipv4_alias["azmalink"] = "12.164.194.0/24"
|
---|
209 |
|
---|
210 | # As of September 20, 2001, hiddenonline.net is a known spam-friendly
|
---|
211 | # DNS provider (see doc/detailed/spammers/hiddenonline for details).
|
---|
212 | ipv4_alias["hiddenonline"] = "65.107.225.0/24"
|
---|
213 | spammers = "azmalink,hiddenonline"
|
---|
214 |
|
---|
215 | # It is also possible to change the maximum number of times MaraDNS will
|
---|
216 | # follow a CNAME record or a NS record with a glue A record. The default
|
---|
217 | # value for this is ten.
|
---|
218 | #max_glueless_level = 10
|
---|
219 | # In addition, one can change the maximum number of total queries that
|
---|
220 | # MaraDNS will perform to look up a host name. The default value is 32.
|
---|
221 | #max_queries_total = 32
|
---|
222 | # In addition, one can change the amount of time that MaraDNS will wait
|
---|
223 | # for a DNS server to respond before giving up and trying the next DNS
|
---|
224 | # server on a list. Note that, the larger this value is, the slower
|
---|
225 | # MaraDNS will process recursive queries when a DNS server is not
|
---|
226 | # responding to DNS queries. The default value is two seconds.
|
---|
227 | #timeout_seconds = 2
|
---|
228 |
|
---|
229 |
|
---|
230 | # And that does it for the caching at this point
|
---|
231 |
|
---|
232 | # I have read the bloody disclaimer, stop nagging about it and printing it to
|
---|
233 | # message buffer
|
---|
234 | hide_disclaimer = "YES"
|
---|
235 |
|
---|
236 |
|
---|
237 |
|
---|
238 |
|
---|