source: hybrid/trunk/nanobsd/files/usr/local/etc/mararc@ 10136

# Example mararc file (unabridged version)

# The various zones we support

# We must initialize the csv2 hash, or MaraDNS will be unable to
# load any csv2 zone files
csv2 = {}

# This is just to show the format of the file
#csv2["example.com."] = "db.example.com"

csv2["wleiden.net."] = "db.wleiden.net."
csv2["16.172.in-addr.arpa."] = "db.16.172.in-addr.arpa."
csv2["17.172.in-addr.arpa."] = "db.17.172.in-addr.arpa."
csv2["18.172.in-addr.arpa."] = "db.18.172.in-addr.arpa."
csv2["19.172.in-addr.arpa."] = "db.19.172.in-addr.arpa."
csv2["20.172.in-addr.arpa."] = "db.20.172.in-addr.arpa."
csv2["21.172.in-addr.arpa."] = "db.21.172.in-addr.arpa."
csv2["22.172.in-addr.arpa."] = "db.22.172.in-addr.arpa."
csv2["23.172.in-addr.arpa."] = "db.23.172.in-addr.arpa."
csv2["24.172.in-addr.arpa."] = "db.24.172.in-addr.arpa."
csv2["25.172.in-addr.arpa."] = "db.25.172.in-addr.arpa."
csv2["26.172.in-addr.arpa."] = "db.26.172.in-addr.arpa."
csv2["27.172.in-addr.arpa."] = "db.27.172.in-addr.arpa."
csv2["28.172.in-addr.arpa."] = "db.28.172.in-addr.arpa."
csv2["29.172.in-addr.arpa."] = "db.29.172.in-addr.arpa."
csv2["30.172.in-addr.arpa."] = "db.30.172.in-addr.arpa."
csv2["31.172.in-addr.arpa."] = "db.31.172.in-addr.arpa."

# The address this DNS server runs on.  If you want to bind 
# to multiple addresses, separate them with a comma like this:
ipv4_bind_addresses = "127.0.0.1"
# The directory with all of the zone files
chroot_dir = "/usr/local/etc/maradns"
# The numeric UID MaraDNS will run as
maradns_uid = 53
# The (optional) numeric GID MaraDNS will run as
maradns_gid = 53
# The maximum number of threads (or processes, with the zone server)
# MaraDNS is allowed to run
maxprocs = 96
# It is possible to specify a different maximum number of processes that
# the zone server can run.  If this is not set, the maximum number of 
# processes that the zone server can have defaults to the 'maxprocs' value
# above
# max_tcp_procs = 64

# Normally, MaraDNS has some MaraDNS-specific features, such as DDIP
# synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org." 
# with a TXT query returns the version of MaraDNS that a server is 
# running), unique handling of multiple QDCOUNTs, etc.  Some people 
# might not like these features, so I have added a switch that lets 
# a sys admin disable all these features.  Just give "no_fingerprint" 
# a value of one here, and MaraDNS should be more or less 
# indistinguishable from a tinydns server.
no_fingerprint = 0

# Normally, MaraDNS only returns A and MX records when given a
# QTYPE=* (all RR types) query.  Changing the value of default_rrany_set
# to 15 causes MaraDNS to also return the NS and SOA records, which
# some registrars require.  The default value of this is 3
default_rrany_set = 3

# These constants limit the number of records we will display, in order
# to help keep packets 512 bytes or smaller.  This, combined with round_robin
# record rotation, help to use DNS as a crude load-balancer.

# The maximum number of records to display in a chain of records (list
# of records) for a given host name
max_chain = 8
# The maximum number of records to display in a list of records in the
# additional section of a query.  If this is any value besides one,
# round robin rotation is disabled (due to limitations in the current
# data structure MaraDNS uses)
max_ar_chain = 1
# The maximum number of records to show total for a given question
max_total = 20

# The number of messages we log to stdout
# 0: No messages except for fatal parsing errors and the legal disclaimer
# 1: Only startup messages logged (default)
# 2: Error queries logged
# 3: All queries logged (but not very verbosely right now)
verbose_level = 1

# Initialize the IP aliases, which are used by the list of root name servers,
# the ACL for zone transfers, and the ACL of who gets to perform recursive
# queries
ipv4_alias = {}

# Various sets of root name servers
# Note: Netmasks can exist, but are ignored when specifying root name server

# ICANN: the most common and most controversial root name server
# http://www.icann.org
# This list can be seen at http://www.root-servers.org/
ipv4_alias["icann"]  = "198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90,"
ipv4_alias["icann"] += "192.203.230.10, 192.5.5.241, 192.112.36.4,"
ipv4_alias["icann"] += "128.63.2.53, 192.36.148.17, 192.58.128.30,"
ipv4_alias["icann"] += "193.0.14.129, 199.7.83.42, 202.12.27.33"

# OpenNIC: http://www.opennic.unrated.net/
# Current as of 2005/11/30; these servers change frequently so please
# look at their web page
ipv4_alias["opennic"]  = "157.238.46.24, 209.104.33.250, 209.104.63.249,"
ipv4_alias["opennic"] += "130.94.168.216, 209.21.75.53, 64.114.34.119,"
ipv4_alias["opennic"] += "207.6.128.246, 167.216.255.199, 62.208.181.95,"
ipv4_alias["opennic"] += "216.87.153.98, 216.178.136.116"

# End of list of root name server lists

# Here is a ACL which restricts who is allowed to perform zone transfer from 
# the zoneserver program

# Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits in IP need to match)
# and 10.100.100.100/255.255.255.224 (IP: 10.100.100.100, netmask
# 255.255.255.224) are allowed to connect to the zone server 
# NOTE: The "maradns" program does not serve zones.  Zones are served
# by the "zoneserver" program.
#zone_transfer_acl = "10.1.1.1/24, 10.100.100.100/255.255.255.224"

# More complex: We create two aliases: One called "office" and another
# called "home".  We allow anyone in the office or at home to perform zone
# transfers
#ipv4_alias["office"] = "10.1.1.1/24"
#ipv4_alias["home"] = "10.100.100.100/255.255.255.224"
#zone_transfer_acl = "office, home"

# More complex then the last example.  We have three employees,
# Susan, Becca, and Mia, whose computers we give zone transfer rights to.
# Susan and Becca are system administrators, and Mia is a developer.
# They are all part of the company.  We give the entire company zone
# transfer access
#ipv4_alias["susan"]     = "10.6.7.8/32"  # Single IP allowed
#ipv4_alias["becca"]     = "10.7.8.9"     # also a single IP
#ipv4_alias["mia"]       = "10.8.9.10/255.255.255.255" # Also a single IP
#ipv4_alias["sysadmins"] = "susan, becca"
#ipv4_alias["devel"]     = "mia"
#ipv4_alias["company"]   = "sysadmins, devel"
# This is equivalent to the above line
#ipv4_alias["company"]   = "susan, becca, mia"
#zone_transfer_acl       = "company"

# If you want to enable recursion on the loopback interface, uncomment
# the relevant lines in the following section

# Recursive ACL: Who is allowed to perform recursive queries.  The format
# is identical to that of "zone_transfer_acl", including ipv4_alias support

ipv4_alias["wleiden"] = "172.16.0.0/12"
ipv4_alias["localhost"] = "127.0.0.0/8"
recursive_acl = "localhost, wleiden"

# Random seed file: The file from which we read 16 bytes from to get the
# 128-bit random Rijndael key.  This is ideally a file which is a good source
# of random numbers, but can also be a fixed file if your OS does not have
# a decent random number generator (make sure the contents of that file is
# random and with 600 perms, owned by root, since we read the file *before*
# dropping root privileges)

#random_seed_file = "/dev/urandom"

# The maximum number of elements we can have in the cache.  If we have more 
# elements in the cache than this amount, the "custodian" kicks in to effect,
# removing elements not recently accessed from the cache (8 elements removed 
# per query) until we are at the 99% level or so again.

#maximum_cache_elements = 1024

# It is possible to change the minimal "time to live" for entries in the
# cache; this is the minimum time that an entry will stay in the cache.
# Value is in seconds; default is 300 (5 minutes)
#min_ttl = 300
# CNAME records generally take more effort to resolve in MaraDNS than
# non-CNAME records; it is a good idea to make this higher then min_ttl
# default value is to be the same as min_ttl
#min_ttl_cname = 900

# The root servers which we use when making recursive queries.

# The following line must be uncommented to enable custom root servers 
# for recursive queries
# root_servers = {}

# You can choose which set of root servers to use.  Current values (set above)
# are: icann, osrc, alternic, opennic,  pacificroot, irsc, tinc, and 
# superroot.  
# root_servers["."] = "icann"

upstream_servers = {}

# If you prefer to contact other recursive DNS servers instead of the ICANN
# root servers, this is done with the upstream_servers mararc variable:
upstream_servers["."] = "8.8.8.8, 8.8.4.4"

# You can tell MaraDNS to *not* query certain DNS servers when in recursive
# mode.  This is mainly used to not allow spam-friendly domains to resolve,
# since spammers are starting to get in the habit of using spam-friendly
# DNS servers to resolve their domains, allowing them to hop from ISP to 
# ISP.  The format of this is the same as for zone_transfer_acl and 
# recursive_acl

# For example, at the time of this document (August 12, 2001), azmalink.net
# is a known spam-friendly DNS provider (see doc/detailed/spammers/azmalink.net
# for details.)  Note that this is based on IPs, and azmalink.net constantly
# changes IPs (as they constantly have to change ISPs)
# 2002/10/12: Azmalink changed ISP again, this reflect their current ISP
ipv4_alias["azmalink"] = "12.164.194.0/24"

# As of September 20, 2001, hiddenonline.net is a known spam-friendly
# DNS provider (see doc/detailed/spammers/hiddenonline for details).
ipv4_alias["hiddenonline"] = "65.107.225.0/24"
spammers = "azmalink,hiddenonline"

# It is also possible to change the maximum number of times MaraDNS will
# follow a CNAME record or a NS record with a glue A record.  The default
# value for this is ten.
#max_glueless_level = 10
# In addition, one can change the maximum number of total queries that
# MaraDNS will perform to look up a host name.  The default value is 32.
#max_queries_total = 32
# In addition, one can change the amount of time that MaraDNS will wait
# for a DNS server to respond before giving up and trying the next DNS
# server on a list.  Note that, the larger this value is, the slower 
# MaraDNS will process recursive queries when a DNS server is not 
# responding to DNS queries.  The default value is two seconds.
#timeout_seconds = 2


# And that does it for the caching at this point

# I have read the bloody disclaimer, stop nagging about it and printing it to
# message buffer
hide_disclaimer = "YES"