diff -Nru maradns-2.0.04/0QuickStart maradns-2.0.04+really1.4.09/0QuickStart --- maradns-2.0.04/0QuickStart 2011-11-12 08:25:44.000000000 +0000 +++ maradns-2.0.04+really1.4.09/0QuickStart 2008-03-24 15:52:30.000000000 +0000 @@ -1,100 +1,94 @@ - This guide is for experienced UNIX/Linux/BSD users who just want - to quickly try out MaraDNS +This guide is for experienced UNIX/Linux/BSD users who just want to quickly +try out MaraDNS - MaraDNS acts as an authoritative DNS server. Recursion is - handled by the included "Deadwood" program. + MaraDNS acts as both a recursive and an authoritative DNS server. In + other words, MaraDNS can both be used to speed up the internet, and/or + serve domains that you may have. - To try out Deadwood as a recursive nameserver: + To try out MaraDNS as a recursive nameserver is easy: + * Compile MaraDNS. Type in './configure; make' in the top-level MaraDNS + directory. Note: No need to compile if you downloaded a binary RPM + or Debian package. - * Compile MaraDNS and Deadwood. Type in './configure; make' in - the top-level MaraDNS directory. Note: No need to compile if - you downloaded a binary RPM or Debian package. + * Take the file server/maradns and place it in /usr/local/sbin - * The the file deadwood-{version number}/src/Deadwood and - place it in /usr/local/sbin + * Take the file tools/duende and place it in /usr/local/sbin - * Take the file server/maradns and place it in /usr/local/sbin + * Create an empty directory called /etc/maradns - * Take the file tools/duende and place it in /usr/local/sbin + * Create a mararc file. This file only needs to be three lines long on + systems with a /dev/urandom file, and four lines long on older + operating systems without /dev/urandom - * Create an empty directory called /etc/maradns + Here is a sample mararc file: - * Create a dwood3rc file. This file only needs to be three - lines long on systems with a /dev/urandom file. + ipv4_bind_addresses = "127.0.0.1" + chroot_dir = "/etc/maradns" + recursive_acl = "127.0.0.1" - Here is a sample dwood3rc file: + This mararc file says that MaraDNS will have the ip "127.0.0.1" (this + is the bind_address), run from the directory /etc/maradns (the + chroot_dir value), and only allow the ip "127.0.0.1" to make recursive + queries (the recursive_acl value). - ipv4_bind_addresses = "127.0.0.1" - chroot_dir = "/etc/maradns" - recursive_acl = "127.0.0.1" + * Place the mararc file in the location /etc/mararc on your system. - This dwood3rc file says that MaraDNS will have the ip - "127.0.0.1" (this is the bind_address), run from the - directory /etc/maradns (the chroot_dir value), and only - allow the ip "127.0.0.1" to make recursive queries (the - recursive_acl value). + * Run MaraDNS as a non-daemon: - * Place the dwood3rc file in the location /etc/dwood3rc on - your system. + /usr/local/sbin/maradns - * Run Deadwood as a non-daemon: + Since MaraDNS needs to bind to a privileged port (port 53), it needs + to start up running as root. MaraDNS is designed with security in + mind, and will drop root privileges before being visible to the + public internet. - /usr/local/sbin/Deadwood + * Test MaraDNS in another window or virtual terminal - Since Deadwood needs to bind to a privileged port (port 53), - it needs to start up running as root. Deadwood is designed - with security in mind, and will drop root privileges before - being visible to the public internet. + dig @127.0.0.1 www.yahoo.com - * Test Deadwood in another window or virtual terminal + * In order to make the duende daemonizing tool usable, create a + directory named /etc/maradns/logger/ - dig @127.0.0.1 www.yahoo.com + mkdir /etc/maradns/logger + * If this works, make MaraDNS run as a daemon: - * In order to make the duende daemonizing tool usable, create - a directory named /etc/maradns/logger/ + /usr/local/sbin/duende /usr/local/sbin/maradns - mkdir /etc/maradns/logger + duende is a tool that daemonizes maradns; the daemonizer is a + separate program. + * If this all works, install MaraDNS: - * If this works, make Deadwood run as a daemon: + make install + It is also possible to set up MaraDNS as both an authoritative and + recursive name server with the same IP: - /usr/local/sbin/duende /usr/local/sbin/Deadwood + * Here is the MaraRC file: - duende is a tool that daemonizes maradns; the daemonizer is - a separate program. + ipv4_bind_addresses = "127.0.0.1" + chroot_dir = "/etc/maradns" + recursive_acl = "127.0.0.1" + csv2 = {} + csv2["example.com."] = "db.example.com" - * If this all works, install MaraDNS and Deadwood: + * Have a zone file named db.example.com in the chroot_dir (/etc/maradns + above) that looks like this: - make install + example.com. 10.1.2.3 - It is also possible to set up the program "maradns" as an - authoritative name server: + (Yes, experienced DNS admins, you can have SOA, NS, MX, SRV, and any + other kind of DNS data stored in a csv2 zone file. Read the csv2 man + page for details) + * Recursive queries will be resolved normally - * Here is the MaraRC file: + * Queries for example.com will resolve to 10.1.2.3 - ipv4_bind_addresses = "127.0.0.1" - chroot_dir = "/etc/maradns" - csv2 = {} - csv2["example.com."] = "db.example.com" + * Any other name.example.com query will return a "this host does not + exist" DNS reply. - - * Have a zone file named db.example.com in the chroot_dir - (/etc/maradns above) that looks like this: - - example.com. 10.1.2.3 - - (Yes, experienced DNS admins, you can have SOA, NS, MX, SRV, - and any other kind of DNS data stored in a csv2 zone file. - Read the csv2 man page for details) - - * Queries for example.com will resolve to 10.1.2.3 - - * Any other name.example.com query will return a "this host - does not exist" DNS reply. - - Look in doc (in particular, the tutorial), or read the relevant - man pages for more information on how to set up Deadwood and - MaraDNS. + Look in doc (in particular, the tutorial), or read the relevant man + pages for more information on how to set up MaraDNS. + diff -Nru maradns-2.0.04/build/deadwood.startup maradns-2.0.04+really1.4.09/build/deadwood.startup --- maradns-2.0.04/build/deadwood.startup 2011-08-05 11:59:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/deadwood.startup 1970-01-01 00:00:00.000000000 +0000 @@ -1,82 +0,0 @@ -#!/bin/bash -# Copyright 2005-2006,2011 Sam Trenholme - -# TERMS - -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: - -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. - -# This software is provided 'as is' with no guarantees of correctness or -# fitness for purpose. - -# This is a script which stops and starts the MaraDNS process -# The first line points to bash because I don't have a true Solaris /bin/sh -# to test this against. - -# The following is a pointer to the MaraDNS program -if [ -x "/usr/sbin/Deadwood" ] ; then - DEADWOOD="/usr/sbin/Deadwood" -elif [ -x "/usr/local/sbin/Deadwood" ] ; then - DEADWOOD="/usr/local/sbin/Deadwood" -elif [ -x "/usr/local/bin/Deadwood" ] ; then - DEADWOOD="/usr/local/bin/Deadwood" -elif [ -x "/usr/bin/Deadwood" ] ; then - DEADWOOD="/usr/bin/Deadwood" -else - echo unable to find Deadwood - exit 1 -fi - -# The following is a pointer to the duende daemonizer -if [ -x "/usr/sbin/duende" ] ; then - DUENDE="/usr/sbin/duende" -elif [ -x "/usr/local/sbin/duende" ] ; then - DUENDE="/usr/local/sbin/duende" -elif [ -x "/usr/local/bin/duende" ] ; then - DUENDE="/usr/local/bin/duende" -elif [ -x "/usr/bin/duende" ] ; then - DUENDE="/usr/bin/duende" -else - echo unable to find duende - exit 1 -fi - -# The following is the directory we place MaraDNS log entries in -LOGDIR="/var/log" - -# Show usage information if this script is invoked with no arguments -if [ $# -lt 1 ] ; then - echo Usage: $0 \(start\|stop\|restart\) - exit 1 -fi - -# If invoked as stop or restart, kill *all* MaraDNS processes -if [ $1 = "stop" -o $1 = "restart" ] ; then - echo Sending all Deadwood processes the TERM signal - ps -e | awk '{print $1":"$NF}' | grep Deadwood | grep -v $$ | \ - cut -f1 -d: | xargs kill > /dev/null 2>&1 - echo waiting 5 seconds - sleep 5 - echo Sending all Deadwood processes the KILL signal - ps -e | awk '{print $1":"$NF}' | grep Deadwood | grep -v $$ | \ - cut -f1 -d: | xargs kill -9 > /dev/null 2>&1 - echo MaraDNS should have been stopped - if [ $1 = "stop" ] ; then - exit 0 - fi -fi - -# If invoked as start or restart, start the Deadwood processes -if [ $1 = "start" -o $1 = "restart" ] ; then - echo Starting Deadwood process - $DUENDE $DEADWOOD - exit 0 -fi - diff -Nru maradns-2.0.04/build/install.darwin maradns-2.0.04+really1.4.09/build/install.darwin --- maradns-2.0.04/build/install.darwin 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/install.darwin 2005-02-19 19:04:35.000000000 +0000 @@ -0,0 +1,58 @@ +#!/bin/sh + +# Since Darwin has a completely different layout, this scipt reflects +# the locations where Darwin places files. + +# This script is called by install.sh and uninstall.sh to determine +# where the installed binaries and man pages are + +# First, we set the version number of MaraDNS. +# Disabled for 1.0.24 release: We now determine the version number by +# looking at the path in the ./configure script +#. ./VERSION + +# Yes, I know, some Mac OS X users don't like /usr. Well, since X +# does not come with a "/usr/local" path out of the box, this is +# the most portable place to put the MaraDNS binary. Fix this here or +# use PREFIX if this bothers you. + +# Note that the script will break if PREFIX is not an absolute path +# We allow the user to supply the prefix on the command line, e.g. +# PREFIX=/usr/ ; make install +# Thanks to D Richard Felker III for this suggestion +if [ -z "$PREFIX" ]; then + PREFIX="/usr" +fi + +# The location of programs that the end user may wish to use +BIN="$PREFIX/bin/" +# The location of the server programs +SBIN="$PREFIX/sbin/" +# The directory to put man pages which describe the end-user programs +MAN1="$PREFIX/share/man/man1/" +# The directory to put man pages which describe configuration file formats +MAN5="$PREFIX/share/man/man5/" +# The directory to put man pages which describe the server programs +MAN8="$PREFIX/share/man/man8/" +# The directory to put a copy of the MaraDNS documents on the system +DOCS="$PREFIX/maradns-$VERSION" + +# Mandrake does not have a /usr/local/man. Ugh. +# As a result, we need the following kludge to get this to +# install correctly on Mandrake +# Thanks to Ole Tange for pointing this out to me. +# Ignore or erase the following lines if editing this by hand. + +# If the directory that MAN1 points to does not exist +if [ ! -d $MAN1 ] ; then + # Then try this location instead + MAN1="/usr/local/share/man/man1" +fi +# Do the same with the MAN5 and MAN8 directories +if [ ! -d $MAN5 ] ; then + MAN5="/usr/local/share/man/man5" +fi +if [ ! -d $MAN8 ] ; then + MAN8="/usr/local/share/man/man8" +fi + diff -Nru maradns-2.0.04/build/install.locations maradns-2.0.04+really1.4.09/build/install.locations --- maradns-2.0.04/build/install.locations 2011-02-06 02:21:31.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/install.locations 2002-05-05 12:11:47.000000000 +0000 @@ -44,22 +44,13 @@ # If the directory that MAN1 points to does not exist if [ ! -d $MAN1 ] ; then # Then try this location instead - MAN1="$PREFIX/share/man/man1" - if [ ! -d $MAN1 ] ; then - MAN1="/usr/local/share/man/man1" - fi + MAN1="/usr/local/share/man/man1" fi # Do the same with the MAN5 and MAN8 directories if [ ! -d $MAN5 ] ; then - MAN5="$PREFIX/share/man/man5" - if [ ! -d $MAN5 ] ; then - MAN5="/usr/local/share/man/man5" - fi + MAN5="/usr/local/share/man/man5" fi if [ ! -d $MAN8 ] ; then - MAN8="$PREFIX/share/man/man8" - if [ ! -d $MAN8 ] ; then - MAN8="/usr/local/share/man/man8" - fi + MAN8="/usr/local/share/man/man8" fi diff -Nru maradns-2.0.04/build/install.sh maradns-2.0.04+really1.4.09/build/install.sh --- maradns-2.0.04/build/install.sh 2011-08-05 11:59:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/install.sh 2007-08-29 16:30:03.000000000 +0000 @@ -9,7 +9,7 @@ # Set the directory which is the top-level MaraDNS directory if [ -z "$TOPLEVEL" ] ; then - TOPLEVEL=$( pwd ) + TOPLEVEL=`pwd` fi cd $TOPLEVEL @@ -48,9 +48,9 @@ # Make sure we have a place to put documents # Thanks to Paul Howard for the following six lines -if [ ! -d "$( dirname $DOCS )" ] ; then - if ! mkdir "$( dirname $DOCS )" ; then - echo unable to make the $( dirname $DOCS ) directory. +if [ ! -d "`dirname $DOCS`" ] ; then + if ! mkdir "`dirname $DOCS`" ; then + echo unable to make the `dirname $DOCS` directory. exit 6 fi fi @@ -87,15 +87,6 @@ exit 1 fi -# Install the Deadwood binary -cd $TOPLEVEL/deadwood-*/src/ -if [ -x Deadwood ] ; then - if [ -f $SBIN/Deadwood ] ; then - rm $SBIN/Deadwood - fi - cp Deadwood $SBIN -fi - # Install the getzone and fetchzone binaries cd $TOPLEVEL/tcp cp getzone fetchzone $BIN @@ -137,18 +128,6 @@ cd $TOPLEVEL cp maradns.gpg.key $DOCS -# Add Deadwood man page -cp deadwood-*/doc/Deadwood.1 $MAN1 -# Add default dwood3rc file for Deadwood -if [ ! -f $RPM_BUILD_ROOT/etc/dwood3rc ] ; then - cat deadwood-*/doc/dwood3rc | \ - sed 's/127.0.0.1\"/127.0.0.2\"/' | \ - sed 's/\/etc\/deadwood/\/etc\/maradns/' \ - > $RPM_BUILD_ROOT/etc/dwood3rc -else - echo /etc/dwood3rc already there, not replacing -fi - # If the system in question does not already have configuration files, # place example configuration files in /etc if [ -d doc/$LANGUAGE/examples ] ; then @@ -187,27 +166,20 @@ cp $BUILDDIR/mara.startup $RPM_BUILD_ROOT/etc/rc.d/init.d/maradns cp $BUILDDIR/zoneserver.startup \ $RPM_BUILD_ROOT/etc/rc.d/init.d/maradns.zoneserver - cp $BUILDDIR/deadwood.startup \ - $RPM_BUILD_ROOT/etc/rc.d/init.d/maradns.deadwood - chmod 755 $RPM_BUILD_ROOT/etc/rc.d/init.d/maradns.deadwood fi if cd $RPM_BUILD_ROOT/etc/rc.d/rc3.d/ ; then echo Starting up MaraDNS at runlevel 3 rm S60maradns 2> /dev/null rm K60maradns.zoneserver 2> /dev/null - rm S60maradns.deadwood 2> /dev/null ln -s ../init.d/maradns S60maradns ln -s ../init.d/maradns.zoneserver K60maradns.zoneserver - ln -s ../init.d/maradns.deadwood S60maradns.deadwood fi if cd $RPM_BUILD_ROOT/etc/rc.d/rc5.d/ ; then echo starting up MaraDNS at runlevel 5 rm S60maradns 2> /dev/null rm K60maradns.zoneserver 2> /dev/null - rm S60maradns.deadwood 2> /dev/null ln -s ../init.d/maradns S60maradns ln -s ../init.d/maradns.zoneserver K60maradns.zoneserver - ln -s ../init.d/maradns.deadwood S60maradns.deadwood fi fi diff -Nru maradns-2.0.04/build/install.solaris maradns-2.0.04+really1.4.09/build/install.solaris --- maradns-2.0.04/build/install.solaris 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/install.solaris 2002-01-22 03:48:29.000000000 +0000 @@ -0,0 +1,42 @@ +#!/bin/sh + +# This script is called by install.sh and uninstall.sh to determine +# where the installed binaries and man pages are + +# Note that the script will break if PREFIX is not an absolute path +# We allow the user to supply the prefix on the command line, e.g. +# PREFIX=/usr/ ; make install +# Thanks to D Richard Felker III for this suggestion +if [ -z "$PREFIX" ]; then + PREFIX="/usr/" +fi + +# Try to determine which language to use +if [ -z "$LANGUAGE" ]; then + LANGUAGE=`echo $LANG | cut -f1 -d_` +fi + +# If there are no man pages for their language, default to English +if [ ! -d doc/$LANGUAGE/man ]; then + LANGUAGE="en" +fi + +# The location of programs that the end user may wish to use +BIN="$PREFIX/bin/" +# The location of the server programs +SBIN="$PREFIX/sbin/" +# The directory to put man pages which describe the end-user programs +MAN1="$PREFIX/man/man1/" +mkdir $MAN1 > /dev/null 2>$1 +# The directory to put man pages which describe configuration file formats +MAN5="$PREFIX/man/man5/" +mkdir $MAN5 > /dev/null 2>&1 +# The directory to put man pages which describe the server programs +MAN8="$PREFIX/man/man8/" +mkdir $MAN8 > /dev/null 2>&1 +# The directory to put a copy of the MaraDNS documents on the system +DOCS="$PREFIX/lib/maradns-$VERSION" + +mkdir /etc/maradns > /dev/null 2>&1 +mkdir /etc/maradns/dev > /dev/null 2>&1 + diff -Nru maradns-2.0.04/build/Makefile.AIX maradns-2.0.04+really1.4.09/build/Makefile.AIX --- maradns-2.0.04/build/Makefile.AIX 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/Makefile.AIX 2007-10-19 13:54:14.000000000 +0000 @@ -0,0 +1,52 @@ +# Server objects +SOBJECTS=server/MaraBigHash.o +# js_string library (buffer overflow resistant string library) objects +JOBJS=libs/JsStr.o libs/JsStrOS.o libs/JsStrCP.o +# MaraHash (assosciative array) library objects +MHOBJS=libs/MaraHash.o +# Parser objects +POBJECTS=parse/ParseMaraRc.o parse/ParseCsv1.o ../parse/ParseIpAcl.o +# DNS query processing library objects +DOBJECTS=dns/Queries.o dns/Compress.o dns/bobbit.o +# Secure random number generator objects +ROBJECTS=rng/rng-api-fst.o rng/rng-alg-fst.o +OBJECTS=$(JOBJS) $(MHOBJS) $(SOBJECTS) $(DOBJECTS) $(POBJECTS) $(DOBJECTS) $(ROBJECTS) +EXECS=server/maradns + +# Uncomment the following three lines to get this to compile on Solaris +# LDFLAGS=-lxnet +# CC=gcc $(LDFLAGS) -DSOLARIS +# M="CC=$(CC)" +# These are currently unused, but will be needed again if we use flock() again +# CFLAGS=-I/usr/ucbinclude +# L="CC=$(CC) $(CFLAGS)" +# LDFLAGS=-L/usr/ucblib -lucb -lxnet +# end the Solaris section +# Non-Solaris version of "M" +M="CC=$(CC) -O2 -Wall -DNO_FLOCK" DEBUG=-DNO_FLOCK +V="VERSION=$(VERSION)" + +# Debug +D="VERSION=$(VERSION)" DEBUG="-DDEBUG -DNO_FLOCK" + +#FLAGS = -O2 -Wall +FLAGS = -g + +all: + cd libs ; make $(M) ; cd ../dns ; make $(M) ; cd ../rng ; make $(M) ; cd ../parse ; make $(M) ; cd ../qual ; make $(M) ; cd ../server ; make $(M) $(V) COMPILED=\"$(COMPILED)\" ; cd ../tools ; make $(M) ; cd ../tcp ; make $(M) $(V) ; cat ../00README.FIRST + +debug: + cd libs ; make $(D) DEBUG="-DDEBUG -DTHREADS" ; cd ../dns ; make $(D) ; cd ../rng ; make $(D) ; cd ../parse ; make $(D) ; cd ../qual ; make $(D) ; cd ../server ; make $(D) $(V) COMPILED=\"$(COMPILED_DEBUG)\" ; cd ../tools ; make $(D) ; cd ../tcp ; make $(D) $(V) ; cat ../00README.FIRST + +clean: + rm -f $(OBJECTS) core $(EXECS) ; cp build/Makefile.w Makefile ; cd dns ; make clean ; cd ../libs ; make clean ; cd ../parse ; make clean ; cd ../server ; make clean ; cd ../test ; make clean ; cd ../tools ; make clean ; cd misc ; make clean ; cd ../../utf8 ; make clean ; cd ../tcp ; make clean ; cd ../rng ; make clean ; cd ../sqa ; make clean ; cd ../qual ; make clean # ; cd .. ; find . -type d | grep .deps | xargs rm -fr ; find . -name '*.o' | xargs rm + +strip: + cd server; strip maradns ; cd ../tcp ; strip zoneserver getzone ; cd ../tools ; strip askmara + +install: + VERSION=$(VERSION) ./build/install.sh + +uninstall: + VERSION=$(VERSION) ./build/uninstall.sh + diff -Nru maradns-2.0.04/build/Makefile.darwin maradns-2.0.04+really1.4.09/build/Makefile.darwin --- maradns-2.0.04/build/Makefile.darwin 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/Makefile.darwin 2004-06-01 17:41:00.000000000 +0000 @@ -0,0 +1,37 @@ +# Server objects +SOBJECTS=server/MaraBigHash.o +# js_string library (buffer overflow resistant string library) objects +JOBJS=libs/JsStr.o libs/JsStrOS.o libs/JsStrCP.o +# MaraHash (assosciative array) library objects +MHOBJS=libs/MaraHash.o +# Parser objects +POBJECTS=parse/ParseMaraRc.o parse/ParseCsv1.o ../parse/ParseIpAcl.o +# DNS query processing library objects +DOBJECTS=dns/Queries.o dns/Compress.o dns/bobbit.o +# Secure Randum number generator objects +ROBJECTS=rng/rng-api-fst.o rng/rng-alg-fst.o +OBJECTS=$(JOBJS) $(MHOBJS) $(SOBJECTS) $(DOBJECTS) $(POBJECTS) $(DOBJECTS) $(ROBJECTS) +EXECS=server/maradns + +# The Darwin-specific stuff +CC=gcc $(LDFLAGS) -DDARWIN +M=VERSION=$(VERSION) "CC=$(CC)" + +#FLAGS = -O2 -Wall +FLAGS = -g + +all: + cd libs ; make $(M) ; cd ../dns ; make $(M) ; cd ../rng ; make $(M) ; cd ../parse ; make $(M) ; cd ../qual ; make $(M) ; cd ../server ; make $(M) COMPILED=\"$(COMPILED)\" ; cd ../tools ; make $(M) ; cd ../tcp ; make $(M) ; cat ../00README.FIRST + +clean: + rm -f $(OBJECTS) core $(EXECS) ; cp build/Makefile.w Makefile ; cd dns ; make clean ; cd ../libs ; make clean ; cd ../parse ; make clean ; cd ../qual ; make clean ; cd ../server ; make clean ; cd ../test ; make clean ; cd ../tools ; make clean ; cd misc ; make clean ; cd ../../utf8 ; make clean ; cd ../tcp ; make clean ; cd ../rng ; make clean ; cd ../sqa ; make clean # ; cd .. ; find . -type d | grep .deps | xargs rm -fr ; find . -name '*.o' | xargs rm + +strip: + cd server; strip maradns ; cd ../tcp ; strip zoneserver getzone ; cd ../tools ; strip askmara + +install: + VERSION=$(VERSION) ./build/install.sh + +uninstall: + VERSION=$(VERSION) ./build/uninstall.sh + diff -Nru maradns-2.0.04/build/Makefile.freebsd maradns-2.0.04+really1.4.09/build/Makefile.freebsd --- maradns-2.0.04/build/Makefile.freebsd 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/Makefile.freebsd 2006-01-22 05:22:01.000000000 +0000 @@ -0,0 +1,83 @@ +# Server objects +SOBJECTS=server/MaraBigHash.o +# js_string library (buffer overflow resistant string library) objects +JOBJS=libs/JsStr.o libs/JsStrOS.o libs/JsStrCP.o +# MaraHash (assosciative array) library objects +MHOBJS=libs/MaraHash.o +# Parser objects +POBJECTS=parse/ParseMaraRc.o parse/ParseCsv1.o ../parse/ParseIpAcl.o +# DNS query processing library objects +DOBJECTS=dns/Queries.o dns/Compress.o dns/bobbit.o +# Secure random number generator objects +ROBJECTS=rng/rng-api-fst.o rng/rng-alg-fst.o +OBJECTS=$(JOBJS) $(MHOBJS) $(SOBJECTS) $(DOBJECTS) $(POBJECTS) $(DOBJECTS) $(ROBJECTS) +EXECS=server/maradns + +# Uncomment the following three lines to get this to compile on Solaris +# LDFLAGS=-lxnet +# CC=gcc $(LDFLAGS) -DSELECT_PROBLEM +# M="CC=$(CC)" +# These are currently unused, but will be needed again if we use flock() again +# CFLAGS=-I/usr/ucbinclude +# L="CC=$(CC) $(CFLAGS)" +# LDFLAGS=-L/usr/ucblib -lucb -lxnet +# end the Solaris section +# Non-Solaris version of "M" +M="VERSION=$(VERSION)" +Q="DEFINES=-DSELECT_PROBLEM" + +# FreeBSD needs some special flags to compile MaraDNS +CC="cc -O2 -Wall -pipe -D_THREAD_SAFE -pthread" +M=CC=$(CC) +V="VERSION=$(VERSION)" + +# Debug +D=$(M) DEBUG=-DDEBUG + +FLAGS = -O2 -Wall +#FLAGS = -g + +all: + cd libs ; make $(M) ; cd ../dns ; make $(M) ; \ + cd ../rng ; make $(M) ; cd ../parse ; make $(M) ; \ + cd ../qual ; make $(M) ; cd ../server ; \ + make $(M) $(Q) COMPILED=\"$(COMPILED)\" $(V) ; \ + cd ../tools ; make $(M) ; \ + cd ../tcp ; make $(M) $(V) ; cat ../00README.FIRST + +debug: + cd libs ; make $(D) DEBUG="-DDEBUG -DTHREADS" ; \ + cd ../dns ; make $(D) ; cd ../rng ; make $(D) ; \ + cd ../parse ; make $(D) ; cd ../qual ; make $(D) ; \ + cd ../server ; \ + make $(D) $(Q) COMPILED=\"$(COMPILED_DEBUG)\" ; \ + cd ../tools ; make $(D) ; \ + cd ../tcp ; make $(D) ; cat ../00README.FIRST + +clean: + rm -f $(OBJECTS) core $(EXECS) ; \ + cp build/Makefile.w Makefile ; cd dns ; make clean ; \ + cd ../libs ; make clean ; cd ../parse ; make clean ; \ + cd ../qual ; make clean ; \ + cd ../server ; make clean ; \ + cp Makefile.recursive Makefile ; \ + cd ../test ; make clean ; \ + cd ../tools ; make clean ; \ + cd misc ; make clean ; \ + cd ../../utf8 ; make clean ; \ + cd ../tcp ; make clean ; \ + cd ../rng ; make clean ; \ + cd ../sqa ; make clean ; \ + # ; cd .. ; find . -type d | grep .deps | xargs rm -fr ; find . -name '*.o' | xargs rm + +strip: + cd server; strip maradns ; cd ../tcp ; \ + strip zoneserver getzone fetchzone ; \ + cd ../tools ; strip askmara + +install: + VERSION=$(VERSION) ./build/install.sh + +uninstall: + VERSION=$(VERSION) ./build/uninstall.sh + diff -Nru maradns-2.0.04/build/Makefile.linux maradns-2.0.04+really1.4.09/build/Makefile.linux --- maradns-2.0.04/build/Makefile.linux 2010-08-31 03:56:38.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/Makefile.linux 2006-11-24 11:44:29.000000000 +0000 @@ -39,8 +39,7 @@ cd ../qual ; make $(M) ; cd ../server ; \ make $(M) $(V) COMPILED=\"$(COMPILED)\" ; \ cd ../tools ; make $(M) ; \ - cd ../deadwood-*/src/ ; make FLAGS=-O2 ; \ - cd ../../tcp ; make $(M) $(V) ; cat ../00README.FIRST + cd ../tcp ; make $(M) $(V) ; cat ../00README.FIRST debug: cd libs ; make $(D) DEBUG="-DDEBUG -DTHREADS" ; \ @@ -65,7 +64,6 @@ cd ../tcp ; make clean ; \ cd ../rng ; make clean ; \ cd ../sqa ; make clean ; \ - cd ../deadwood-*/src ; make clean ; \ # ; cd .. ; find . -type d | grep .deps | xargs rm -fr ; find . -name '*.o' | xargs rm strip: diff -Nru maradns-2.0.04/build/Makefile.mingw32 maradns-2.0.04+really1.4.09/build/Makefile.mingw32 --- maradns-2.0.04/build/Makefile.mingw32 2010-08-29 14:57:09.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/Makefile.mingw32 2007-02-14 15:25:28.000000000 +0000 @@ -40,9 +40,7 @@ cd ../qual ; make $(M) ; cd ../server ; \ make $(M) $(Q) COMPILED=\"$(COMPILED)\" $(V) ; \ cd ../tools ; make $(M) ; strip ../server/maradns.exe ; \ - cd ../deadwood-*/src/ ; make FLAGS=-Os -f Makefile.mingw342 ; \ - strip ../../tools/askmara.exe ; strip Deadwood.exe ; \ - cat ../../00README.FIRST + strip ../tools/askmara.exe ; cat ../00README.FIRST clean: rm -f $(OBJECTS) core $(EXECS) ; \ diff -Nru maradns-2.0.04/build/Makefile.noflock maradns-2.0.04+really1.4.09/build/Makefile.noflock --- maradns-2.0.04/build/Makefile.noflock 2010-08-29 14:57:29.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/Makefile.noflock 2006-01-02 16:59:33.000000000 +0000 @@ -33,14 +33,12 @@ FLAGS = -g all: - cd deadwood-*/src ; make FLAGS=-O2 ; cd ../.. ; \ cd libs ; make $(M) ; cd ../dns ; make $(M) ; cd ../rng ; make $(M) ; cd ../parse ; make $(M) ; cd ../qual ; make $(M) ; cd ../server ; make $(M) $(V) COMPILED=\"$(COMPILED)\" ; cd ../tools ; make $(M) ; cd ../tcp ; make $(M) $(V) ; cat ../00README.FIRST debug: cd libs ; make $(D) DEBUG="-DDEBUG -DTHREADS" ; cd ../dns ; make $(D) ; cd ../rng ; make $(D) ; cd ../parse ; make $(D) ; cd ../qual ; make $(D) ; cd ../server ; make $(D) $(V) COMPILED=\"$(COMPILED_DEBUG)\" ; cd ../tools ; make $(D) ; cd ../tcp ; make $(D) $(V) ; cat ../00README.FIRST clean: - cd deadwood-*/src ; make clean ; cd ../.. ; \ rm -f $(OBJECTS) core $(EXECS) ; cp build/Makefile.w Makefile ; cd dns ; make clean ; cd ../libs ; make clean ; cd ../parse ; make clean ; cd ../server ; make clean ; cd ../test ; make clean ; cd ../tools ; make clean ; cd misc ; make clean ; cd ../../utf8 ; make clean ; cd ../tcp ; make clean ; cd ../rng ; make clean ; cd ../sqa ; make clean ; cd ../qual ; make clean # ; cd .. ; find . -type d | grep .deps | xargs rm -fr ; find . -name '*.o' | xargs rm strip: diff -Nru maradns-2.0.04/build/Makefile.server.win9x maradns-2.0.04+really1.4.09/build/Makefile.server.win9x --- maradns-2.0.04/build/Makefile.server.win9x 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/Makefile.server.win9x 2003-01-22 08:23:12.000000000 +0000 @@ -0,0 +1,41 @@ +SOBJECTS=MaraBigHash.o recursive.o timestamp.o +JOBJS=../libs/JsStr.o ../libs/JsStrOS.o ../libs/JsStrCP.o +MHOBJS=../libs/MaraHash.o +POBJECTS=../parse/ParseMaraRc.o ../parse/ParseCsv1.o ../parse/ParseIpAcl.o +DOBJECTS=../dns/Queries.o ../dns/Compress.o ../dns/bobbit.o ../dns/Decompress.o +ROBJECTS=../rng/rng-api-fst.o ../rng/rng-alg-fst.o +#JEB +OBJECTS=$(JOBJS) $(MHOBJS) $(SOBJECTS) $(DOBJECTS) $(POBJECTS) $(ROBJECTS) win9x-srvc.o +#END JEB +EXECS=maradns + +#FLAGS = -g -Wall +#FLAGS = -g -DDEBUG -DCALL_LOCKS +#FLAGS = -g -DCALL_LOCKS $(DEBUG) +#FLAGS = -g -DDEBUG +#FLAGS = -g -DDEBUG -DNOTHREAD +#FLAGS = -g $(DEBUG) -DNOTHREAD -DDEBUG +#FLAGS = -g -DDEBUG_MEMORY $(DEBUG) +#FLAGS = -g $(DEBUG) +FLAGS = -g -Wall $(DEBUG) + +all: $(EXECS) + +clean: + rm -f $(SOBJECTS) core $(EXECS) + +libs/tests: + cd libs ; make + +MaraBigHash.o: MaraBigHash.c ../libs/JsStr.h ../libs/MaraHash.h ../MaraDns.h MaraBigHash_locale.h + $(CC) -c $(FLAGS) -o MaraBigHash.o MaraBigHash.c + +recursive.o: recursive.c ../libs/JsStr.h ../libs/MaraHash.h ../MaraDns.h + $(CC) -c $(FLAGS) -o recursive.o recursive.c + +timestamp.o: timestamp.c MaraDNS_locale.h + $(CC) -c $(FLAGS) -o timestamp.o timestamp.c + +maradns: MaraDNS.c $(OBJECTS) MaraDNS_locale.h + $(CC) $(FLAGS) -DVERSION=\"$(VERSION)\" -DCOMPILED=\"$(COMPILED)\" -o maradns MaraDNS.c $(OBJECTS) -lpthread + diff -Nru maradns-2.0.04/build/Makefile.solaris maradns-2.0.04+really1.4.09/build/Makefile.solaris --- maradns-2.0.04/build/Makefile.solaris 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/Makefile.solaris 2004-06-01 17:41:39.000000000 +0000 @@ -0,0 +1,45 @@ +# Server objects +SOBJECTS=server/MaraBigHash.o +# js_string library (buffer overflow resistant string library) objects +JOBJS=libs/JsStr.o libs/JsStrOS.o libs/JsStrCP.o +# MaraHash (assosciative array) library objects +MHOBJS=libs/MaraHash.o +# Parser objects +POBJECTS=parse/ParseMaraRc.o parse/ParseCsv1.o ../parse/ParseIpAcl.o +# DNS query processing library objects +DOBJECTS=dns/Queries.o dns/Compress.o dns/bobbit.o +# Secure Randum number generator objects +ROBJECTS=rng/rng-api-fst.o rng/rng-alg-fst.o +OBJECTS=$(JOBJS) $(MHOBJS) $(SOBJECTS) $(DOBJECTS) $(POBJECTS) $(DOBJECTS) $(ROBJECTS) +EXECS=server/maradns + +# Uncomment the following three lines to get this to compile on Solaris +LDFLAGS=-lxnet +CC=gcc $(LDFLAGS) -DSOLARIS -DNO_FLOCK +M=VERSION=$(VERSION) "CC=$(CC)" +# These are currently unused, but will be needed again if we use flock() again +# CFLAGS=-I/usr/ucbinclude +# L="CC=$(CC) $(CFLAGS)" +# LDFLAGS=-L/usr/ucblib -lucb -lxnet +# end the Solaris section +# Non-Solaris version of "M" +# M="VERSION=$(VERSION)" + +#FLAGS = -O2 -Wall +FLAGS = -g + +all: + cd libs ; make $(M) ; cd ../dns ; make $(M) ; cd ../rng ; make $(M) ; cd ../parse ; make $(M) ; cd ../qual ; make $(M) ; cd ../server ; make $(M) COMPILED=\"$(COMPILED)\" ; cd ../tools ; make $(M) ; cd ../tcp ; make $(M) ; cat ../00README.FIRST + +clean: + rm -f $(OBJECTS) core $(EXECS) ; cp build/Makefile.w Makefile ; cd dns ; make clean ; cd ../libs ; make clean ; cd ../parse ; make clean ; cd ../server ; make clean ; cd ../test ; make clean ; cd ../tools ; make clean ; cd misc ; make clean ; cd ../../utf8 ; make clean ; cd ../tcp ; make clean ; cd ../rng ; make clean ; cd ../sqa ; make clean # ; cd .. ; find . -type d | grep .deps | xargs rm -fr ; find . -name '*.o' | xargs rm + +strip: + cd server; strip maradns ; cd ../tcp ; strip zoneserver getzone ; cd ../tools ; strip askmara + +install: + cd build ; TOPLEVEL=`pwd`/.. VERSION=$(VERSION) PREFIX=/usr ./install.sh ; $(CC) copy.devs.c ; ./a.out ; rm ./a.out ; cd .. + +uninstall: + VERSION=$(VERSION) ./build/uninstall.sh + diff -Nru maradns-2.0.04/build/maradns-1.4.05.spec maradns-2.0.04+really1.4.09/build/maradns-1.4.05.spec --- maradns-2.0.04/build/maradns-1.4.05.spec 2010-08-28 22:13:19.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/maradns-1.4.05.spec 1970-01-01 00:00:00.000000000 +0000 @@ -1,374 +0,0 @@ -Summary: An authoritative and recursive DNS server made with security in mind -Name: maradns -Version: 1.4.05 -Release: 1 -License: BSD (Two-clause) -Group: Networking/Daemons -Source: http://www.maradns.org/download/1.4/1.4.05/maradns-1.4.05.tar.bz2 -#Source1: maradns-1.4.05.tar.bz2.sha.asc -#Source2: maradns-1.4.05.tar.bz2.rmd.asc -Patch0: maradns-1.1.59-rpm.patch -BuildRoot: /var/tmp/%{name}-buildroot - -%description -Erre con erre cigarro -Erre con erre barril -Rápido ruedan los carros -En el ferrocarril - -MaraDNS is an authoritative and recursive DNS server made with -security and embedded systems in mind. More information is at -http://www.maradns.org - -%prep -%setup -%patch0 -p1 - -%build -make - -%install -rm -fr $RPM_BUILD_ROOT/ -mkdir -p $RPM_BUILD_ROOT/usr/sbin -mkdir -p $RPM_BUILD_ROOT/usr/bin -mkdir -p $RPM_BUILD_ROOT/usr/doc -mkdir -p $RPM_BUILD_ROOT/usr/man/man8 -mkdir -p $RPM_BUILD_ROOT/usr/man/man1 -mkdir -p $RPM_BUILD_ROOT/usr/man/man5 -mkdir -p $RPM_BUILD_ROOT/etc -mkdir -p $RPM_BUILD_ROOT/etc/maradns -mkdir -p $RPM_BUILD_ROOT/etc/rc.d -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/rc3.d -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/rc5.d -make install -cp build/rpm.mararc $RPM_BUILD_ROOT/etc/mararc - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root) -%doc /usr/doc/maradns-1.4.05/* - -/usr/sbin/maradns -/usr/sbin/zoneserver -/usr/bin/getzone -/usr/bin/fetchzone -/usr/bin/askmara -/usr/bin/duende -/usr/man/man1/askmara.1* -/usr/man/man1/getzone.1* -/usr/man/man1/fetchzone.1* -/usr/man/man8/maradns.8* -/usr/man/man8/zoneserver.8* -/usr/man/man8/duende.8* -/usr/man/man5/csv1.5* -/usr/man/man5/csv2.5* -/usr/man/man5/csv2_txt.5* -/usr/man/man5/mararc.5* -/etc/rc.d/rc3.d/S60maradns -/etc/rc.d/rc5.d/S60maradns -/etc/rc.d/rc3.d/K60maradns.zoneserver -/etc/rc.d/rc5.d/K60maradns.zoneserver -/etc/maradns/logger -%config /etc/mararc -%config /etc/maradns/db.example.net -%config /etc/rc.d/init.d/maradns -%config /etc/rc.d/init.d/maradns.zoneserver - -%post -CHKCONFIGPARM="--add maradns" -if [ -x "/sbin/chkconfig" ]; then - "/sbin/chkconfig" $CHKCONFIGPARM -elif [ -x "/usr/sbin/chkconfig" ]; then - "/usr/sbin/chkconfig" $CHKCONFIGPARM -else - echo "No chkconfig found. Chkconfig skipped." -fi - -%preun -# End all instances of MaraDNS -echo Sending all MaraDNS processes the TERM signal -ps -ef | awk '{print $2":"$8}' | grep maradns | grep -v $$ | cut -f1 -d: | xargs kill > /dev/null 2>&1 -echo waiting 1 second -sleep 1 -echo Sending all MaraDNS processes the KILL signal -ps -e | awk '{print $1":"$NF}' | grep maradns | grep -v $$ | cut -f1 -d: | xargs kill -9 > /dev/null 2>&1 -echo MaraDNS should have been stopped - -CHKCONFIGPARM="--del maradns" -if [ -x "/sbin/chkconfig" ]; then - "/sbin/chkconfig" $CHKCONFIGPARM -elif [ -x "/usr/sbin/chkconfig" ]; then - "/usr/sbin/chkconfig" $CHKCONFIGPARM -else - echo "No chkconfig found. Chkconfig skipped." -fi - -%changelog -* Wed Dec 23 2009 Sam Trenholme -- RPM spec file updated to build RPM with MaraDNS 1.4 in CentOS 5 - -* Sat Oct 13 2007 Sam Trenholme -- RPM spec file now automatically generated by a script - -* Sat Sep 22 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.06 - -* Thu Aug 30 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.05 - -* Sat Aug 18 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.04 - -* Mon Aug 6 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.03 - -* Sun Jun 24 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.02 - -* Thu Jun 21 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.01 - -* Thu May 24 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.06 - -* Thu Mar 22 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.05 - -* Fri Feb 16 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.04 - -* Mon Jan 10 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.03 - -* Fri Dec 22 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.02 - -* Thu Dec 21 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.01 - -* Sat Oct 14 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.12.04 - -* Tue Aug 15 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.12.03 - -* Fri Jul 28 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.12.02 - -* Tue Jul 25 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.12.01 - -* Sun Jul 16 2006 Vlatko Kosturjak -- Added support for chkconfig - -* Fri Jun 23 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.11 - -* Mon Jun 19 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.10 - -* Tue Jun 13 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.09 - -* Sat Jun 10 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.08 - -* Mon May 29 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.5 - -* Tue May 16 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.4 - -* Wed Apr 19 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.3 - -* Tue Mar 28 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.2 - -* Sat Mar 11 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.1 - -* Tue Feb 21 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.06 - -* Sun Feb 19 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.05 - -* Thu Feb 9 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.04 - -* Fri Jan 27 2006 Greg Swallow -- changed mkdirhier to mkdir -p (mkdirhier requires xorg-x11) -- changed Copyright to License -- changed Patch1/2 to Source1/2 - not patches -- added * to usr/man/* file listings -- Changed doc dir to the correct one -- added file listing for maradns.zoneserver -- No functional changes - builds on Centos4 now - -* Sat Jan 21 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.03.1 - -* Sun Jan 1 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.01 - -* Wed Dec 21 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.00 - -* Wed Dec 14 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.91 - -* Wed Dec 7 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.90 - -* Mon Dec 5 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.61 - -* Sat Dec 3 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.60 - -* Mon Nov 28 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.59 - -* Sun Sep 1 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.04 - -* Sat Jul 20 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.03 - -* Sun Jul 14 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.04 - -* Fri Jul 12 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.03 - -* Sun Jun 30 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.02 - -* Wed Jun 26 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.01 - -* Fri Jun 21 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.00 - -* Sat Jun 15 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.92 - -* Wed Jun 12 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.91 - -* Mon Jun 10 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.39 - -* Sat Jun 8 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.38 - -* Fri Jun 7 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.37 - -* Wed Jun 5 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.36 - -* Fri May 31 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.34 - -* Tue May 21 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.33 - -* Sat May 18 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.31 - -* Fri May 17 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.30 - -* Wed May 15 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.29 - -* Mon May 13 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.28 - -* Thu May 9 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.26 - -* Wed May 8 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.24 - -* Sun May 5 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.23 - -* Mon Feb 11 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.11 - -* Mon Feb 11 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.10 - -* Sun Jan 27 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.09 - -* Fri Jan 25 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.08 - -* Thu Jan 10 2002 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.31 - -* Mon Sep 24 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.30 - -* Fri Aug 10 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.29 - -* Wed Jul 18 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.28 - -* Sun Jul 15 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.27 - -* Sun Jul 8 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.26 - -* Thu May 31 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.25 - -* Mon May 21 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.24 - -* Sat May 19 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.23 - -* Thu May 10 2001 Sam Trenholme -- MaraDNS rpm package updatd to version 0.5.22 - -* Mon May 7 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.21 - -* Sun May 6 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.20 - -* Thu May 3 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.18. - -* Mon Apr 30 2001 Sam Trehnolme -- MaraDNS rpm package upped to version 0.5.17. - -* Sun Apr 22 2001 Sam Trenholme -- MaraDNS rpm package upped to version 0.5.13. More info - at http://www.maradns.org/changelog.html - -* Sun Apr 22 2001 Sam Trenholme -- MaraDNS rpm package upped to version 0.5.12. More info - at http://www.maradns.org/changelog.html - -* Fri Apr 20 2001 Sam Trenholme -- MaraDNS rpm package upped to version 0.5.10. Details at - http://www.maradns.org/changelog.html - -* Fri Apr 20 2001 Sam Trenholme -- MaraDNS RPM package upped to version 0.5.09. Go to www.maradns.org for - full changelog. - -* Thu Apr 19 2001 Sam Trenholme -- Initial RPM package of MaraDNS -EOF diff -Nru maradns-2.0.04/build/maradns-1.4.09.spec maradns-2.0.04+really1.4.09/build/maradns-1.4.09.spec --- maradns-2.0.04/build/maradns-1.4.09.spec 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/maradns-1.4.09.spec 2011-12-30 22:25:56.000000000 +0000 @@ -0,0 +1,373 @@ +Summary: An authoritative and recursive DNS server made with security in mind +Name: maradns +Version: 1.4.09 +Release: 1 +License: BSD (Two-clause) +Group: Networking/Daemons +Source: http://www.maradns.org/download/1.4/1.4.09/maradns-1.4.09.tar.bz2 +#Source1: maradns-1.4.09.tar.bz2.sha.asc +#Source2: maradns-1.4.09.tar.bz2.rmd.asc +Patch0: maradns-1.1.59-rpm.patch +BuildRoot: /var/tmp/%{name}-buildroot + +%description +Erre con erre cigarro +Erre con erre barril +Rápido ruedan los carros +En el ferrocarril + +MaraDNS is an authoritative and recursive DNS server made with +security and embedded systems in mind. More information is at +http://www.maradns.org + +%prep +%setup +%patch0 -p1 + +%build +make + +%install +rm -fr $RPM_BUILD_ROOT/ +mkdir -p $RPM_BUILD_ROOT/usr/sbin +mkdir -p $RPM_BUILD_ROOT/usr/bin +mkdir -p $RPM_BUILD_ROOT/usr/doc +mkdir -p $RPM_BUILD_ROOT/usr/man/man8 +mkdir -p $RPM_BUILD_ROOT/usr/man/man1 +mkdir -p $RPM_BUILD_ROOT/usr/man/man5 +mkdir -p $RPM_BUILD_ROOT/etc +mkdir -p $RPM_BUILD_ROOT/etc/maradns +mkdir -p $RPM_BUILD_ROOT/etc/rc.d +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/rc3.d +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/rc5.d +make install +cp build/rpm.mararc $RPM_BUILD_ROOT/etc/mararc + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%doc /usr/doc/maradns-1.4.09/* + +/usr/sbin/maradns +/usr/sbin/zoneserver +/usr/bin/getzone +/usr/bin/fetchzone +/usr/bin/askmara +/usr/bin/duende +/usr/man/man1/askmara.1* +/usr/man/man1/getzone.1* +/usr/man/man1/fetchzone.1* +/usr/man/man8/maradns.8* +/usr/man/man8/zoneserver.8* +/usr/man/man8/duende.8* +/usr/man/man5/csv1.5* +/usr/man/man5/csv2.5* +/usr/man/man5/csv2_txt.5* +/usr/man/man5/mararc.5* +/etc/rc.d/rc3.d/S60maradns +/etc/rc.d/rc5.d/S60maradns +/etc/rc.d/rc3.d/K60maradns.zoneserver +/etc/rc.d/rc5.d/K60maradns.zoneserver +/etc/maradns/logger +%config /etc/mararc +%config /etc/maradns/db.example.net +%config /etc/rc.d/init.d/maradns +%config /etc/rc.d/init.d/maradns.zoneserver + +%post +CHKCONFIGPARM="--add maradns" +if [ -x "/sbin/chkconfig" ]; then + "/sbin/chkconfig" $CHKCONFIGPARM +elif [ -x "/usr/sbin/chkconfig" ]; then + "/usr/sbin/chkconfig" $CHKCONFIGPARM +else + echo "No chkconfig found. Chkconfig skipped." +fi + +%preun +# End all instances of MaraDNS +echo Sending all MaraDNS processes the TERM signal +ps -ef | awk '{print $2":"$8}' | grep maradns | grep -v $$ | cut -f1 -d: | xargs kill > /dev/null 2>&1 +echo waiting 1 second +sleep 1 +echo Sending all MaraDNS processes the KILL signal +ps -e | awk '{print $1":"$NF}' | grep maradns | grep -v $$ | cut -f1 -d: | xargs kill -9 > /dev/null 2>&1 +echo MaraDNS should have been stopped + +CHKCONFIGPARM="--del maradns" +if [ -x "/sbin/chkconfig" ]; then + "/sbin/chkconfig" $CHKCONFIGPARM +elif [ -x "/usr/sbin/chkconfig" ]; then + "/usr/sbin/chkconfig" $CHKCONFIGPARM +else + echo "No chkconfig found. Chkconfig skipped." +fi + +%changelog +* Wed Dec 23 2009 Sam Trenholme +- RPM spec file updated to build RPM with MaraDNS 1.4 in CentOS 5 + +* Sat Oct 13 2007 Sam Trenholme +- RPM spec file now automatically generated by a script + +* Sat Sep 22 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.07.06 + +* Thu Aug 30 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.07.05 + +* Sat Aug 18 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.07.04 + +* Mon Aug 6 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.07.03 + +* Sun Jun 24 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.07.02 + +* Thu Jun 21 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.07.01 + +* Thu May 24 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.06 + +* Thu Mar 22 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.05 + +* Fri Feb 16 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.04 + +* Mon Jan 10 2007 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.03 + +* Fri Dec 22 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.02 + +* Thu Dec 21 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.3.01 + +* Sat Oct 14 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.12.04 + +* Tue Aug 15 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.12.03 + +* Fri Jul 28 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.12.02 + +* Tue Jul 25 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.12.01 + +* Sun Jul 16 2006 Vlatko Kosturjak +- Added support for chkconfig + +* Fri Jun 23 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.11 + +* Mon Jun 19 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.10 + +* Tue Jun 13 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.09 + +* Sat Jun 10 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.08 + +* Mon May 29 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.07.5 + +* Tue May 16 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.07.4 + +* Wed Apr 19 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.07.3 + +* Tue Mar 28 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.07.2 + +* Sat Mar 11 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.07.1 + +* Tue Feb 21 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.06 + +* Sun Feb 19 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.05 + +* Thu Feb 9 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.04 + +* Fri Jan 27 2006 Greg Swallow +- changed mkdirhier to mkdir -p (mkdirhier requires xorg-x11) +- changed Copyright to License +- changed Patch1/2 to Source1/2 - not patches +- added * to usr/man/* file listings +- Changed doc dir to the correct one +- added file listing for maradns.zoneserver +- No functional changes - builds on Centos4 now + +* Sat Jan 21 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.03.1 + +* Sun Jan 1 2006 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.01 + +* Wed Dec 21 2005 Sam Trenholme +- MaraDNS rpm package updated for version 1.2.00 + +* Wed Dec 14 2005 Sam Trenholme +- MaraDNS rpm package updated for version 1.1.91 + +* Wed Dec 7 2005 Sam Trenholme +- MaraDNS rpm package updated for version 1.1.90 + +* Mon Dec 5 2005 Sam Trenholme +- MaraDNS rpm package updated for version 1.1.61 + +* Sat Dec 3 2005 Sam Trenholme +- MaraDNS rpm package updated for version 1.1.60 + +* Mon Nov 28 2005 Sam Trenholme +- MaraDNS rpm package updated for version 1.1.59 + +* Sun Sep 1 2002 Sam Trenholme +- MaraDNS rpm package updated for version 1.1.04 + +* Sat Jul 20 2002 Sam Trenholme +- MaraDNS rpm package updated for version 1.1.03 + +* Sun Jul 14 2002 Sam Trenholme +- MaraDNS rpm package updated for version 1.0.04 + +* Fri Jul 12 2002 Sam Trenholme +- MaraDNS rpm package updated for version 1.0.03 + +* Sun Jun 30 2002 Sam Trenholme +- MaraDNS rpm package updated for version 1.0.02 + +* Wed Jun 26 2002 Sam Trenholme +- MaraDNS rpm package updated for version 1.0.01 + +* Fri Jun 21 2002 Sam Trenholme +- MaraDNS rpm package updated for version 1.0.00 + +* Sat Jun 15 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.92 + +* Wed Jun 12 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.91 + +* Mon Jun 10 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.39 + +* Sat Jun 8 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.38 + +* Fri Jun 7 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.37 + +* Wed Jun 5 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.36 + +* Fri May 31 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.34 + +* Tue May 21 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.33 + +* Sat May 18 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.31 + +* Fri May 17 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.30 + +* Wed May 15 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.29 + +* Mon May 13 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.28 + +* Thu May 9 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.26 + +* Wed May 8 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.24 + +* Sun May 5 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.23 + +* Mon Feb 11 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.11 + +* Mon Feb 11 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.10 + +* Sun Jan 27 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.09 + +* Fri Jan 25 2002 Sam Trenholme +- MaraDNS rpm package updated for version 0.9.08 + +* Thu Jan 10 2002 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.31 + +* Mon Sep 24 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.30 + +* Fri Aug 10 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.29 + +* Wed Jul 18 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.28 + +* Sun Jul 15 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.27 + +* Sun Jul 8 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.26 + +* Thu May 31 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.25 + +* Mon May 21 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.24 + +* Sat May 19 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.23 + +* Thu May 10 2001 Sam Trenholme +- MaraDNS rpm package updatd to version 0.5.22 + +* Mon May 7 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.21 + +* Sun May 6 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.20 + +* Thu May 3 2001 Sam Trenholme +- MaraDNS rpm package updated to version 0.5.18. + +* Mon Apr 30 2001 Sam Trehnolme +- MaraDNS rpm package upped to version 0.5.17. + +* Sun Apr 22 2001 Sam Trenholme +- MaraDNS rpm package upped to version 0.5.13. More info + at http://www.maradns.org/changelog.html + +* Sun Apr 22 2001 Sam Trenholme +- MaraDNS rpm package upped to version 0.5.12. More info + at http://www.maradns.org/changelog.html + +* Fri Apr 20 2001 Sam Trenholme +- MaraDNS rpm package upped to version 0.5.10. Details at + http://www.maradns.org/changelog.html + +* Fri Apr 20 2001 Sam Trenholme +- MaraDNS RPM package upped to version 0.5.09. Go to www.maradns.org for + full changelog. + +* Thu Apr 19 2001 Sam Trenholme +- Initial RPM package of MaraDNS diff -Nru maradns-2.0.04/build/maradns-2.0.04.spec maradns-2.0.04+really1.4.09/build/maradns-2.0.04.spec --- maradns-2.0.04/build/maradns-2.0.04.spec 2011-11-12 08:25:41.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/maradns-2.0.04.spec 1970-01-01 00:00:00.000000000 +0000 @@ -1,374 +0,0 @@ -Summary: An authoritative and recursive DNS server made with security in mind -Name: maradns -Version: 2.0.04 -Release: 1 -License: BSD (Two-clause) -Group: Networking/Daemons -Source: http://www.maradns.org/download/1.4/2.0.04/maradns-2.0.04.tar.bz2 -#Source1: maradns-2.0.04.tar.bz2.sha.asc -#Source2: maradns-2.0.04.tar.bz2.rmd.asc -Patch0: maradns-1.1.59-rpm.patch -BuildRoot: /var/tmp/%{name}-buildroot - -%description -Erre con erre cigarro -Erre con erre barril -Rápido ruedan los carros -En el ferrocarril - -MaraDNS is an authoritative and recursive DNS server made with -security and embedded systems in mind. More information is at -http://www.maradns.org - -%prep -%setup -%patch0 -p1 - -%build -make - -%install -rm -fr $RPM_BUILD_ROOT/ -mkdir -p $RPM_BUILD_ROOT/usr/sbin -mkdir -p $RPM_BUILD_ROOT/usr/bin -mkdir -p $RPM_BUILD_ROOT/usr/doc -mkdir -p $RPM_BUILD_ROOT/usr/man/man8 -mkdir -p $RPM_BUILD_ROOT/usr/man/man1 -mkdir -p $RPM_BUILD_ROOT/usr/man/man5 -mkdir -p $RPM_BUILD_ROOT/etc -mkdir -p $RPM_BUILD_ROOT/etc/maradns -mkdir -p $RPM_BUILD_ROOT/etc/rc.d -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/rc3.d -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/rc5.d -make install -cp build/rpm.mararc $RPM_BUILD_ROOT/etc/mararc - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root) -%doc /usr/doc/maradns-2.0.04/* - -/usr/sbin/maradns -/usr/sbin/zoneserver -/usr/bin/getzone -/usr/bin/fetchzone -/usr/bin/askmara -/usr/bin/duende -/usr/man/man1/askmara.1* -/usr/man/man1/getzone.1* -/usr/man/man1/fetchzone.1* -/usr/man/man8/maradns.8* -/usr/man/man8/zoneserver.8* -/usr/man/man8/duende.8* -/usr/man/man5/csv1.5* -/usr/man/man5/csv2.5* -/usr/man/man5/csv2_txt.5* -/usr/man/man5/mararc.5* -/etc/rc.d/rc3.d/S60maradns -/etc/rc.d/rc5.d/S60maradns -/etc/rc.d/rc3.d/K60maradns.zoneserver -/etc/rc.d/rc5.d/K60maradns.zoneserver -/etc/maradns/logger -%config /etc/mararc -%config /etc/maradns/db.example.net -%config /etc/rc.d/init.d/maradns -%config /etc/rc.d/init.d/maradns.zoneserver - -%post -CHKCONFIGPARM="--add maradns" -if [ -x "/sbin/chkconfig" ]; then - "/sbin/chkconfig" $CHKCONFIGPARM -elif [ -x "/usr/sbin/chkconfig" ]; then - "/usr/sbin/chkconfig" $CHKCONFIGPARM -else - echo "No chkconfig found. Chkconfig skipped." -fi - -%preun -# End all instances of MaraDNS -echo Sending all MaraDNS processes the TERM signal -ps -ef | awk '{print $2":"$8}' | grep maradns | grep -v $$ | cut -f1 -d: | xargs kill > /dev/null 2>&1 -echo waiting 1 second -sleep 1 -echo Sending all MaraDNS processes the KILL signal -ps -e | awk '{print $1":"$NF}' | grep maradns | grep -v $$ | cut -f1 -d: | xargs kill -9 > /dev/null 2>&1 -echo MaraDNS should have been stopped - -CHKCONFIGPARM="--del maradns" -if [ -x "/sbin/chkconfig" ]; then - "/sbin/chkconfig" $CHKCONFIGPARM -elif [ -x "/usr/sbin/chkconfig" ]; then - "/usr/sbin/chkconfig" $CHKCONFIGPARM -else - echo "No chkconfig found. Chkconfig skipped." -fi - -%changelog -* Wed Dec 23 2009 Sam Trenholme -- RPM spec file updated to build RPM with MaraDNS 1.4 in CentOS 5 - -* Sat Oct 13 2007 Sam Trenholme -- RPM spec file now automatically generated by a script - -* Sat Sep 22 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.06 - -* Thu Aug 30 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.05 - -* Sat Aug 18 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.04 - -* Mon Aug 6 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.03 - -* Sun Jun 24 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.02 - -* Thu Jun 21 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.07.01 - -* Thu May 24 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.06 - -* Thu Mar 22 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.05 - -* Fri Feb 16 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.04 - -* Mon Jan 10 2007 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.03 - -* Fri Dec 22 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.02 - -* Thu Dec 21 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.3.01 - -* Sat Oct 14 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.12.04 - -* Tue Aug 15 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.12.03 - -* Fri Jul 28 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.12.02 - -* Tue Jul 25 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.12.01 - -* Sun Jul 16 2006 Vlatko Kosturjak -- Added support for chkconfig - -* Fri Jun 23 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.11 - -* Mon Jun 19 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.10 - -* Tue Jun 13 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.09 - -* Sat Jun 10 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.08 - -* Mon May 29 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.5 - -* Tue May 16 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.4 - -* Wed Apr 19 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.3 - -* Tue Mar 28 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.2 - -* Sat Mar 11 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.07.1 - -* Tue Feb 21 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.06 - -* Sun Feb 19 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.05 - -* Thu Feb 9 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.04 - -* Fri Jan 27 2006 Greg Swallow -- changed mkdirhier to mkdir -p (mkdirhier requires xorg-x11) -- changed Copyright to License -- changed Patch1/2 to Source1/2 - not patches -- added * to usr/man/* file listings -- Changed doc dir to the correct one -- added file listing for maradns.zoneserver -- No functional changes - builds on Centos4 now - -* Sat Jan 21 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.03.1 - -* Sun Jan 1 2006 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.01 - -* Wed Dec 21 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.2.00 - -* Wed Dec 14 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.91 - -* Wed Dec 7 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.90 - -* Mon Dec 5 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.61 - -* Sat Dec 3 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.60 - -* Mon Nov 28 2005 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.59 - -* Sun Sep 1 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.04 - -* Sat Jul 20 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.1.03 - -* Sun Jul 14 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.04 - -* Fri Jul 12 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.03 - -* Sun Jun 30 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.02 - -* Wed Jun 26 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.01 - -* Fri Jun 21 2002 Sam Trenholme -- MaraDNS rpm package updated for version 1.0.00 - -* Sat Jun 15 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.92 - -* Wed Jun 12 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.91 - -* Mon Jun 10 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.39 - -* Sat Jun 8 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.38 - -* Fri Jun 7 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.37 - -* Wed Jun 5 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.36 - -* Fri May 31 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.34 - -* Tue May 21 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.33 - -* Sat May 18 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.31 - -* Fri May 17 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.30 - -* Wed May 15 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.29 - -* Mon May 13 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.28 - -* Thu May 9 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.26 - -* Wed May 8 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.24 - -* Sun May 5 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.23 - -* Mon Feb 11 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.11 - -* Mon Feb 11 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.10 - -* Sun Jan 27 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.09 - -* Fri Jan 25 2002 Sam Trenholme -- MaraDNS rpm package updated for version 0.9.08 - -* Thu Jan 10 2002 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.31 - -* Mon Sep 24 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.30 - -* Fri Aug 10 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.29 - -* Wed Jul 18 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.28 - -* Sun Jul 15 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.27 - -* Sun Jul 8 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.26 - -* Thu May 31 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.25 - -* Mon May 21 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.24 - -* Sat May 19 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.23 - -* Thu May 10 2001 Sam Trenholme -- MaraDNS rpm package updatd to version 0.5.22 - -* Mon May 7 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.21 - -* Sun May 6 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.20 - -* Thu May 3 2001 Sam Trenholme -- MaraDNS rpm package updated to version 0.5.18. - -* Mon Apr 30 2001 Sam Trehnolme -- MaraDNS rpm package upped to version 0.5.17. - -* Sun Apr 22 2001 Sam Trenholme -- MaraDNS rpm package upped to version 0.5.13. More info - at http://www.maradns.org/changelog.html - -* Sun Apr 22 2001 Sam Trenholme -- MaraDNS rpm package upped to version 0.5.12. More info - at http://www.maradns.org/changelog.html - -* Fri Apr 20 2001 Sam Trenholme -- MaraDNS rpm package upped to version 0.5.10. Details at - http://www.maradns.org/changelog.html - -* Fri Apr 20 2001 Sam Trenholme -- MaraDNS RPM package upped to version 0.5.09. Go to www.maradns.org for - full changelog. - -* Thu Apr 19 2001 Sam Trenholme -- Initial RPM package of MaraDNS -EOF diff -Nru maradns-2.0.04/build/uninstall.sh maradns-2.0.04+really1.4.09/build/uninstall.sh --- maradns-2.0.04/build/uninstall.sh 2011-08-05 11:59:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/build/uninstall.sh 2002-01-22 00:22:54.000000000 +0000 @@ -1,6 +1,5 @@ #!/bin/sh - # Shell script which uninstalls the MaraDNS files # We call install.locations to set BIN, SBIN, MAN1, and MAN8 @@ -14,11 +13,11 @@ echo Removing MaraDNS by erasing programs in $BIN and $SBIN, echo man pages in $MAN1 and $MAN8, and the directory tree $DOCS cd $SBIN -rm maradns zoneserver Deadwood +rm maradns zoneserver cd $BIN rm askmara getzone cd $MAN1 -rm askmara.1 getzone.1 Deadwood.1 +rm askmara.1 getzone.1 cd $MAN8 rm maradns.8 zoneserver.8 rm -fr $DOCS @@ -27,17 +26,11 @@ rm /etc/rc.d/rc3.d/S60maradns rm /etc/rc.d/rc5.d/S60maradns rm /etc/rc.d/init.d/maradns - rm /etc/rc.d/rc3.d/K60maradns.zoneserver - rm /etc/rc.d/rc5.d/K60maradns.zoneserver - rm /etc/rc.d/init.d/maradns.zoneserver - rm /etc/rc.d/rc3.d/S60maradns.deadwood - rm /etc/rc.d/rc5.d/S60maradns.deadwood - rm /etc/rc.d/init.d/maradns.deadwood fi echo Note that cahced copies of man pages may still be lurking around echo echo Not removing configuration files. If you wish to completely purge -echo MaraDNS from your system, rm /etc/mararc, /etc/dwood3rc and the -echo /etc/maradns/ directory, as well as any cached copies of MaraDNS man pages +echo MaraDNS from your system, rm /etc/mararc and the /etc/maradns/ +echo directory, and remove any cached copies of MaraDNS man pages diff -Nru maradns-2.0.04/CHANGELOG maradns-2.0.04+really1.4.09/CHANGELOG --- maradns-2.0.04/CHANGELOG 2011-11-12 08:25:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/CHANGELOG 2011-11-11 22:58:35.000000000 +0000 @@ -1,107 +1,14 @@ MaraDNS changelog - maradns-2.0.04: - - This is a stable release of MaraDNS. - - * AngelD's issue with zone transfers when there are a lot of - FQDN4 records fixed. - * Karim's issue with '/read' directive fixed - - (2011.11.12) - - maradns-1.4.07: - - This is a legacy release of MaraDNS. All patches are backports - of MaraDNS 2.0 bug fixes. - - * A typo fix for fetchzone - * AXFR-over-UDP packets are now correctly marked "truncated" - * It is now possible to have the '/' in hostnames - * Fix for Debian bug #607739: Hostname shown when - complaining about DDIP issues - * AngelD's issue with zone transfers when there are a lot of - FQDN4 records fixed. - * Karim's issue with '/read' directive fixed - - (2011.11.11) - - maradns-2.0.03: - - This is a stable release of MaraDNS. - - * Deadwood updated to Deadwood 3.0.03 - * ANY queries that do not fit in 512 bytes are now properly - truncated - * RFC2317 hostnames with slash characters ('/') are now - supported - * MaraDNS is now fully installed when 'make install' is - invoked (at least on CentOS 5) - * DDIP MX problem records now show hostname - * Correct handling of IXFR and AXFR requests sent over UDP - (the UDP server now always marks these as being truncated) - * Documentation updates - * Give information on how to RTFM (correct manpage pointed - out) if a csv2 file doesn't parse - * Added support for --pid=/path/to/file to Duende (courtesy - Yarin) - * ipv6 fixes applied - * Courtesy of Nicholas Bamber, Duende should now reap all - children (as long as they don't need a KILL/9 signal to - exit) - * Updates to the SQA regressions - * MaraDNS 2.0 tarball is now xz compressed; MaraDNS 2.0 - Windows binary is now provided. - - (2011.08.05) - - maradns-2.0.02: - - This is a stable branch of MaraDNS. - - * Documentation updates - * Applied Corey's patch that fixes a typo in fetchzone.c - * Applied Yarin's patch that makes the "install.locations" - script more flexible. - * I have adapted Yarin's patch that makes email addresses - like 'john\.doe@example.com' possible in SOA records. - * Updated an error message that stated we were running - MaraDNS 1.2 (now says 2.0) - * Updated the copyright statement to have the year 2011 - * Deadwood updated to 3.0.02 - * Fix for CVE-2011-0520 - - (2011.02.05) - - maradns-1.4.06: + maradns-1.4.05: - This is a stable branch of MaraDNS. + This is the stable branch of MaraDNS. * Fix for CVE-2011-0520 * Deadwood updated to 3.0.02 (2011.01.28) - maradns-2.0.01: - - This is a stable branch of MaraDNS. - - * MaraDNS build process modified to compile without any - recursion; recursion is now supplied by Deadwood. - - (2010.09.28) - - maradns-1.4.05: - - This is a stable branch of MaraDNS. - - * Deadwood updated to the stable 3.0.01 release. - * MicroDNS now returns "not implemented" when given an EDNS - packet - * FAQ updated. - - (2010.09.25) - maradns-1.4.04: This is the stable branch of MaraDNS. diff -Nru maradns-2.0.04/configure maradns-2.0.04+really1.4.09/configure --- maradns-2.0.04/configure 2011-08-05 11:59:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/configure 2007-10-19 13:54:14.000000000 +0000 @@ -8,17 +8,13 @@ exit 1 fi -# MaraDNS 2.0 is AUTHONLY -AUTHONLY="yes" -export AUTHONLY - -# Options: '--ipv6' -if [ "$1" = '--ipv6' ] ; then - IPV6="yes" +# Options: '--authonly' +if [ "$1" = '--authonly' ] ; then + AUTHONLY="yes" elif [ -n "$1" ] ; then echo 'Usage: ./configure [options]' - echo 'Where [options] currently only supports "--ipv6" for' - echo 'making an ipv6-capable build of MaraDNS' + echo 'Where [options] currently only supports "--authonly" for' + echo 'making an authoritative-only build of MaraDNS' exit 1 fi @@ -56,19 +52,36 @@ # Set up the informaiton on where and when this version of MaraDNS was # compiled SA="system at" -if [ -z "$IPV6" ] ; then +if [ -z "$AUTHONLY" ] ; then echo COMPILED=\"$UNAME system at `date`\" >> Makefile echo COMPILED_DEBUG=\"$UNAME system at `date`\ \(Debug\)\" >> Makefile else - echo COMPILED=\"$UNAME system at `date` \(IPv6\)\" >> Makefile - echo COMPILED_DEBUG=\"$UNAME $SA `date`\ \(Debug IPv6\)\" >> Makefile + echo COMPILED=\"$UNAME system at `date` \(authonly\)\" >> Makefile + echo COMPILED_DEBUG=\"$UNAME $SA `date`\ \(Debug authonly\)\" >> Makefile fi -# Give them a message dependent on what kind of system they have +# Give them a message dependent on what kind of systme they have if echo $UNAME | grep -i linux > /dev/null ; then cat $BUILDDIR/Makefile.linux >> Makefile echo It looks like you are using Linux\; just type in \'make\' EXITCODE=0 +elif echo $UNAME | grep -i freebsd > /dev/null ; then + cat $BUILDDIR/Makefile.freebsd >> Makefile + echo It looks like you are using FreeBSD\; this should compile + echo fine by typing in \'make\'. There is an official port here: + echo + echo http://www.freebsd.org/cgi/cvsweb.cgi/ports/dns/maradns/ + echo + echo Which may be on your system here: + echo + echo /usr/ports/dns/maradns + echo + EXITCODE=0 +elif echo $UNAME | grep -i openbsd > /dev/null ; then + cat $BUILDDIR/Makefile.freebsd >> Makefile + echo It looks like you are using OpenBSD\; this should compile + echo fine by typing in \'make\'. + EXITCODE=0 elif echo $UNAME | grep -i mingw32 > /dev/null ; then cat $BUILDDIR/Makefile.mingw32 >> Makefile echo It looks like you are using MinGW32 \; this is only a partial @@ -80,8 +93,8 @@ # Other Makefile changes cp server/Makefile.mingw32 server/Makefile cp tools/Makefile.mingw32 tools/Makefile - cp qual/Makefile.nothreads qual/Makefile - cp dns/Makefile.authonly dns/Makefile + cp qual/Makefile.threadsafe qual/Makefile + cp dns/Makefile.recursive dns/Makefile # Mingw32 doesn't support symlinks cp server/MaraBigHash_en.h server/MaraBigHash_locale.h cp server/MaraDNS_en.h server/MaraDNS_locale.h @@ -92,6 +105,21 @@ echo It looks like you are using Cygwin\; this should compile fine echo by typing in \'make\'. EXITCODE=0 +elif echo $UNAME | grep -i AIX > /dev/null ; then + cat $BUILDDIR/Makefile.AIX >> Makefile + echo It looks like you are using AIX\; this should compile fine + echo by typing in \'make\'. + EXITCODE=0 +elif echo $UNAME | grep -i darwin > /dev/null ; then + cat $BUILDDIR/Makefile.darwin >> Makefile + cp $BUILDDIR/install.darwin $BUILDDIR/install.locations + echo It looks like you are using Darwin \(usually\; Mac OS X\)\; + #echo This should compile fine by typing in \'make\'. + echo You might be able to compile MaraDNS by typing \"make\" + echo \(if you typed in \"make\" before, just type it again\) + echo + echo THIS PORT HAS NOT BEEN FULLY TESTED\; USE AT YOUR OWN RISK + EXITCODE=1 # This is a a template for adding support to a new OS for MaraDNS. # Some points: If you port MaraDNS, make sure the underlying OS has # /dev/urandom support or have the default mararc have a @@ -115,7 +143,9 @@ echo This is an unknown platform. MaraDNS may or may not compile echo on this platform. If you are able to sucessfully compile echo and install MaraDNS on this platform, please let me know - echo by contacting the mailing list. + echo by contacting me. My contact info is here: + echo + echo http://www.maradns.org/contact.html echo echo I encourage you to make an official port of MaraDNS for this echo platform so other users of MaraDNS do not see this obnoxious @@ -129,19 +159,24 @@ fi # Set up recursive and authoritative name serving -if [ -z "$IPV6" ] ; then +if [ -z "$AUTHONLY" ] ; then + cp server/Makefile.recursive server/Makefile + # FreeBSD uses -pthread instead of -lpthread to compile a + # Pthread program + if echo $UNAME | grep -i freebsd > /dev/null ; then + cat server/Makefile.recursive | \ + sed 's/lpthread/pthread/' > server/Makefile + fi + cp qual/Makefile.threadsafe qual/Makefile + cp tcp/Makefile.recursive tcp/Makefile + cp dns/Makefile.recursive dns/Makefile + cp tools/Makefile.recursive tools/Makefile +else cp server/Makefile.authonly server/Makefile cp qual/Makefile.nothreads qual/Makefile cp tcp/Makefile.authonly tcp/Makefile cp dns/Makefile.authonly dns/Makefile cp tools/Makefile.authonly tools/Makefile -else - cp server/Makefile.ipv6 server/Makefile - cp qual/Makefile.nothreads qual/Makefile - cp tcp/Makefile.ipv6 tcp/Makefile - cp dns/Makefile.authonly dns/Makefile - cp tools/Makefile.ipv6 tools/Makefile - cp deadwood-*/src/Makefile.ipv6 deadwood-*/src/Makefile fi echo diff -Nru maradns-2.0.04/deadwood-3.0.05/src/DwRandPrime.h maradns-2.0.04+really1.4.09/deadwood-3.0.05/src/DwRandPrime.h --- maradns-2.0.04/deadwood-3.0.05/src/DwRandPrime.h 2011-11-12 08:25:43.000000000 +0000 +++ maradns-2.0.04+really1.4.09/deadwood-3.0.05/src/DwRandPrime.h 2011-12-30 22:26:24.000000000 +0000 @@ -1,4 +1,4 @@ /* This file is automatically generated by RandomPrime */ -#define MUL_CONSTANT 1737063469 -/* 1737063469 has 17 bits set to 1 */ +#define MUL_CONSTANT 1961496701 +/* 1961496701 has 16 bits set to 1 */ diff -Nru maradns-2.0.04/debian/changelog maradns-2.0.04+really1.4.09/debian/changelog --- maradns-2.0.04/debian/changelog 2012-01-10 22:37:42.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/changelog 2012-01-12 23:37:34.000000000 +0000 @@ -1,27 +1,9 @@ -maradns (2.0.04-1ubuntu1) precise; urgency=low +maradns (2.0.04+really1.4.09-1) precise; urgency=low - * Only install files into maradns-docs in the indep build. Increase minimum - version on debhelper BD to ensure override_...-indep support is available. + * Revert to 1.4 series with "really" version number. The 2.0 series packages + are not yet ready to be used. - -- Iain Lane Tue, 10 Jan 2012 21:01:17 +0000 - -maradns (2.0.04-1) experimental; urgency=low - - * Allowed watch file to pick up 2.x releases - * New upstream release - * Refreshed patches - * Added override to stop deletion of server/MaraDNS.c.orig - * Added patch to stop corruption of deadwood source code - * Added public domain stanza trying to give useful information about - the public domain status (or otherwise) of certain files. - * Updated doc-base index file - * Split out documentation into separate package as it is written from - an upstream point of view - * Added askmara-tcp tool to maradns-zoneserver package - * Added experimental maradns-deadwood package (Closes: #612229) - * Turned on compilation for IPv6 (Closes: #477787) - - -- Nicholas Bamber Fri, 06 Jan 2012 08:47:03 +0000 + -- Iain Lane Thu, 12 Jan 2012 23:35:38 +0000 maradns (1.4.09-1) unstable; urgency=medium diff -Nru maradns-2.0.04/debian/control maradns-2.0.04+really1.4.09/debian/control --- maradns-2.0.04/debian/control 2012-01-10 21:42:46.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/control 2011-12-30 16:02:50.000000000 +0000 @@ -1,9 +1,8 @@ Source: maradns Section: net Priority: extra -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Nicholas Bamber -Build-Depends: debhelper (>= 8.9.7~), python-dev (>= 2.6.6-3~) +Maintainer: Nicholas Bamber +Build-Depends: debhelper (>= 7.0.50~), python-dev (>= 2.6.6-3~) Standards-Version: 3.9.2 Homepage: http://maradns.org Vcs-Git: git://github.com/periapt/maradns.git @@ -14,19 +13,15 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, lsb-base, duende (>= 1.4.06-3) Recommends: ${python:Depends}, maradns-zoneserver -Suggests: maradns-deadwood -Description: simple security-focused authoritative Domain Name Service server - MaraDNS is easy to configure DNS server that functions as an - authoritative domain name server. MaraDNS is +Description: simple security-focused Domain Name Service server + MaraDNS is easy to configure DNS server that functions as a + recursive and/or authoritative name server. MaraDNS is optimised for serving a small number of domains quickly and efficiently. Well suited to host your own private DNS server for making up subdomains with minimal fuss. Maradns is security-aware by utilising a special string library which is resistant to buffer overflows and mandating to run as an unprivileged user. - . - For the recursive name server component and IPv6 support see - maradns-deadwood. For TCP and domain transfer support see maradns-zoneserver. Package: maradns-zoneserver Architecture: any @@ -35,21 +30,6 @@ The MaraDNS zoneserver listens on port 53/tcp and handles DNS zone transfers and any DNS query done over TCP instead of UDP. It uses the same configuration file as the MaraDNS process itself. - . - This package also includes askmara-tcp, a version of askmara that uses TCP - rather than UDP. - -Package: maradns-deadwood -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} -Suggests: maradns (>= 2.0.04-1) -Recommends: duende (>= 1.4.06-3) -Enhances: maradns (>= 2.0.04-1) -Description: simple security-focused reursive Domain Name Service server - This is an experimental build of the deadwood binary, that is MaraDNS' - recursive domain name server. It will contain support for IPv6. However - the necessary integration of init scripts and config files will not be - done. Package: duende Section: admin @@ -64,19 +44,3 @@ status it will be restarted. Optionally duende will provide a pid file, and other features are configurable. -Package: maradns-docs -Section: doc -Architecture: all -Depends: ${misc:Depends} -Enhances: maradns-zoneserver, maradns-deadwood, duende, maradns -Breaks: maradns (<< 2) -Replaces: maradns (<< 2) -Recommends: dwww -Description: upstream documentation for the MaraDNS Domain Name Service server - MaraDNS is easy to configure DNS server that functions as a recursive and/or - authoritative name server. This package provides the upstream documentation - for the MaraDNS suite. This includes more information than is available in the - man pages including background information on DNS, how to obtain the source - code, compile and install it. As a result the documentation includes none of - the packaging tweaks intended to fit MaraDNS into Debian. - diff -Nru maradns-2.0.04/debian/copyright maradns-2.0.04+really1.4.09/debian/copyright --- maradns-2.0.04/debian/copyright 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/copyright 2011-12-30 16:02:50.000000000 +0000 @@ -1,24 +1,12 @@ -Format-Specification: http://anonscm.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=135 +Format-Specification: http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?view=markup&pathrev=135 Maintainer: Sam Trenholme Source: http://maradns.org Name: maradns Files: * -Copyright: 2002-2011, Sam Trenholme +Copyright: 2002-2010, Sam Trenholme License: BSD -Files: build/fix.bang.path, deadwood-*/tools/mkSecretTxt.c, - dns/Compress_rrdescs.h, [and others or portions thereof. Check for yourself!] -License: public domain -X-Comment: The public domain files in the source generally include small -utilities, such as the code for NanoDNS which is copied multiple times -across the documentation. Anyone wishing to use the public domain status -of a given file should check carefully for themselves the status of a given -file. They would however be safe in using it under the main package copyright -and license. Notice also that some files such as those in rng/*, are in the -public domain but have been copyrighted, licensed and modified by the upstream -author. - Files: debian/resolvconf-script Copyright: 2006, Martin F. Krafft License: Artistic @@ -26,11 +14,11 @@ Files: debian/* Copyright: 2004-2010 Kai Hendry - 2011-2012, Nicholas Bamber + 2011, Nicholas Bamber License: BSD License: BSD - Copyright (c) 2002-2011 Sam Trenholme and others + Copyright (c) 2002-2010 Sam Trenholme and others . TERMS . diff -Nru maradns-2.0.04/debian/duende.install maradns-2.0.04+really1.4.09/debian/duende.install --- maradns-2.0.04/debian/duende.install 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/duende.install 2011-12-30 16:02:50.000000000 +0000 @@ -1,2 +1 @@ tools/duende usr/sbin -debian/copyright usr/share/doc/duende diff -Nru maradns-2.0.04/debian/IPv6-status maradns-2.0.04+really1.4.09/debian/IPv6-status --- maradns-2.0.04/debian/IPv6-status 2012-01-06 23:16:50.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/IPv6-status 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -authoritative listening on ::1 -============================== -Try this config fragment: -ipv4_bind_addresses = "127.0.0.3" -ipv6_bind_address="::1" - -zone server listening on ::1 -============================ -does not seem to work - -deadwood server listening on ::1 -================================ -Set bind_address and recursive_acl -Must resolve port conflict with maradns manually - -deadwood handling AAAA records -============================== -Works: host -6 -t AAAA www.comcast6.net localhost - -maradns handling AAAA records -============================= -Works - -zoneserver handling AAAA records - not tested -askmara talking to ::1 - not tested -askmara-tcp talking to ::1 - not tested -fetchzone - not tested -bind2csv2 - not tested diff -Nru maradns-2.0.04/debian/Makefile.freebsd maradns-2.0.04+really1.4.09/debian/Makefile.freebsd --- maradns-2.0.04/debian/Makefile.freebsd 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/Makefile.freebsd 1970-01-01 00:00:00.000000000 +0000 @@ -1,84 +0,0 @@ -# Server objects -SOBJECTS=server/MaraBigHash.o -# js_string library (buffer overflow resistant string library) objects -JOBJS=libs/JsStr.o libs/JsStrOS.o libs/JsStrCP.o -# MaraHash (assosciative array) library objects -MHOBJS=libs/MaraHash.o -# Parser objects -POBJECTS=parse/ParseMaraRc.o parse/ParseCsv1.o ../parse/ParseIpAcl.o -# DNS query processing library objects -DOBJECTS=dns/Queries.o dns/Compress.o dns/bobbit.o -# Secure random number generator objects -ROBJECTS=rng/rng-api-fst.o rng/rng-alg-fst.o -OBJECTS=$(JOBJS) $(MHOBJS) $(SOBJECTS) $(DOBJECTS) $(POBJECTS) $(DOBJECTS) $(ROBJECTS) -EXECS=server/maradns - -# Uncomment the following three lines to get this to compile on Solaris -# LDFLAGS=-lxnet -# CC=gcc $(LDFLAGS) -DSELECT_PROBLEM -# M="CC=$(CC)" -# These are currently unused, but will be needed again if we use flock() again -# CFLAGS=-I/usr/ucbinclude -# L="CC=$(CC) $(CFLAGS)" -# LDFLAGS=-L/usr/ucblib -lucb -lxnet -# end the Solaris section -# Non-Solaris version of "M" -M="VERSION=$(VERSION)" -Q="DEFINES=-DSELECT_PROBLEM" - -# FreeBSD needs some special flags to compile MaraDNS -CC="cc -O2 -Wall -pipe -D_THREAD_SAFE -pthread" -M=CC=$(CC) -V="VERSION=$(VERSION)" - -# Debug -D=$(M) DEBUG=-DDEBUG - -FLAGS = -O2 -Wall -DIPV6 -#FLAGS = -g - -all: - cd libs ; make $(M) ; cd ../dns ; make $(M) ; \ - cd ../rng ; make $(M) ; cd ../parse ; make $(M) ; \ - cd ../qual ; make $(M) ; cd ../server ; \ - make $(M) $(Q) COMPILED=\"$(COMPILED)\" $(V) ; \ - cd ../tools ; make $(M) ; \ - cd ../deadwood-*/src/ ; make FLAGS="-O2 -DIPV6"; \ - cd ../../tcp ; make $(M) $(V) ; cat ../00README.FIRST - -debug: - cd libs ; make $(D) DEBUG="-DDEBUG -DTHREADS" ; \ - cd ../dns ; make $(D) ; cd ../rng ; make $(D) ; \ - cd ../parse ; make $(D) ; cd ../qual ; make $(D) ; \ - cd ../server ; \ - make $(D) $(Q) COMPILED=\"$(COMPILED_DEBUG)\" ; \ - cd ../tools ; make $(D) ; \ - cd ../tcp ; make $(D) ; cat ../00README.FIRST - -clean: - rm -f $(OBJECTS) core $(EXECS) ; \ - cd dns ; make clean ; \ - cd ../libs ; make clean ; cd ../parse ; make clean ; \ - cd ../qual ; make clean ; \ - cd ../server ; make clean ; \ - cd ../test ; make clean ; \ - cd ../tools ; make clean ; \ - cd misc ; make clean ; \ - cd ../../utf8 ; make clean ; \ - cd ../tcp ; make clean ; \ - cd ../rng ; make clean ; \ - cd ../sqa ; make clean ; \ - cd ../deadwood-*/src ; make clean ; \ - # ; cd .. ; find . -type d | grep .deps | xargs rm -fr ; find . -name '*.o' | xargs rm - -strip: - cd server; strip maradns ; cd ../tcp ; \ - strip zoneserver getzone fetchzone ; \ - cd ../tools ; strip askmara - -install: - VERSION=$(VERSION) ./build/install.sh - -uninstall: - VERSION=$(VERSION) ./build/uninstall.sh - diff -Nru maradns-2.0.04/debian/maradns-deadwood.examples maradns-2.0.04+really1.4.09/debian/maradns-deadwood.examples --- maradns-2.0.04/debian/maradns-deadwood.examples 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/maradns-deadwood.examples 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -deadwood*/doc/dwood3rc -build/deadwood.startup diff -Nru maradns-2.0.04/debian/maradns-deadwood.install maradns-2.0.04+really1.4.09/debian/maradns-deadwood.install --- maradns-2.0.04/debian/maradns-deadwood.install 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/maradns-deadwood.install 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -deadwood*/src/deadwood usr/sbin/ diff -Nru maradns-2.0.04/debian/maradns-deadwood.manpages maradns-2.0.04+really1.4.09/debian/maradns-deadwood.manpages --- maradns-2.0.04/debian/maradns-deadwood.manpages 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/maradns-deadwood.manpages 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -deadwood*/doc/Deadwood.1 diff -Nru maradns-2.0.04/debian/maradns.doc-base maradns-2.0.04+really1.4.09/debian/maradns.doc-base --- maradns-2.0.04/debian/maradns.doc-base 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/maradns.doc-base 2011-12-30 16:02:50.000000000 +0000 @@ -0,0 +1,20 @@ +Document: maradns +Title: MaraDNS +Author: Nicholas Bamber +Abstract: MaraDNS tutorial and other documentation +Section: Network/Communication + +Format: HTML +Index: /usr/share/doc/maradns/tutorial/index.html +Files: /usr/share/doc/maradns/tutorial/*.html + +Format: Text +Files: + /usr/share/doc/maradns/faq.txt.gz + /usr/share/doc/maradns/credits.txt + /usr/share/doc/maradns/files.txt + /usr/share/doc/maradns/TODO.Debian + /usr/share/doc/maradns/README.FromUpstreamToDebian + /usr/share/doc/maradns/README.Debian + /usr/share/doc/maradns/misc/* + /usr/share/doc/maradns/questions/* diff -Nru maradns-2.0.04/debian/maradns.docs maradns-2.0.04+really1.4.09/debian/maradns.docs --- maradns-2.0.04/debian/maradns.docs 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/maradns.docs 2011-12-30 16:02:50.000000000 +0000 @@ -1 +1,7 @@ +doc/en/faq.txt +doc/en/credits.txt +doc/en/files.txt +doc/en/tutorial debian/TODO.Debian +debian/questions +doc/en/misc diff -Nru maradns-2.0.04/debian/maradns-docs.doc-base maradns-2.0.04+really1.4.09/debian/maradns-docs.doc-base --- maradns-2.0.04/debian/maradns-docs.doc-base 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/maradns-docs.doc-base 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -Document: maradns -Title: MaraDNS -Author: Nicholas Bamber -Abstract: MaraDNS tutorial and other documentation -Section: Network/Communication - -Format: HTML -Index: /usr/share/doc/maradns-docs/tutorial/tutorial.html -Files: /usr/share/doc/maradns-docs/tutorial/*.html - -Format: Text -Files: - /usr/share/doc/maradns-docs/faq.txt.gz - /usr/share/doc/maradns-docs/credits.txt - /usr/share/doc/maradns-docs/files.txt - /usr/share/doc/maradns-docs/README.FromUpstreamToDebian - /usr/share/doc/maradns-docs/misc/* - /usr/share/doc/maradns-docs/questions/* diff -Nru maradns-2.0.04/debian/maradns-docs.docs maradns-2.0.04+really1.4.09/debian/maradns-docs.docs --- maradns-2.0.04/debian/maradns-docs.docs 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/maradns-docs.docs 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -doc/en/faq.txt -doc/en/credits.txt -doc/en/files.txt -doc/en/tutorial -debian/questions -doc/en/misc diff -Nru maradns-2.0.04/debian/patches/changelog.patch maradns-2.0.04+really1.4.09/debian/patches/changelog.patch --- maradns-2.0.04/debian/patches/changelog.patch 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/changelog.patch 2011-12-31 17:38:21.000000000 +0000 @@ -0,0 +1,51 @@ +Origin: http://maradns,org/changelog.html +Last-Update: 2011-12-30 +Forwarded: yes +Subject: CHANGELOG not kept uptodate + We keep this uptodate from http://maradns.org/changelog.html +--- a/doc/en/changelog.txt ++++ b/doc/en/changelog.txt +@@ -1,4 +1,43 @@ + MaraDNS changelog ++ maradns-1.4.09: ++ ++ Hotfix: The hash randomization now has 31 bits of entropy, and the ++ hash does a fairly good job of choosing a random hash bucket again. ++ ++ (2011.12.30) ++ ++ maradns-1.4.08: ++ ++ Security hotfix: Hash randomization added to MaraDNS 1's recursive ++ resolver. MaraDNS 2 is not impacted (it's been using a randomized ++ hash since 2007). ++ ++ (2011.12.29) ++ ++ maradns-1.4.07: ++ ++ This is a legacy release of MaraDNS. All patches are backports of ++ MaraDNS 2.0 bug fixes. ++ ++ * A typo fix for fetchzone ++ * AXFR-over-UDP packets are now correctly marked "truncated" ++ * It is now possible to have the '/' in hostnames ++ * Fix for Debian bug #607739: Hostname shown when complaining ++ about DDIP issues ++ * AngelD's issue with zone transfers when there are a lot of ++ FQDN4 records fixed. ++ * Karim's issue with '/read' directive fixed ++ ++ (2011.11.11) ++ ++ maradns-1.4.06: ++ ++ This is a stable branch of MaraDNS. ++ ++ * Fix for CVE-2011-0520 ++ * Deadwood updated to 3.0.02 ++ ++ (2011.01.28) + + maradns-1.4.05: + diff -Nru maradns-2.0.04/debian/patches/config_pollution.patch maradns-2.0.04+really1.4.09/debian/patches/config_pollution.patch --- maradns-2.0.04/debian/patches/config_pollution.patch 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/config_pollution.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,72 +0,0 @@ -Author: Nicholas Bamber -Subject: Should not pollute /etc namespace - Moved all deadwood config files below /etc/maradns/deadwood -Forwarded: not-needed -Last-Update: 2011-12-21 ---- a/deadwood-3.0.05/src/DwMain.c -+++ b/deadwood-3.0.05/src/DwMain.c -@@ -66,7 +66,7 @@ - process_mararc(argv[2]); - } else { - #ifndef MINGW -- process_mararc("/etc/dwood3rc"); -+ process_mararc("/etc/maradns/deadwood/dwood3rc"); - #else /* MINGW */ - process_mararc("dwood3rc.txt"); - #endif /* MINGW */ ---- a/deadwood-3.0.05/doc/Deadwood.1 -+++ b/deadwood-3.0.05/doc/Deadwood.1 -@@ -68,13 +68,13 @@ - Deadwood has a single optional command line argument: The location - of the configuration file that Deadwood uses, specified with the "\-f" - flag. --If this is not defined, Deadwood uses the file "/etc/dwood3rc" as the -+If this is not defined, Deadwood uses the file "/etc/maradns/deadwood/dwood3rc" as the - configuration file. - .PP - In other words, invoking Deadwood as - .B "deadwood" - will cause Deadwood to --use /etc/dwood3rc as the configuration file; invoking Deadwood as -+use /etc/maradns/deadwood/dwood3rc as the configuration file; invoking Deadwood as - .B "deadwood -f foobar" - will cause Deadwood to use the file "foobar" - in the current working directory (the directory one is in when -@@ -649,7 +649,7 @@ - Where path/to/filename is the path to the file to be parsed like a - dwood3rc file. - .PP --All files must be in or under the directory /etc/deadwood/execfile. -+All files must be in or under the directory /etc/maradns/deadwood/execfile. - Filenames can only have lower-case letters and the underscore - character ("_"). Absolute paths are not allowed as the argument to - execfile; the filename can not start with a slash ("/") character. -@@ -657,7 +657,7 @@ - If there is a parse error in the file pointed to by execfile, Deadwood - will report the error as being on the line with the execfile command in - the main dwood3rc file. To find where a parse error is in the sub-file, --use something like "Deadwood \-f /etc/deadwood/execfile/filename" -+use something like "Deadwood \-f /etc/maradns/deadwood/execfile/filename" - to find the parse error in the offending file, where "filename" is the - file - to to parsed via execfile. -@@ -750,7 +750,7 @@ - #bind_address="::1" # We have optional IPv6 support - - # Directory we run program from (not used in Win32) --chroot_dir = "/etc/deadwood" -+chroot_dir = "/etc/maradns/deadwood" - - # The following upstream DNS servers are Google\(aqs - # (as of December 2009) public DNS servers. For ---- a/deadwood-3.0.05/src/DwMararc.h -+++ b/deadwood-3.0.05/src/DwMararc.h -@@ -76,7 +76,7 @@ - - #ifndef MINGW - /* Location of files we read when we run execfile("foo") */ --#define EXECFILE_DIR "/etc/deadwood/execfile/" -+#define EXECFILE_DIR "/etc/maradns/deadwood/execfile/" - #endif /* MINGW */ - - #ifdef MARARC_C diff -Nru maradns-2.0.04/debian/patches/deadwood_makefile.patch maradns-2.0.04+really1.4.09/debian/patches/deadwood_makefile.patch --- maradns-2.0.04/debian/patches/deadwood_makefile.patch 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/deadwood_makefile.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ -Author: Nicholas Bamber -Subject: deadwood source code corrupted during build - Also we don't like binaries with a capital in the name. -Forwarded: not-needed -Last-Update: 2011-09-17 ---- a/deadwood-3.0.05/src/Makefile -+++ b/deadwood-3.0.05/src/Makefile -@@ -20,7 +20,7 @@ - DwRecurse.o \ - DwDict.o - --all: Deadwood version.h -+all: deadwood version.h - - # Since some systems may not have /dev/urandom (Windows, *cough* *cough*), we - # keep a randomly generated prime around -@@ -30,12 +30,8 @@ - - clean: - rm -f Test DwMain DwTcp *.exe *.o a.out RandomPrime writehash_test* \ -- Deadwood foo* dw_cache DwHash DwCompress *stackdump \ -- core ; \ -- ./make.version.h ; if [ -e /dev/urandom ] ; \ -- then rm DwRandPrime.h ; \ -- cc RandomPrime.c ; ./a.out > DwRandPrime.h ; rm a.out \ -- ; fi -+ deadwood foo* dw_cache DwHash DwCompress *stackdump core -+ if [ -f DwRandPrime.h.bak ]; then mv DwRandPrime.h.bak DwRandPrime.h; fi - - version.h: - ./make.version.h -@@ -71,7 +67,7 @@ - $(CC) -O3 -o RandomPrime RandomPrime.c - - DwRandPrime.h: RandomPrime -- if [ -e /dev/urandom ] ; then ./RandomPrime > DwRandPrime.h ; fi -+ if [ -e /dev/urandom -a -f DwRandPrime.h ] ; then mv -f DwRandPrime.h DwRandPrime.h.bak ; ./RandomPrime > DwRandPrime.h ; fi - - DwHash.o: DwHash.c DwStr.h DwRandPrime.h DwHash.h - $(CC) $(FLAGS) -Wall -c -o DwHash.o DwHash.c -@@ -85,6 +81,6 @@ - Test: Test.c DwStr.o DwStr.h DwStr_functions.h $(OBJS) - $(CC) $(FLAGS) -Wall -o Test Test.c $(OBJS) - --Deadwood: DwMain.c $(OBJS) DwStr_functions.h version.h -- $(CC) $(FLAGS) -Wall -o Deadwood DwMain.c $(OBJS) -+deadwood: DwMain.c $(OBJS) DwStr_functions.h version.h -+ $(CC) $(FLAGS) -Wall -o deadwood DwMain.c $(OBJS) - diff -Nru maradns-2.0.04/debian/patches/debian.patch maradns-2.0.04+really1.4.09/debian/patches/debian.patch --- maradns-2.0.04/debian/patches/debian.patch 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/debian.patch 2011-12-30 16:02:50.000000000 +0000 @@ -2,7 +2,7 @@ Subject: Documentation needs to be updated to reflect Debian changes - bind2csv2.py changed to bind2csv2 Forwarded: not-needed -Last-Update: 2011-09-09 +Last-Update: 2011-06-02 --- a/doc/en/man/bind2csv2.1 +++ b/doc/en/man/bind2csv2.1 @@ -22,7 +22,7 @@ diff -Nru maradns-2.0.04/debian/patches/duende_getopt.patch maradns-2.0.04+really1.4.09/debian/patches/duende_getopt.patch --- maradns-2.0.04/debian/patches/duende_getopt.patch 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/duende_getopt.patch 2011-12-30 16:02:50.000000000 +0000 @@ -9,18 +9,18 @@ --restart_on_exit exit status, defaults to 8 Changed functionality Log helper chroots -Last-Update: 2011-09-15 + Consolidated waitpid calls to avoid race condition and ensure child reaping +Last-Update: 2011-06-30 Forwarded: yes --- a/tools/duende.c +++ b/tools/duende.c -@@ -40,12 +40,79 @@ +@@ -40,11 +40,78 @@ #include #include #include +#include +#include #include "../MaraDns.h" - #include /* strncasecmp */ int got_hup_signal = 0; int got_term_signal = 0; @@ -93,7 +93,7 @@ /* If we get a HUP signal set the flag so we can restart the MaraDNS child process */ void handle_hup() { -@@ -60,7 +127,7 @@ +@@ -59,7 +126,7 @@ /* Helper process which syslogs stuff from either MaraDNS' stdout or stderr. */ @@ -102,7 +102,7 @@ char out_buf[1024]; /* We can't use our signal handlers because fgets is blocking */ -@@ -68,30 +135,34 @@ +@@ -67,22 +134,35 @@ signal(SIGHUP,SIG_DFL); /* Open up the sys log */ @@ -120,20 +120,14 @@ + printf("%s directory required to exist\n",arguments->duende_chroot); exit(1); - } --/*#if ! (defined __CYGWIN__ || defined QNX || 1 == 2) -- if(chroot(DUENDE_CHROOT_DIR) != 0) { -- syslog(LOG_ALERT,"Can not chroot in %s",DUENDE_CHROOT_DIR); +- if(setuid(DUENDE_LOGGER_UID) != 0) { +- syslog(LOG_ALERT,"%s%d","Can not change UID to ",DUENDE_LOGGER_UID); + } +#if ! (defined __CYGWIN__ || defined QNX) + if (chroot(arguments->duende_chroot) != 0) { + syslog(LOG_ALERT,"Can not chroot to directory %s",arguments->duende_chroot); - printf("Fatal error logging; read syslog\n"); -- printf("%s directory required to exist\n",DUENDE_CHROOT_DIR); - exit(1); -- } --#endif *//* Chroot disabled -- breaks logging */ -- if(setuid(DUENDE_LOGGER_UID) != 0) { -- syslog(LOG_ALERT,"%s%d","Can not change UID to ",DUENDE_LOGGER_UID); ++ printf("Fatal error logging; read syslog\n"); ++ exit(1); + } +#endif + if(setgid(arguments->duende_gid) != 0) { @@ -148,10 +142,11 @@ exit(1); - } + } ++ /* Log both stdout and stderr */ dup2(stdout_fd,0); -@@ -103,7 +174,7 @@ +@@ -94,7 +174,7 @@ * an issue that can cause confusion */ syslog(LOG_ALERT,"%s",out_buf); #else /* __FreeBSD__ */ @@ -160,7 +155,7 @@ #endif /* __FreeBSD__ */ } -@@ -117,9 +188,9 @@ +@@ -108,9 +188,9 @@ a HUP signal. In either of these cases, restart the child daemon and the (if needed) logger process). Otherwise, exit */ @@ -172,7 +167,7 @@ kill(alive,SIGTERM); syslog(LOG_ALERT,"Child exited with status %d",exit_status); exit(WEXITSTATUS(exit_status)); -@@ -139,9 +210,9 @@ +@@ -130,9 +210,9 @@ kill(alive,SIGTERM); exit(2); } @@ -185,13 +180,14 @@ } /* The main process forks off the child. Right now, I will just have -@@ -155,21 +226,26 @@ +@@ -144,27 +224,33 @@ + + int main(int argc, char **argv) { int exit_status; ++ int check_pid; pid_t pid, log_pid; int stream1[2]; /* Used for piping */ - int exec_argv_offset = 1; /* Also used to determine PID writing */ - int wait_pid = -1; /* PID of exited child */ - - if(argv[0] == NULL || argv[1] == NULL) { - printf("Usage: duende (--pid=/path/to/file) [program] [arguments]\n"); + struct argument arguments; @@ -215,7 +211,7 @@ - if(!strncasecmp(argv[1],"--pid=",6)) { - if(argv[2] == NULL) { - printf( -- "Usage: duende (--pid=/path/to/file) [program] [arguments]\n"); +- "Usage: duende (--pid=/path/to/file) [program] [arguments]\n"); - exit(1); - } - exec_argv_offset = 2; @@ -224,7 +220,14 @@ /* Let children know that duende is running */ if(setenv("DUENDE_IS_RUNNING","1",0) != 0) { -@@ -185,17 +261,16 @@ + printf("FATAL: Unable to set environment variable\n"); + exit(1); +- } ++ } + + /* The parent immediately exits */ + if(fork() != 0) +@@ -174,17 +260,16 @@ setpgid(0,0); /* No longer visible in 'ps' without the 'auxw' argument */ /* Write our PID to a file if the user so desires us to */ @@ -247,7 +250,7 @@ /* Sysadmins expect HUP to reload, so we set that up */ signal(SIGHUP,handle_hup); signal(SIGTERM,handle_term); -@@ -203,73 +278,73 @@ +@@ -192,73 +277,77 @@ pid = 0; log_pid = 0; @@ -327,16 +330,17 @@ - } + } sleep(1); - wait_pid = waitpid(-1, &exit_status, WNOHANG); - if(wait_pid == pid) { /* If child ended */ +- if(waitpid(pid,&exit_status,WNOHANG) == pid) { /* If child ended */ - handle_child_exited(exit_status,log_pid,pid); ++ int wait_pid = waitpid(-1, &exit_status, WNOHANG); ++ if (wait_pid == pid) { /* If child ended */ + handle_child_exited(exit_status,log_pid,pid,arguments.restart_on_exit); close(stream1[0]); break; /* Out of the inner loop; re-start Mara */ - } + } /* If logger terminated */ -- if(wait_pid == log_pid) { +- if(waitpid(log_pid,&exit_status,WNOHANG) == log_pid) { - handle_child_exited(exit_status,pid,log_pid); + else if (wait_pid == log_pid) { + handle_child_exited(exit_status,pid,log_pid,arguments.restart_on_exit); @@ -344,6 +348,10 @@ break; /* Out of the inner loop; re-start Mara */ - } + } - /* Make sure to reap all children (reported and fixed by Nicholas - * Bamber in "ng" release of Duende; backported to "classic" - * Duende by Sam Trenholme */ ++ else if (wait_pid > 0) { ++ syslog(LOG_ALERT, "unexpected child reaped: %i", wait_pid); + } + } + } ++} + diff -Nru maradns-2.0.04/debian/patches/duende_pid.patch maradns-2.0.04+really1.4.09/debian/patches/duende_pid.patch --- maradns-2.0.04/debian/patches/duende_pid.patch 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/duende_pid.patch 2011-12-30 16:02:50.000000000 +0000 @@ -0,0 +1,72 @@ +Subject: --pid argument to create pid file for child process + This patch is being deployed by upstream and we want to keep + our changes compatible with upstream. +Author: Yarin +Origin: http://maradns.org +Last-Updated: 2011-06-13 +Reviewed-by: Nicholas Bamber +--- a/tools/duende.c ++++ b/tools/duende.c +@@ -146,10 +146,19 @@ + int exit_status; + pid_t pid, log_pid; + int stream1[2]; /* Used for piping */ ++ int exec_argv_offset = 1; /* Also used to determine PID writing */ + if(argv[0] == NULL || argv[1] == NULL) { +- printf("Usage: duende [program] [arguments]\n"); ++ printf("Usage: duende (--pid=/path/to/file) [program] [arguments]\n"); + exit(1); + } ++ if(!strncasecmp(argv[1],"--pid=",6)) { ++ if(argv[2] == NULL) { ++ printf( ++ "Usage: duende (--pid=/path/to/file) [program] [arguments]\n"); ++ exit(1); ++ } ++ exec_argv_offset = 2; ++ } + + /* Let children know that duende is running */ + if(setenv("DUENDE_IS_RUNNING","1",0) != 0) { +@@ -164,6 +173,18 @@ + /* The child becomes a full-fledged daemon */ + setpgid(0,0); /* No longer visible in 'ps' without the 'auxw' argument */ + ++ /* Write our PID to a file if the user so desires us to */ ++ if(exec_argv_offset == 2) { ++ FILE *fp_pid = fopen(argv[1] + 6,"w"); ++ if(!fp_pid) { ++ syslog(LOG_ALERT,"Fatal writing, to PID file, error\n"); ++ exit(1); ++ } ++ unsigned int local_pid = getpid(); ++ fprintf(fp_pid,"%u",local_pid); ++ fclose(fp_pid); ++ } ++ + /* Sysadmins expect HUP to reload, so we set that up */ + signal(SIGHUP,handle_hup); + signal(SIGTERM,handle_term); +@@ -193,10 +214,10 @@ + syslog(LOG_ALERT,"Fatal dup2 error 2"); + exit(5); + } +- argv[0] = argv[1]; +- execvp(argv[1],argv + 1); ++ argv[0] = argv[exec_argv_offset]; ++ execvp(argv[exec_argv_offset],argv + exec_argv_offset); + /* OK, not found */ +- printf("duende: %s: Command can't run, terminating\n",argv[1]); ++ printf("duende: %s: Command can't run, terminating\n",argv[exec_argv_offset]); + syslog(LOG_ALERT,"Command can't run, terminating\n"); + exit(1); + } +@@ -206,7 +227,7 @@ + log_pid = fork(); + if(log_pid == 0) { /* Child to syslog all of MaraDNS' output */ + argv[0] = "duende-log-helper"; +- log_helper(argv[1],stream1[0]); ++ log_helper(argv[exec_argv_offset],stream1[0]); + syslog(LOG_ALERT,"log_helper finished, terminating\n"); + exit(1); + } diff -Nru maradns-2.0.04/debian/patches/groff.patch maradns-2.0.04+really1.4.09/debian/patches/groff.patch --- maradns-2.0.04/debian/patches/groff.patch 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/groff.patch 2011-12-30 16:02:50.000000000 +0000 @@ -4,7 +4,7 @@ system from filesin the doc/en/source directory. Therefore really this needs to be fixed in the upstream 'ej' utility. It would be better to patch that and submit that patch upstream. -Last-Update: 2011-10-05 +Last-Update: 2011-05-28 Forwarded: no --- a/doc/en/man/askmara.1 +++ b/doc/en/man/askmara.1 @@ -205,7 +205,7 @@ .PP 11. What string library does MaraDNS use? .PP -@@ -439,7 +439,7 @@ +@@ -432,7 +432,7 @@ .PP .in -3 \fB10. After I start MaraDNS, I can not see the process when I run @@ -214,7 +214,7 @@ .PP Udp services do not have a prominent "LISTEN" when netstat is run. .PP -@@ -447,7 +447,7 @@ +@@ -440,7 +440,7 @@ like this: udp 0 0 127.0.0.1:53 0.0.0.0:* .PP @@ -223,7 +223,7 @@ on Linux and some other *nix operating systems, you can see the names of the processes which are providing internet services. -@@ -532,7 +532,7 @@ +@@ -539,7 +539,7 @@ * After editing, do something like this: .br @@ -232,7 +232,7 @@ .TP 2 * Make sure the modified version compiles cleanly -@@ -791,12 +791,12 @@ +@@ -794,12 +794,12 @@ will work in MaraDNS csv2 zone files as long as the double quotes (") are replaced by single quotes (\(aq). For example, a SPF TXT record that @@ -248,7 +248,36 @@ .PP .in -3 \fB30. I\(aqm having problems resolving CNAMES I have set up.\fR -@@ -999,7 +999,7 @@ +@@ -853,8 +853,8 @@ + .PP + In the case of there being a NS delegation, MaraDNS handles recursive + queries and non-recursive DNS queries differently. Basically, unless +-you use askmara with the -n option, dig with the +-+norecuse option, or nslookup with the -norec ++you use askmara with the \-n option, dig with the +++norecuse option, or nslookup with the \-norec + option, MaraDNS will try to recursively resolve the record that is + delegated. + .PP +@@ -900,7 +900,7 @@ + * + Askmara would be run thusly: + .PP +-askmara -n Awww.joe.example.com. 10.1.2.3 ++askmara \-n Awww.joe.example.com. 10.1.2.3 + .PP + .TP 2 + * +@@ -912,7 +912,7 @@ + * + Nslookup would be run thusly: + .PP +-nslookup -norec www.joe.example.com 10.1.2.3 ++nslookup \-norec www.joe.example.com 10.1.2.3 + .PP + .PP + This will allow you to see that packets MaraDNS actually sends to +@@ -1069,7 +1069,7 @@ .TP 2 * Change (or create) that line to look something like FLAGS=-O3 @@ -257,7 +286,7 @@ .TP 2 * Note that it is important to -@@ -1010,7 +1010,7 @@ +@@ -1080,7 +1080,7 @@ FLAGS=-O2 -Wall -DSELECT_PROBLEM and you want to compile at optimization level three, change this line to look like FLAGS=-O2 -Wall -DSELECT_PROBLEM retaining the flags @@ -266,13 +295,13 @@ is needed in the Linux compile or MaraDNS will have problems with freezing up. .PP -@@ -1149,7 +1149,7 @@ +@@ -1219,7 +1219,7 @@ + .TP 2 * - It is necessary to have recursion disabled, if using MaraDNS 1.4, - either --by compiling MaraDNS without recursive support (./configure --authonly -+by compiling MaraDNS without recursive support (./configure \-\-authonly - ; make), + It is necessary to have recursion disabled. This can be done either by +-compiling MaraDNS without recursive support (./configure --authonly ; ++compiling MaraDNS without recursive support (./configure \--authonly ; + make), or by making sure MaraDNS does not have recursion enabled (by not having --- a/doc/en/man/zoneserver.8 @@ -333,7 +362,7 @@ To render the \(aq~\(aq character, use the escape sequence \\x7e --- a/doc/en/man/csv2.5 +++ b/doc/en/man/csv2.5 -@@ -874,7 +874,7 @@ +@@ -862,7 +862,7 @@ # Starting with MaraDNS 1.2.08, there is also support for SPF records, # which are identical to TXT records. See RFC4408 for more details. @@ -376,68 +405,3 @@ .SH "BUGS" .PP ---- a/deadwood-3.0.05/doc/Deadwood.1 -+++ b/deadwood-3.0.05/doc/Deadwood.1 -@@ -22,7 +22,7 @@ - - .SH "NAME" - .PP --Deadwood - A fully recursive caching DNS resolver -+deadwood \- A fully recursive caching DNS resolver - .SH "DESCRIPTION" - .PP - Deadwood is a fully recursive DNS cache. This is a DNS server with -@@ -66,16 +66,16 @@ - .SH "COMMAND LINE ARGUMENTS" - .PP - Deadwood has a single optional command line argument: The location --of the configuration file that Deadwood uses, specified with the "-f" -+of the configuration file that Deadwood uses, specified with the "\-f" - flag. - If this is not defined, Deadwood uses the file "/etc/dwood3rc" as the - configuration file. - .PP - In other words, invoking Deadwood as --.B "Deadwood" -+.B "deadwood" - will cause Deadwood to - use /etc/dwood3rc as the configuration file; invoking Deadwood as --.B "Deadwood -f foobar" -+.B "deadwood -f foobar" - will cause Deadwood to use the file "foobar" - in the current working directory (the directory one is in when - starting Deadwood) as the configuration file. -@@ -657,7 +657,7 @@ - If there is a parse error in the file pointed to by execfile, Deadwood - will report the error as being on the line with the execfile command in - the main dwood3rc file. To find where a parse error is in the sub-file, --use something like "Deadwood -f /etc/deadwood/execfile/filename" -+use something like "Deadwood \-f /etc/deadwood/execfile/filename" - to find the parse error in the offending file, where "filename" is the - file - to to parsed via execfile. -@@ -671,7 +671,7 @@ - support: - - .nf -- export FLAGS=\(aq-Os -DIPV6\(aq -+ export FLAGS=\(aq-Os \-DIPV6\(aq - make - .fi - -@@ -821,7 +821,7 @@ - It is not clear whether the DNS RFCs allow ASCII control characters - in DNS names. Even if they were, Deadwood does not allow ASCII - control characters (bytes with a value less then 32) in DNS names. --Other characters (UTF-8, etc.) are allowed. -+Other characters (UTF\-8, etc.) are allowed. - .SH "LEGAL DISCLAIMER" - .PP - THIS SOFTWARE IS PROVIDED BY THE AUTHORS \(aq\(aqAS IS\(aq\(aq AND ANY -@@ -840,5 +840,5 @@ - .PP - Sam Trenholme (http://www.samiam.org) is - responsible for this program and man page. He appreciates all of --Jean-Jacques Sarton\(aqs help giving this program Ipv6 support. -+Jean\-Jacques Sarton\(aqs help giving this program Ipv6 support. - diff -Nru maradns-2.0.04/debian/patches/ipv6.patch maradns-2.0.04+really1.4.09/debian/patches/ipv6.patch --- maradns-2.0.04/debian/patches/ipv6.patch 2012-01-06 23:03:49.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/ipv6.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -Author: Nicholas Bamber -Subject: Build with IPV6 support -Forwarded: not-needed -Last-Update: 2011-12-22 ---- a/build/Makefile.linux -+++ b/build/Makefile.linux -@@ -28,7 +28,7 @@ - - # Debug - --FLAGS = -O2 -Wall -DSELECT_PROBLEM -+FLAGS = -O2 -Wall -DSELECT_PROBLEM -DIPV6 - M="CC=$(CC) $(FLAGS)" - D="CC=$(CC) $(FLAGS) -DDEBUG -DTHREADS" - #FLAGS = -g -@@ -39,7 +39,7 @@ - cd ../qual ; make $(M) ; cd ../server ; \ - make $(M) $(V) COMPILED=\"$(COMPILED)\" ; \ - cd ../tools ; make $(M) ; \ -- cd ../deadwood-*/src/ ; make FLAGS=-O2 ; \ -+ cd ../deadwood-*/src/ ; make FLAGS="-O2 -DIPV6"; \ - cd ../../tcp ; make $(M) $(V) ; cat ../00README.FIRST - - debug: diff -Nru maradns-2.0.04/debian/patches/makefile.patch maradns-2.0.04+really1.4.09/debian/patches/makefile.patch --- maradns-2.0.04/debian/patches/makefile.patch 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/makefile.patch 2011-12-30 16:02:50.000000000 +0000 @@ -8,10 +8,10 @@ The debian/rules also plays its part by backing and restoring the header file and by explcitly mentioning Makefiles as required. Forwarded: not-needed -Last-Update: 2011-09-09 +Last-Update: 2011-02-02 --- a/build/Makefile.linux +++ b/build/Makefile.linux -@@ -53,12 +53,10 @@ +@@ -52,12 +52,10 @@ clean: rm -f $(OBJECTS) core $(EXECS) ; \ @@ -25,3 +25,130 @@ cd ../tools ; make clean ; \ cd misc ; make clean ; \ cd ../../utf8 ; make clean ; \ +--- a/server/Makefile ++++ b/server/Makefile +@@ -1,11 +1,13 @@ +-SOBJECTS=MaraBigHash.o recursive.o timestamp.o read_kvars.o MaraAnyChain.o ++SOBJECTS=MaraBigHash.o recursive.o timestamp.o read_kvars.o MaraAnyChain.o \ ++ udpsuccess.o + JOBJS=../libs/JsStr.o ../libs/JsStrOS.o ../libs/JsStrCP.o + MHOBJS=../libs/MaraHash.o + MJOBJS=../qual/qual_timestamp.o ++POBJ6=../parse/Csv2_rr_wks.o + POBJ5=../parse/Csv2_database.o ../parse/Csv2_rr_txt.o ../parse/Csv2_esc_txt.o + POBJ3=../parse/Csv2_rr_soa.o ../parse/Csv2_rr_aaaa.o ../parse/Csv2_rr_a.o + POBJ2=../parse/Csv2_read.o ../parse/Csv2_main.o ../parse/Csv2_parse.o $(POBJ3) +-POBJ4=../parse/ParseIpAcl.o ../parse/Parse_ipv6.o $(POBJ2) ++POBJ4=../parse/ParseIpAcl.o ../parse/Parse_ipv6.o $(POBJ2) $(POBJ6) + POBJECTS=../parse/ParseMaraRc.o ../parse/ParseCsv1.o $(POBJ4) $(POBJ5) + DOBJECTS=../dns/Queries.o ../dns/Compress.o ../dns/bobbit.o ../dns/Decompress.o + ROBJECTS=../rng/rng-api-fst.o ../rng/rng-alg-fst.o +@@ -46,6 +48,9 @@ + MaraAnyChain.o: MaraAnyChain.c + $(CC) -c $(FLAGS) -o MaraAnyChain.o MaraAnyChain.c + ++udpsuccess.o: udpsuccess.c ++ $(CC) -c $(FLAGS) -o udpsuccess.o udpsuccess.c ++ + maradns: MaraDNS.c $(OBJECTS) MaraDNS_locale.h + $(CC) $(FLAGS) -DVERSION=\"$(VERSION)\" -DCOMPILED=\"$(COMPILED)\" -o maradns MaraDNS.c $(OBJECTS) -lpthread + +--- a/qual/Makefile ++++ b/qual/Makefile +@@ -2,9 +2,6 @@ + JOBJS=../libs/JsStr.o ../libs/JsStrOS.o ../libs/JsStrCP.o + OBJECTS=$(DOBJECTS) + +-#FLAGS = -g -Wall $(DEBUG) +-#FLAGS = -g $(DEBUG) +- + all: qual_timestamp.o + + clean: +--- a/tcp/Makefile ++++ b/tcp/Makefile +@@ -2,10 +2,11 @@ + MJOBJS=../qual/qual_timestamp.o + MHOBJS=../libs/MaraHash.o + DOBJECTS=../dns/Queries.o ../dns/Compress.o ../dns/bobbit.o ../dns/Decompress.o ++POBJ6=../parse/Csv2_rr_wks.o + POBJ5=../parse/Csv2_database.o ../parse/Csv2_rr_txt.o ../parse/Csv2_esc_txt.o + POBJ3=../parse/Csv2_rr_soa.o ../parse/Csv2_rr_aaaa.o ../parse/Csv2_rr_a.o + POBJ2=../parse/Csv2_read.o ../parse/Csv2_main.o ../parse/Csv2_parse.o $(POBJ3) +-POBJ4=../parse/ParseIpAcl.o ../parse/Parse_ipv6.o $(POBJ2) ++POBJ4=../parse/ParseIpAcl.o ../parse/Parse_ipv6.o $(POBJ2) $(POBJ6) + POBJECTS=../parse/ParseMaraRc.o ../parse/ParseCsv1.o $(POBJ4) $(POBJ5) + OBJECTS=../parse/ParseCsv1.o ../parse/ParseMaraRc.o ../parse/ParseIpAcl.o + SOBJECTS=../server/timestamp.o ../server/MaraBigHash.o ../server/read_kvars.o \ +@@ -16,7 +17,7 @@ + $(TCPOBJS) + EXECS=getzone zoneserver fetchzone + +-FLAGS = -g -Wall $(DEBUG) ++#FLAGS = -g -Wall $(DEBUG) + #FLAGS = -g $(DEBUG) + + all: $(EXECS) +--- a/dns/Makefile ++++ b/dns/Makefile +@@ -3,7 +3,7 @@ + MHOBJS=../libs/MaraHash.o + OBJECTS=$(DOBJECTS) $(JOBJS) $(MHOBJS) + +-FLAGS = -g -Wall $(DEBUG) ++#FLAGS = -g -Wall $(DEBUG) + #FLAGS = -g $(DEBUG) + + all: Queries.o Compress.o bobbit.o Decompress.o +--- /dev/null ++++ b/tools/Makefile +@@ -0,0 +1,34 @@ ++JOBJS=../libs/JsStr.o ../libs/JsStrOS.o ../libs/JsStrCP.o ++MHOBJS=../libs/MaraHash.o ++DOBJECTS=../dns/Queries.o ../dns/Compress.o ../dns/bobbit.o ../dns/Decompress.o ++SOBJECTS=../server/timestamp.o ++OUTOBJ=../parse/Csv2_esc_txt.o ++OBJECTS=$(JOBJS) $(MHOBJS) $(DOBJECTS) $(SOBJECTS) ++ROBJECTS=../rng/rng-alg-fst.o ../rng/rng-api-fst.o ++POBJECTS=../parse/ParseCsv1.o ../parse/ParseMaraRc.o ++Q=$(ROBJECTS) $(POBJECTS) ++EXECS=askmara askmara-tcp strip.control benchmark duende ++ ++#FLAGS = -g $(DEBUG) ++#FLAGS = -g $(DEBUG) ++ ++all: $(EXECS) ++ ++clean: ++ rm -f core $(EXECS) *.exe ++ ++askmara: askmara.c askmara_labels_en.h $(OBJECTS) $(Q) $(OUTOBJ) ++ $(CC) $(FLAGS) -o askmara askmara.c $(OBJECTS) $(Q) $(OUTOBJ) ++ ++askmara-tcp: askmara-tcp.c askmara_labels_en.h $(OBJECTS) $(ROBJECTS) $(POBJECTS) ++ $(CC) $(FLAGS) -o askmara-tcp askmara-tcp.c $(OBJECTS) $(ROBJECTS) $(POBJECTS) ++ ++benchmark: benchmark.c askmara_labels_en.h $(OBJECTS) $(POBJECTS) ++ $(CC) $(FLAGS) -o benchmark benchmark.c $(OBJECTS) $(POBJECTS) ++ ++duende: duende.c ++ $(CC) $(FLAGS) -o duende duende.c ++ ++strip.control: strip.control.c ++ $(CC) $(FLAGS) -o strip.control strip.control.c ++ +--- a/build/Makefile.freebsd ++++ b/build/Makefile.freebsd +@@ -56,11 +56,10 @@ + + clean: + rm -f $(OBJECTS) core $(EXECS) ; \ +- cp build/Makefile.w Makefile ; cd dns ; make clean ; \ ++ cd dns ; make clean ; \ + cd ../libs ; make clean ; cd ../parse ; make clean ; \ + cd ../qual ; make clean ; \ + cd ../server ; make clean ; \ +- cp Makefile.recursive Makefile ; \ + cd ../test ; make clean ; \ + cd ../tools ; make clean ; \ + cd misc ; make clean ; \ diff -Nru maradns-2.0.04/debian/patches/series maradns-2.0.04+really1.4.09/debian/patches/series --- maradns-2.0.04/debian/patches/series 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/series 2011-12-30 16:02:50.000000000 +0000 @@ -2,9 +2,8 @@ spelling.patch groff.patch debian.patch +duende_pid.patch duende_getopt.patch duende_man.patch -deadwood_makefile.patch askmara-tcp.patch -config_pollution.patch -ipv6.patch +changelog.patch diff -Nru maradns-2.0.04/debian/patches/spelling.patch maradns-2.0.04+really1.4.09/debian/patches/spelling.patch --- maradns-2.0.04/debian/patches/spelling.patch 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/patches/spelling.patch 2011-12-30 16:02:50.000000000 +0000 @@ -1,7 +1,7 @@ Author: Nicholas Bamber Subject: Spelling errors Forwarded: yes -Last-Update: 2011-09-09 +Last-Update: 2011-02-02 --- a/parse/ParseMaraRc.c +++ b/parse/ParseMaraRc.c @@ -997,7 +997,7 @@ @@ -24,6 +24,17 @@ #define L_EQUAL_AFTER "Equals sign after variable value" #define L_UNEXPECTED_CHAR "Unexpected character near end of line" #define L_JSCREATE_FATAL "Fatal error creating js_string" +--- a/server/recursive.c ++++ b/server/recursive.c +@@ -1316,7 +1316,7 @@ + if(rlog_level >= 4) { + log_lock(); + show_timestamp(); +- printf("Sucessfully added "); ++ printf("Successfully added "); + show_esc_stdout(query); + printf(" to cache at %p\n",data); + log_unlock(); --- a/sqa/regressions/mararc_n_verbose_level/example.good.output +++ b/sqa/regressions/mararc_n_verbose_level/example.good.output @@ -153,7 +153,7 @@ diff -Nru maradns-2.0.04/debian/README.source maradns-2.0.04+really1.4.09/debian/README.source --- maradns-2.0.04/debian/README.source 2012-01-06 23:11:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/README.source 2011-11-18 09:23:28.000000000 +0000 @@ -1,5 +1,3 @@ -quilt/dpkg issues -================= Since dpkg version 1.16.1 I have found problems with the sequence dpkg-buildpackage -us -uc @@ -21,12 +19,3 @@ quilt pop -a However other options are discussed in the now archived bug report: #643043. - -quilt/deadwood issues -===================== -There are patches applied to the directory deadwood-*. This is a bit awkward. -Applying the following sed command fixes it: - - sed -i -e's/deadwood-[old version]/deadwood-[new version]/' debian/patches/*.patch - -This needs to be done everytime the deadwood version is updated. diff -Nru maradns-2.0.04/debian/rules maradns-2.0.04+really1.4.09/debian/rules --- maradns-2.0.04/debian/rules 2012-01-11 22:57:58.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/rules 2011-12-30 16:02:50.000000000 +0000 @@ -3,13 +3,12 @@ UNAME:=$(shell uname -s) DATE:=$(shell date) COMPILED:="${UNAME} system at ${DATE}" -VERSION:= $(shell dpkg-parsechangelog -l$(CURDIR)/debian/changelog | grep ^Version | cut -d" " -f2) +VERSION:=${shell cat debian/changelog | head -1 | sed -e's/^maradns (//' | sed -e's/-[[:digit:]]\+) \w\+; .*//' } ifeq ($(UNAME),Linux) MAKEFILE:=build/Makefile.linux else - MAKEFILE:=debian/Makefile.freebsd + MAKEFILE:=build/Makefile.freebsd endif -DOC:=maradns-docs PKG:=maradns TMP:=$(CURDIR)/debian/$(PKG) @@ -23,9 +22,6 @@ override_dh_auto_test: -override_dh_clean: - dh_clean -XMaraDNS - override_dh_auto_clean: make -f $(MAKEFILE) clean @@ -40,12 +36,7 @@ override_dh_installdocs: dh_installdocs -XMakefile -X00index.html -Xmake.index -Xjs-manpages -Xvim.cheatsheet - -override_dh_installdocs-indep: - cp README.Debian $(CURDIR)/debian/$(DOC)/usr/share/doc/$(DOC)/README.FromUpstreamToDebian - mkdir $(CURDIR)/debian/$(DOC)/usr/share/doc/$(DOC)/deadwood - cp deadwood-*/doc/internals/* $(CURDIR)/debian/$(DOC)/usr/share/doc/$(DOC)/deadwood - cp deadwood-*/doc/FAQ.txt $(CURDIR)/debian/$(DOC)/usr/share/doc/$(DOC)/deadwood + cp README.Debian $(TMP)/usr/share/doc/$(PKG)/README.FromUpstreamToDebian override_dh_compress: dh_compress -Xexamples @@ -53,7 +44,3 @@ override_dh_installexamples: dh_installexamples -XMakefile -override_dh_installman: - dh_installman - cd $(CURDIR)/debian/maradns-deadwood/usr/share/man/man1/ && mv Deadwood.1 deadwood.1 && cd - - diff -Nru maradns-2.0.04/debian/source/lintian-overrides maradns-2.0.04+really1.4.09/debian/source/lintian-overrides --- maradns-2.0.04/debian/source/lintian-overrides 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/source/lintian-overrides 2011-12-30 16:02:50.000000000 +0000 @@ -1,3 +1,3 @@ -# We will keep the copyright format at +# Maradns policy is that the copyright format be kept at # this version until the standard is finalized. -maradns source: unknown-copyright-format-uri http://anonscm.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=135 +maradns source: out-of-date-copyright-format-uri http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?view=markup&pathrev=135 diff -Nru maradns-2.0.04/debian/TODO.Debian maradns-2.0.04+really1.4.09/debian/TODO.Debian --- maradns-2.0.04/debian/TODO.Debian 2012-01-02 08:43:40.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/TODO.Debian 2011-12-31 11:09:23.000000000 +0000 @@ -15,9 +15,12 @@ #607739 (DDIP error messages) #639675 (fetchzone typo) +2.0.03-1 Experimental release of MaraDNS 2.0 + Will be useable if you can craft your own config + files and init scripts. + 1.4.09-1 New upstream release #653419 - bash incompatibility - #653838 - entropy source 1.4.09-2 config file bug #636158 - Need a new approach to the construction of the @@ -28,12 +31,9 @@ of a nightmare without fixing this first. #635254 - TCP failure -2.0.04-1 Experimental release of MaraDNS 2.0 - Will be useable if you can craft your own config - files and init scripts. - -2.0.04-2 Move to MaraDNS 2.0 +2.0.03-1 Move to MaraDNS 2.0 #525188 (CNAME AAAA) + #573970 (include statement) #477787 (IP6) #612229 (ITP) - bind2csv2 seems sort of flaky @@ -43,6 +43,4 @@ I don't have time to play with resolvconf at the moment. So #608946 is tagged help and wontfix. -I also I have taken #573970 (include statement) off my radar for the moment. - -updated = 02-01-2012 +updated = 21-11-2011 diff -Nru maradns-2.0.04/debian/watch maradns-2.0.04+really1.4.09/debian/watch --- maradns-2.0.04/debian/watch 2012-01-05 16:17:10.000000000 +0000 +++ maradns-2.0.04+really1.4.09/debian/watch 2011-12-30 16:07:56.000000000 +0000 @@ -1,3 +1,6 @@ version=3 -http://maradns.org/download/(\d[\d\.]+)/ maradns-(\d[\d\.]+)\.tar\.(?:gz|bz2)$ -http://maradns.org/download.html .*/maradns-(\d[\d\.]+)\.tar\.(?:gz|bz2)$ +http://maradns.org/download/1.4/(1\.\d[\d\.]+)/ maradns-(1\.\d[\d\.]+)\.tar\.(?:gz|bz2)$ +http://maradns.org/download/1.4/ maradns-(1\.\d[\d\.]+)\.tar\.(?:gz|bz2)$ +http://maradns.org/download.html .*/maradns-(1\.\d[\d\.]+)\.tar\.(?:gz|bz2)$ + + diff -Nru maradns-2.0.04/dns/Makefile maradns-2.0.04+really1.4.09/dns/Makefile --- maradns-2.0.04/dns/Makefile 2010-09-09 20:21:09.000000000 +0000 +++ maradns-2.0.04+really1.4.09/dns/Makefile 2005-12-20 10:10:40.000000000 +0000 @@ -3,7 +3,8 @@ MHOBJS=../libs/MaraHash.o OBJECTS=$(DOBJECTS) $(JOBJS) $(MHOBJS) -FLAGS = -DAUTHONLY +FLAGS = -g -Wall $(DEBUG) +#FLAGS = -g $(DEBUG) all: Queries.o Compress.o bobbit.o Decompress.o diff -Nru maradns-2.0.04/dns/Makefile.recursive maradns-2.0.04+really1.4.09/dns/Makefile.recursive --- maradns-2.0.04/dns/Makefile.recursive 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/dns/Makefile.recursive 2006-01-02 16:59:33.000000000 +0000 @@ -0,0 +1,25 @@ +DOBJECTS=Queries.o Compress.o bobbit.o Decompress.o +JOBJS=../libs/JsStr.o ../libs/JsStrOS.o ../libs/JsStrCP.o +MHOBJS=../libs/MaraHash.o +OBJECTS=$(DOBJECTS) $(JOBJS) $(MHOBJS) + +#FLAGS = -g -Wall $(DEBUG) +#FLAGS = -g $(DEBUG) + +all: Queries.o Compress.o bobbit.o Decompress.o + +clean: + rm -f Queries.o Compress.o bobbit.o Decompress.o + +Queries.o: Queries.c ../libs/JsStr.h ../libs/MaraHash.h ../MaraDns.h + $(CC) -c $(FLAGS) -o Queries.o Queries.c + +Compress.o: Compress.c ../libs/JsStr.h ../libs/MaraHash.h ../MaraDns.h + $(CC) -c $(FLAGS) -o Compress.o Compress.c + +Decompress.o: Decompress.c ../libs/JsStr.h ../libs/MaraHash.h ../MaraDns.h + $(CC) -c $(FLAGS) -o Decompress.o Decompress.c + +bobbit.o: bobbit.c ../libs/JsStr.h ../libs/MaraHash.h ../MaraDns.h + $(CC) -c $(FLAGS) -o bobbit.o bobbit.c + diff -Nru maradns-2.0.04/doc/en/changelog.txt maradns-2.0.04+really1.4.09/doc/en/changelog.txt --- maradns-2.0.04/doc/en/changelog.txt 2011-11-12 08:25:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/changelog.txt 2011-11-11 22:58:35.000000000 +0000 @@ -1,107 +1,14 @@ MaraDNS changelog - maradns-2.0.04: - - This is a stable release of MaraDNS. - - * AngelD's issue with zone transfers when there are a lot of - FQDN4 records fixed. - * Karim's issue with '/read' directive fixed - - (2011.11.12) - - maradns-1.4.07: - - This is a legacy release of MaraDNS. All patches are backports - of MaraDNS 2.0 bug fixes. - - * A typo fix for fetchzone - * AXFR-over-UDP packets are now correctly marked "truncated" - * It is now possible to have the '/' in hostnames - * Fix for Debian bug #607739: Hostname shown when - complaining about DDIP issues - * AngelD's issue with zone transfers when there are a lot of - FQDN4 records fixed. - * Karim's issue with '/read' directive fixed - - (2011.11.11) - - maradns-2.0.03: - - This is a stable release of MaraDNS. - - * Deadwood updated to Deadwood 3.0.03 - * ANY queries that do not fit in 512 bytes are now properly - truncated - * RFC2317 hostnames with slash characters ('/') are now - supported - * MaraDNS is now fully installed when 'make install' is - invoked (at least on CentOS 5) - * DDIP MX problem records now show hostname - * Correct handling of IXFR and AXFR requests sent over UDP - (the UDP server now always marks these as being truncated) - * Documentation updates - * Give information on how to RTFM (correct manpage pointed - out) if a csv2 file doesn't parse - * Added support for --pid=/path/to/file to Duende (courtesy - Yarin) - * ipv6 fixes applied - * Courtesy of Nicholas Bamber, Duende should now reap all - children (as long as they don't need a KILL/9 signal to - exit) - * Updates to the SQA regressions - * MaraDNS 2.0 tarball is now xz compressed; MaraDNS 2.0 - Windows binary is now provided. - - (2011.08.05) - - maradns-2.0.02: - - This is a stable branch of MaraDNS. - - * Documentation updates - * Applied Corey's patch that fixes a typo in fetchzone.c - * Applied Yarin's patch that makes the "install.locations" - script more flexible. - * I have adapted Yarin's patch that makes email addresses - like 'john\.doe@example.com' possible in SOA records. - * Updated an error message that stated we were running - MaraDNS 1.2 (now says 2.0) - * Updated the copyright statement to have the year 2011 - * Deadwood updated to 3.0.02 - * Fix for CVE-2011-0520 - - (2011.02.05) - - maradns-1.4.06: + maradns-1.4.05: - This is a stable branch of MaraDNS. + This is the stable branch of MaraDNS. * Fix for CVE-2011-0520 * Deadwood updated to 3.0.02 (2011.01.28) - maradns-2.0.01: - - This is a stable branch of MaraDNS. - - * MaraDNS build process modified to compile without any - recursion; recursion is now supplied by Deadwood. - - (2010.09.28) - - maradns-1.4.05: - - This is a stable branch of MaraDNS. - - * Deadwood updated to the stable 3.0.01 release. - * MicroDNS now returns "not implemented" when given an EDNS - packet - * FAQ updated. - - (2010.09.25) - maradns-1.4.04: This is the stable branch of MaraDNS. diff -Nru maradns-2.0.04/doc/en/examples/example_full_mararc maradns-2.0.04+really1.4.09/doc/en/examples/example_full_mararc --- maradns-2.0.04/doc/en/examples/example_full_mararc 2011-02-06 02:21:42.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/examples/example_full_mararc 2008-03-24 15:52:33.000000000 +0000 @@ -19,6 +19,14 @@ maradns_uid = 99 # The (optional) numeric GID MaraDNS will run as # maradns_gid = 99 +# The maximum number of threads (or processes, with the zone server) +# MaraDNS is allowed to run +maxprocs = 96 +# It is possible to specify a different maximum number of processes that +# the zone server can run. If this is not set, the maximum number of +# processes that the zone server can have defaults to the 'maxprocs' value +# above +# max_tcp_procs = 64 # Normally, MaraDNS has some MaraDNS-specific features, such as DDIP # synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org." @@ -30,6 +38,12 @@ # indistinguishable from a tinydns server. no_fingerprint = 0 +# Normally, MaraDNS only returns A and MX records when given a +# QTYPE=* (all RR types) query. Changing the value of default_rrany_set +# to 15 causes MaraDNS to also return the NS and SOA records, which +# some registrars require. The default value of this is 3 +default_rrany_set = 3 + # These constants limit the number of records we will display, in order # to help keep packets 512 bytes or smaller. This, combined with round_robin # record rotation, help to use DNS as a crude load-balancer. @@ -52,6 +66,32 @@ # 3: All queries logged (but not very verbosely right now) verbose_level = 1 +# Initialize the IP aliases, which are used by the list of root name servers, +# the ACL for zone transfers, and the ACL of who gets to perform recursive +# queries +ipv4_alias = {} + +# Various sets of root name servers +# Note: Netmasks can exist, but are ignored when specifying root name server + +# ICANN: the most common and most controversial root name server +# http://www.icann.org +# This list can be seen at http://www.root-servers.org/ +ipv4_alias["icann"] = "198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," +ipv4_alias["icann"] += "192.203.230.10, 192.5.5.241, 192.112.36.4," +ipv4_alias["icann"] += "128.63.2.53, 192.36.148.17, 192.58.128.30," +ipv4_alias["icann"] += "193.0.14.129, 199.7.83.42, 202.12.27.33" + +# OpenNIC: http://www.opennic.unrated.net/ +# Current as of 2005/11/30; these servers change frequently so please +# look at their web page +ipv4_alias["opennic"] = "157.238.46.24, 209.104.33.250, 209.104.63.249," +ipv4_alias["opennic"] += "130.94.168.216, 209.21.75.53, 64.114.34.119," +ipv4_alias["opennic"] += "207.6.128.246, 167.216.255.199, 62.208.181.95," +ipv4_alias["opennic"] += "216.87.153.98, 216.178.136.116" + +# End of list of root name server lists + # Here is a ACL which restricts who is allowed to perform zone transfer from # the zoneserver program @@ -62,3 +102,110 @@ # by the "zoneserver" program. #zone_transfer_acl = "10.1.1.1/24, 10.100.100.100/255.255.255.224" +# More complex: We create two aliases: One called "office" and another +# called "home". We allow anyone in the office or at home to perform zone +# transfers +#ipv4_alias["office"] = "10.1.1.1/24" +#ipv4_alias["home"] = "10.100.100.100/255.255.255.224" +#zone_transfer_acl = "office, home" + +# More complex then the last example. We have three employees, +# Susan, Becca, and Mia, whose computers we give zone transfer rights to. +# Susan and Becca are system administrators, and Mia is a developer. +# They are all part of the company. We give the entire company zone +# transfer access +#ipv4_alias["susan"] = "10.6.7.8/32" # Single IP allowed +#ipv4_alias["becca"] = "10.7.8.9" # also a single IP +#ipv4_alias["mia"] = "10.8.9.10/255.255.255.255" # Also a single IP +#ipv4_alias["sysadmins"] = "susan, becca" +#ipv4_alias["devel"] = "mia" +#ipv4_alias["company"] = "sysadmins, devel" +# This is equivalent to the above line +#ipv4_alias["company"] = "susan, becca, mia" +#zone_transfer_acl = "company" + +# If you want to enable recursion on the loopback interface, uncomment +# the relevant lines in the following section + +# Recursive ACL: Who is allowed to perform recursive queries. The format +# is identical to that of "zone_transfer_acl", including ipv4_alias support + +#ipv4_alias["localhost"] = "127.0.0.0/8" +#recursive_acl = "localhost" + +# Random seed file: The file from which we read 16 bytes from to get the +# 128-bit random Rijndael key. This is ideally a file which is a good source +# of random numbers, but can also be a fixed file if your OS does not have +# a decent random number generator (make sure the contents of that file is +# random and with 600 perms, owned by root, since we read the file *before* +# dropping root privileges) + +#random_seed_file = "/dev/urandom" + +# The maximum number of elements we can have in the cache. If we have more +# elements in the cache than this amount, the "custodian" kicks in to effect, +# removing elements not recently accessed from the cache (8 elements removed +# per query) until we are at the 99% level or so again. + +#maximum_cache_elements = 1024 + +# It is possible to change the minimal "time to live" for entries in the +# cache; this is the minimum time that an entry will stay in the cache. +# Value is in seconds; default is 300 (5 minutes) +#min_ttl = 300 +# CNAME records generally take more effort to resolve in MaraDNS than +# non-CNAME records; it is a good idea to make this higher then min_ttl +# default value is to be the same as min_ttl +#min_ttl_cname = 900 + +# The root servers which we use when making recursive queries. + +# The following line must be uncommented to enable custom root servers +# for recursive queries +#root_servers = {} + +# You can choose which set of root servers to use. Current values (set above) +# are: icann, osrc, alternic, opennic, pacificroot, irsc, tinc, and +# superroot. +#root_servers["."] = "icann" + +# If you prefer to contact other recursive DNS servers instead of the ICANN +# root servers, this is done with the upstream_servers mararc variable: +#upstream_servers["."] = "192.168.0.1, 192.168.0.2" + +# You can tell MaraDNS to *not* query certain DNS servers when in recursive +# mode. This is mainly used to not allow spam-friendly domains to resolve, +# since spammers are starting to get in the habit of using spam-friendly +# DNS servers to resolve their domains, allowing them to hop from ISP to +# ISP. The format of this is the same as for zone_transfer_acl and +# recursive_acl + +# For example, at the time of this document (August 12, 2001), azmalink.net +# is a known spam-friendly DNS provider (see doc/detailed/spammers/azmalink.net +# for details.) Note that this is based on IPs, and azmalink.net constantly +# changes IPs (as they constantly have to change ISPs) +# 2002/10/12: Azmalink changed ISP again, this reflect their current ISP +ipv4_alias["azmalink"] = "12.164.194.0/24" + +# As of September 20, 2001, hiddenonline.net is a known spam-friendly +# DNS provider (see doc/detailed/spammers/hiddenonline for details). +ipv4_alias["hiddenonline"] = "65.107.225.0/24" +spammers = "azmalink,hiddenonline" + +# It is also possible to change the maximum number of times MaraDNS will +# follow a CNAME record or a NS record with a glue A record. The default +# value for this is ten. +#max_glueless_level = 10 +# In addition, one can change the maximum number of total queries that +# MaraDNS will perform to look up a host name. The default value is 32. +#max_queries_total = 32 +# In addition, one can change the amount of time that MaraDNS will wait +# for a DNS server to respond before giving up and trying the next DNS +# server on a list. Note that, the larger this value is, the slower +# MaraDNS will process recursive queries when a DNS server is not +# responding to DNS queries. The default value is two seconds. +#timeout_seconds = 2 + + +# And that does it for the caching at this point + diff -Nru maradns-2.0.04/doc/en/examples/example_mararc maradns-2.0.04+really1.4.09/doc/en/examples/example_mararc --- maradns-2.0.04/doc/en/examples/example_mararc 2010-09-27 22:35:57.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/examples/example_mararc 2005-11-30 21:06:29.000000000 +0000 @@ -33,3 +33,6 @@ # The directory with all of the zone files chroot_dir = "/etc/maradns" +# If you want to enable recursion on the loopback interface, uncomment +# the following line: +#recursive_acl = "127.0.0.1/8" diff -Nru maradns-2.0.04/doc/en/examples/example_recursive_mararc.txt maradns-2.0.04+really1.4.09/doc/en/examples/example_recursive_mararc.txt --- maradns-2.0.04/doc/en/examples/example_recursive_mararc.txt 2011-02-06 02:21:42.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/examples/example_recursive_mararc.txt 2008-03-24 15:52:33.000000000 +0000 @@ -1,6 +1,8 @@ -# Example simplified dwood3rc file. -# This only shows a subset of Deadwood's features needed to be an -# recursive name server. +# Example simplified mararc file. +# This only shows a subset of MaraDNS' features needed to be an +# recursive name server. Look at +# doc/detailed/example_full_mararc for an example showing most of the features +# that MaraDNS has. # Note that any line starting with a '#' character is a comment, which # means the line is ignored by the MaraDNS parser. Comments are used to diff -Nru maradns-2.0.04/doc/en/faq.html maradns-2.0.04+really1.4.09/doc/en/faq.html --- maradns-2.0.04/doc/en/faq.html 2011-02-06 02:21:41.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/faq.html 2011-11-11 22:58:35.000000000 +0000 @@ -1,6 +1,6 @@ - + @@ -158,25 +158,18 @@

1. I'm using an older version of MaraDNS

-Upgrade to MaraDNS 1.4 or MaraDNS 2.0. MaraDNS 1.4 is compatible with -older versions of MaraDNS, with the relatively few changes need to upgrade +Upgrade to MaraDNS 1.4. MaraDNS 1.4 is compatible with older versions +of MaraDNS, with the relatively few changes need to upgrade documented.

-Use MaraDNS 2.0 if there are any issues using MaraDNS 1.4 to recursively -resolve records (via recursive_acl); the recursive resolver -in MaraDNS 1.4 is deprecated and only critical security issues are fixed -with it. MaraDNS 2.0 uses the separate daemon Deadwood to recursively -resolve records. - -

- MaraDNS 1.0 and 1.2 are only supported for critical security updates, and will no longer be supported on December 21, 2010. MaraDNS 1.3 is also only supported for critical security updates, and support will stop on December -21, 2012. MaraDNS 1.4 and MaraDNS 2.0 are both fully supported (security -and other important bug fixes) for the foreseeable future. +21, 2012. MaraDNS 1.4 will be fully supported (security and other important +bug fixes) for the foreseeable future, alongside MaraDNS 2.0 when and if +it comes out. @@ -281,10 +274,10 @@ -

8. I am on a slow network, and Deadwood can not process recursive +

8. I am on a slow network, and MaraDNS can not process recursive queries

-Deadwood, by default, only waits two seconds for a reply from a remote +MaraDNS, by default, only waits two seconds for a reply from a remote DNS server. This default can be increased by adding a line like this in the mararc file: @@ -345,22 +338,35 @@

12. Why does MaraDNS use a multi-threaded model?

-

MaraDNS 2.0 no longer uses threads. +

The multi-threaded model is, plain and simple, the simplest way to write +a functioning recursive DNS server. There is a reason why MaraDNS, pdnsd, and +BIND 9 all use the multi-threaded model. -

The multi-threaded model was the simplest way to write -a functioning recursive DNS server for MaraDNS 1.0. There is a reason -why MaraDNS, pdnsd, and BIND 9 all use the multi-threaded model. - -

It took me nearly three years to rewrite MaraDNS' recursive resolver -as a separate non-threaded daemon. This has been done, and now all recursion -is done with Deadwood which does not need threads. +

MaraDNS 2.0, when and if it is released, will not use threads.

13. I feel that XXX feature should be added to MaraDNS

-There are no plans to add new features to MaraDNS or Deadwood at -this time. +The only thing that will convince me to implement a given feature for +MaraDNS is cold, hard cash. If you want me to keep a given feature +proprietary, you better have lots of cold hard cash. +

+The only feature I will implement for free is to finish up full +recursion in Deadwood, including IPv6 support. I have no +plans to implement DNS curve, nor DNSsec, +Geo IP, or whatever feature you want me to implement for fun and for free. +

+Keep in mind that both the BIND and NSD name servers were +developed by having the programmers paid to work on the programs. +PowerDNS was originally commercial software with the author only +reluctantly made GPL after seeing that the market +for a commercial DNS server is very small. All of the other DNS servers +which have been developed as hobbyist projects (Posadis, Pdnsd, and djbdns) +are no longer being actively worked on by the primary developer. +

@@ -422,11 +428,10 @@

The zoneserver program serves zones so that other DNS servers can be secondaries for zones which MaraDNS serves. This is a separate -program from the maradns server, which processes -authoritative UDP DNS queries, and Deadwood which processes recursive -DNS queries. +program from the maradns server, which processes both +authoritative and recursive UDP DNS queries. -

See the DNS +

See the DNS master document in the MaraDNS tutorial for details. @@ -435,9 +440,10 @@

Yes. -

Please read the +

Please read the DNS slave document, which is part of the MaraDNS tutorial. +

18. What is the difference between an authoritative and a recursive DNS @@ -445,14 +451,12 @@ A recursive DNS server is a DNS server that is able to contact other DNS servers in order to resolve a given domain name label. This is the kind -of DNS server one points to in /etc/resolve.conf. MaraDNS uses -the Deadwood daemon to process recursive DNS queries. +of DNS server one points to in /etc/resolve.conf

An authoritative DNS server is a DNS server that a recursive server -contacts in order to find out the answer to a given DNS query. The -maradns daemon processes authoritative DNS queries. +contacts in order to find out the answer to a given DNS query. @@ -561,23 +565,22 @@

26. I am having problems setting upstream_servers

-upstream_servers is only supported by Deadwood, and is no -longer supported in MaraDNS 2.0. - -The upstream_servers dwood3rc variable is set thusly: +The upstream_servers mararc variable is set thusly:
upstream_servers["."] = "10.3.28.79, 10.2.19.83"
-Note the ["."]. +Note the ["."]. The reason for this is so future versions +of MaraDNS may have more fine-grained control over the +upstream_servers and root_servers values.

Note that the upstream_servers variable needs to be initialized before being used via upstream_servers = {} (the reason for this -is so that a dwood3rc file has 100% Python-compatible syntax). A complete -dwood3rc file that uses upstream_servers may look like this: +is so that a mararc file has 100% Python-compatible syntax). A complete +mararc file that uses upstream_servers may look like this: 

 ipv4_bind_addresses = "127.0.0.1"
@@ -717,8 +720,71 @@
 
31. I have a NS delegation, and MaraDNS is doing
     strange things.

 
-This is only an issue in MaraDNS 1.4.  MaraDNS 2.0 does not allow
-the same IP to both authoritatively and recursively resolve records.
+In the case of there being a NS delegation, MaraDNS handles recursive
+queries and non-recursive DNS queries differently.  Basically, unless
+you use askmara with the -n option, dig with the 
++norecuse option, or nslookup with the -norec
+option, MaraDNS will try to recursively resolve the record that is 
+delegated.
+
+

+
+The thinking is this: A normal recursive DNS query is usually one 
+where one wants to know the final DNS output.  So, if MaraDNS
+delegates a given record to another DNS server, and gets a recursive
+request for said query, MaraDNS will recursively resolve the query
+for you.
+
+

+
+For example, let us suppose we have a mararc file that looks
+like this:
+
+
+chroot_dir = "/etc/maradns"
+ipv4_bind_addresses = "10.1.2.3"
+chroot_dir = "/etc/maradns"
+recursive_acl = "127.0.0.1/8, 10.0.0.0/8"
+csv2 = {}
+csv2["example.com."] = "db.example.com"
+

+
+And a db.example.com file that looks like this:
+
+
+www.example.com. 	10.1.2.3
+joe.example.com. 	NS ns.joe.example.com.
+ns.joe.example.com.	A 10.1.2.4
+

+
+Next, you are trying to find out why www.joe.example.com is not
+resolving.  If you naively send a query to 10.1.2.3 for www.joe.example.com
+as askmara Awww.joe.example.com. 10.1.2.3 or as
+dig @10.1.2.3 www.joe.example.com. or as 
+nslookup www.joe.example.com. 10.1.2.3, you will not
+get any information that will help you solve the problem, since 10.1.2.3
+will try to contact 10.1.2.4 to resolve www.joe.example.com.
+
+

+
+The solution is to run your DNS query client thusly:
+
+
    
+
  • Askmara would be run thusly: 
+
    askmara -n Awww.joe.example.com. 10.1.2.3
    
+
  • Dig would be run thusly: 
+
    dig +norecurse @10.1.2.3 www.joe.example.com
    
+
  • Nslookup would be run thusly: 
+
    nslookup -norec www.joe.example.com 10.1.2.3
    
+

+
+This will allow you to see that packets MaraDNS actually sends to
+a recursive DNS server.
+
+

+
+As an aside, this particular problem will not happen if MaraDNS is
+run only as an authoritative nameserver.
 
  
 
@@ -782,9 +848,9 @@
  
 
33. Where is the root.hints file?

 
-MaraDNS (actually, Deadwood), unlike BIND, does not need a complicated 
-root.hints file in order to have custom root servers.  In order to change 
-the root.hints file, add something like this to your dwood3rc file:
+MaraDNS, unlike BIND, does not need a complicated root.hints file in
+order to have custom root servers.  In order to change the root.hints
+file, add something like this to your mararc file:
 
 
 root_servers["."] =  "131.161.247.232,"
@@ -802,7 +868,8 @@
 
34. Are there any plans to use autoconf to build
     MaraDNS?

 
-No.  
+No.  OK, let me qualify that: I won't do it unless you pay
+me enough money.
 

 
 In more detail, MaraDNS does not use autoconf for the following reasons:
@@ -871,7 +938,8 @@
 
36. Will you make a package for the particular Linux
     distribution I am using?

 
-No.  
+No.  OK, let me qualify that: I won't do it unless you pay
+me enough money.
 

 
 There is, however, a CentOS 5-compatible RPM spec file in the build directory.
@@ -989,17 +1057,17 @@
 
 
    
 
-
  •  MaraDNS version 1.4 or 2.0 needs to be used; if you're using an
+
  •  MaraDNS version 1.4 needs to be used; if you're using an
 older version of MaraDNS, upgrade.
 
-
  •  It is necessary to have recursion disabled, if using MaraDNS 1.4, either 
-by compiling MaraDNS without recursive support (./configure --authonly ; make),
+
  •  It is necessary to have recursion disabled.  This can be done either by
+compiling MaraDNS without recursive support (./configure --authonly ; make),
 or by making sure MaraDNS does not have recursion enabled (by not having
-recursive_acl set in one's MaraDNS 1.4 mararc file)
+recursive_acl set in one's mararc file)
 
 

 
-If one wishes to both register domains with AFNIC and use MaraDNS 1.4 as a
+If one wishes to both register domains with AFNIC and use MaraDNS as a
 recursive DNS server, it is required to have the recursive server be a
 separate instance of MaraDNS on a separate IP.  It is not possible to have
 the same DNS server both send DNS packets in a way that both makes AFNIC
@@ -1019,8 +1087,8 @@
 
 
43. I can't see the full answers for subdomains I have delegated

 
-To have the subdomains be visible to MaraDNS 1.4 recursive nameservers, 
-add the following to your mararc file:
+To have the subdomains be visible to recursive nameservers, add the following
+to your mararc file:
 

 recurse_delegation = 1
 
@@ -1028,7 +1096,7 @@
 
 
44. MaraDNS 1 has a problem resolving a domain

 
-This issue should be fixed in MaraDNS 2.0.  
+This issue should be fixed when I release MaraDNS 2.0.  
 
 

 
@@ -1039,7 +1107,7 @@
 

 
 The new recursive resolver is called "Deadwood"; right now it's fully
-functional and part of MaraDNS 2.0.  More information is here:
+functional and undergoing beta-testing.  More information is here:
 

 http://maradns.blogspot.com/search/label/Deadwood
 

@@ -1047,8 +1115,13 @@
 

 Since the old recursive code is a bit difficult to maintain, and since I
 in the process of rewriting the recursive code, my rule is that I will only
-resolve security issues with MaraDNS 1.0's recursive resolver.
+resolve security issues with MaraDNS 1.0's recursive resolver without
+getting paid.
+

+If resolving a given domain with MaraDNS' code is an urgent issue
+for you, please consider helping beta-test Deadwood, or sponsoring MaraDNS:
 

+http://www.maradns.org/products.html
 
  
 
45. MaraDNS 1.2 has issues with NXDOMAINS and case sensitivity.

@@ -1062,7 +1135,7 @@
 

 
 If this is an issue for your organization, please upgrade to a newer
-version of MaraDNS; MaraDNS 1.4 and 2.0 do not have
+version of MaraDNS; MaraDNS 1.4 does not have
 this bug.  If you want to see this bug fixed in MaraDNS 1.2, please
 help sponsor MaraDNS.
 
diff -Nru maradns-2.0.04/doc/en/faq.txt maradns-2.0.04+really1.4.09/doc/en/faq.txt
--- maradns-2.0.04/doc/en/faq.txt	2011-02-06 02:21:41.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/faq.txt	2011-11-11 22:58:34.000000000 +0000
@@ -135,22 +135,17 @@
 
 1. I'm using an older version of MaraDNS
 
-   Upgrade to MaraDNS 1.4 or MaraDNS 2.0. MaraDNS 1.4 is compatible
-   with older versions of MaraDNS, with the relatively few changes
-   need to upgrade documented.
-
-   Use MaraDNS 2.0 if there are any issues using MaraDNS 1.4 to
-   recursively resolve records (via recursive_acl); the recursive
-   resolver in MaraDNS 1.4 is deprecated and only critical security
-   issues are fixed with it. MaraDNS 2.0 uses the separate daemon
-   Deadwood to recursively resolve records.
+   Upgrade to MaraDNS 1.4. MaraDNS 1.4 is compatible with older
+   versions of MaraDNS, with the relatively few changes need to
+   upgrade documented.
 
    MaraDNS 1.0 and 1.2 are only supported for critical security
    updates, and will no longer be supported on December 21, 2010.
    MaraDNS 1.3 is also only supported for critical security
    updates, and support will stop on December 21, 2012. MaraDNS 1.4
-   and MaraDNS 2.0 are both fully supported (security and other
-   important bug fixes) for the foreseeable future.
+   will be fully supported (security and other important bug fixes)
+   for the foreseeable future, alongside MaraDNS 2.0 when and if it
+   comes out.
 
 2. How do I try out MaraDNS?
 
@@ -230,10 +225,10 @@
    intervention of an ISP, being able to control reverse DNS
    lookups for those IPs requires ISP intervention.
 
-8. I am on a slow network, and Deadwood can not process recursive
+8. I am on a slow network, and MaraDNS can not process recursive
 queries
 
-   Deadwood, by default, only waits two seconds for a reply from a
+   MaraDNS, by default, only waits two seconds for a reply from a
    remote DNS server. This default can be increased by adding a
    line like this in the mararc file:
 
@@ -278,22 +273,32 @@
 
 12. Why does MaraDNS use a multi-threaded model?
 
-   MaraDNS 2.0 no longer uses threads.
+   The multi-threaded model is, plain and simple, the simplest way
+   to write a functioning recursive DNS server. There is a reason
+   why MaraDNS, pdnsd, and BIND 9 all use the multi-threaded model.
 
-   The multi-threaded model was the simplest way to write a
-   functioning recursive DNS server for MaraDNS 1.0. There is a
-   reason why MaraDNS, pdnsd, and BIND 9 all use the multi-threaded
-   model.
-
-   It took me nearly three years to rewrite MaraDNS' recursive
-   resolver as a separate non-threaded daemon. This has been done,
-   and now all recursion is done with Deadwood which does not need
-   threads.
+   MaraDNS 2.0, when and if it is released, will not use threads.
 
 13. I feel that XXX feature should be added to MaraDNS
 
-   There are no plans to add new features to MaraDNS or Deadwood at
-   this time.
+   The only thing that will convince me to implement a given
+   feature for MaraDNS is cold, hard cash. If you want me to keep a
+   given feature proprietary, you better have lots of cold hard
+   cash.
+
+   The only feature I will implement for free is to finish up full
+   recursion in Deadwood, including IPv6 support. I have no
+   plans to implement DNS curve, nor DNSsec, Geo IP, or
+   whatever feature you want me to implement for fun and for free.
+
+   Keep in mind that both the BIND and NSD name servers were
+   developed by having the programmers paid to work on the
+   programs. PowerDNS was originally commercial software with the
+   author only reluctantly made GPL after seeing that the market
+   for a commercial DNS server is very small. All of the other DNS
+   servers which have been developed as hobbyist projects (Posadis,
+   Pdnsd, and djbdns) are no longer being actively worked on by the
+   primary developer.
 
 14. I feel that MaraDNS should use another documentation format
 
@@ -342,9 +347,8 @@
 
    The zoneserver program serves zones so that other DNS servers
    can be secondaries for zones which MaraDNS serves. This is a
-   separate program from the maradns server, which processes
-   authoritative UDP DNS queries, and Deadwood which processes
-   recursive DNS queries.
+   separate program from the maradns server, which processes both
+   authoritative and recursive UDP DNS queries.
 
    See the DNS master document in the MaraDNS tutorial for
    details.
@@ -362,12 +366,11 @@
    A recursive DNS server is a DNS server that is able to contact
    other DNS servers in order to resolve a given domain name label.
    This is the kind of DNS server one points to in
-   /etc/resolve.conf. MaraDNS uses the Deadwood daemon to process
-   recursive DNS queries.
+   /etc/resolve.conf
 
    An authoritative DNS server is a DNS server that a recursive
    server contacts in order to find out the answer to a given DNS
-   query. The maradns daemon processes authoritative DNS queries.
+   query.
 
 19. The fetchzone client isn't allowing me to add certain hostnames to
 my zone
@@ -454,18 +457,18 @@
 
 26. I am having problems setting upstream_servers
 
-   upstream_servers is only supported by Deadwood, and is no longer
-   supported in MaraDNS 2.0. The upstream_servers dwood3rc variable
-   is set thusly:
+   The upstream_servers mararc variable is set thusly:
 
      upstream_servers["."] = "10.3.28.79, 10.2.19.83"
 
-   Note the ["."].
+   Note the ["."]. The reason for this is so future versions of
+   MaraDNS may have more fine-grained control over the
+   upstream_servers and root_servers values.
 
    Note that the upstream_servers variable needs to be initialized
    before being used via upstream_servers = {} (the reason for this
-   is so that a dwood3rc file has 100% Python-compatible syntax). A
-   complete dwood3rc file that uses upstream_servers may look like
+   is so that a mararc file has 100% Python-compatible syntax). A
+   complete mararc file that uses upstream_servers may look like
    this:
 
  ipv4_bind_addresses = "127.0.0.1"
@@ -580,9 +583,62 @@
 
 31. I have a NS delegation, and MaraDNS is doing strange things.
 
-   This is only an issue in MaraDNS 1.4. MaraDNS 2.0 does not allow
-   the same IP to both authoritatively and recursively resolve
-   records.
+   In the case of there being a NS delegation, MaraDNS handles
+   recursive queries and non-recursive DNS queries differently.
+   Basically, unless you use askmara with the -n option, dig with
+   the +norecuse option, or nslookup with the -norec option,
+   MaraDNS will try to recursively resolve the record that is
+   delegated.
+
+   The thinking is this: A normal recursive DNS query is usually
+   one where one wants to know the final DNS output. So, if MaraDNS
+   delegates a given record to another DNS server, and gets a
+   recursive request for said query, MaraDNS will recursively
+   resolve the query for you.
+
+   For example, let us suppose we have a mararc file that looks
+   like this:
+
+ chroot_dir = "/etc/maradns"
+ ipv4_bind_addresses = "10.1.2.3"
+ chroot_dir = "/etc/maradns"
+ recursive_acl = "127.0.0.1/8, 10.0.0.0/8"
+ csv2 = {}
+ csv2["example.com."] = "db.example.com"
+
+   And a db.example.com file that looks like this:
+
+ www.example.com.        10.1.2.3
+ joe.example.com.        NS ns.joe.example.com.
+ ns.joe.example.com.     A 10.1.2.4
+
+   Next, you are trying to find out why www.joe.example.com is not
+   resolving. If you naively send a query to 10.1.2.3 for
+   www.joe.example.com as askmara Awww.joe.example.com. 10.1.2.3 or
+   as dig @10.1.2.3 www.joe.example.com. or as nslookup
+   www.joe.example.com. 10.1.2.3, you will not get any information
+   that will help you solve the problem, since 10.1.2.3 will try to
+   contact 10.1.2.4 to resolve www.joe.example.com.
+
+   The solution is to run your DNS query client thusly:
+
+     * Askmara would be run thusly:
+
+       askmara -n Awww.joe.example.com. 10.1.2.3
+
+     * Dig would be run thusly:
+
+       dig +norecurse @10.1.2.3 www.joe.example.com
+
+     * Nslookup would be run thusly:
+
+       nslookup -norec www.joe.example.com 10.1.2.3
+
+   This will allow you to see that packets MaraDNS actually sends
+   to a recursive DNS server.
+
+   As an aside, this particular problem will not happen if MaraDNS
+   is run only as an authoritative nameserver.
 
 32. I am transferring a zone from another server, but the NS records
 are these strange "synth-ip" records.
@@ -630,10 +686,10 @@
 
 33. Where is the root.hints file?
 
-   MaraDNS (actually, Deadwood), unlike BIND, does not need a
-   complicated root.hints file in order to have custom root
-   servers. In order to change the root.hints file, add something
-   like this to your dwood3rc file:
+   MaraDNS, unlike BIND, does not need a complicated root.hints
+   file in order to have custom root servers. In order to change
+   the root.hints file, add something like this to your mararc
+   file:
 
  root_servers["."] =  "131.161.247.232,"
  root_servers["."] += "208.185.249.250,"
@@ -647,7 +703,8 @@
 
 34. Are there any plans to use autoconf to build MaraDNS?
 
-   No.
+   No. OK, let me qualify that: I won't do it unless you pay me
+   enough money.
 
    In more detail, MaraDNS does not use autoconf for the following
    reasons:
@@ -711,7 +768,8 @@
 36. Will you make a package for the particular Linux distribution I am
 using?
 
-   No.
+   No. OK, let me qualify that: I won't do it unless you pay me
+   enough money.
 
    There is, however, a CentOS 5-compatible RPM spec file in the
    build directory.
@@ -808,19 +866,19 @@
    domain with AFNIC using MaraDNS as your DNS server, the
    following steps need to be followed:
 
-     * MaraDNS version 1.4 or 2.0 needs to be used; if you're using
-       an older version of MaraDNS, upgrade.
-     * It is necessary to have recursion disabled, if using MaraDNS
-       1.4, either by compiling MaraDNS without recursive support
+     * MaraDNS version 1.4 needs to be used; if you're using an
+       older version of MaraDNS, upgrade.
+     * It is necessary to have recursion disabled. This can be done
+       either by compiling MaraDNS without recursive support
        (./configure --authonly ; make), or by making sure MaraDNS
        does not have recursion enabled (by not having recursive_acl
-       set in one's MaraDNS 1.4 mararc file)
+       set in one's mararc file)
 
    If one wishes to both register domains with AFNIC and use
-   MaraDNS 1.4 as a recursive DNS server, it is required to have
-   the recursive server be a separate instance of MaraDNS on a
-   separate IP. It is not possible to have the same DNS server both
-   send DNS packets in a way that both makes AFNIC happy and allows
+   MaraDNS as a recursive DNS server, it is required to have the
+   recursive server be a separate instance of MaraDNS on a separate
+   IP. It is not possible to have the same DNS server both send DNS
+   packets in a way that both makes AFNIC happy and allows
    recursive queries.
 
    Note also: AFNIC gives warnings about reverse DNS lookups; more
@@ -832,22 +890,22 @@
 
 43. I can't see the full answers for subdomains I have delegated
 
-   To have the subdomains be visible to MaraDNS 1.4 recursive
-   nameservers, add the following to your mararc file:
+   To have the subdomains be visible to recursive nameservers, add
+   the following to your mararc file:
 
    recurse_delegation = 1
 
 44. MaraDNS 1 has a problem resolving a domain
 
-   This issue should be fixed in MaraDNS 2.0.
+   This issue should be fixed when I release MaraDNS 2.0.
 
    Here's what happening: I have rewritten the recursive resolver
    for MaraDNS. The old code was always designed to be a
    placeholder until I wrote a new recursive resolver.
 
    The new recursive resolver is called "Deadwood"; right now it's
-   fully functional and part of MaraDNS 2.0. More information is
-   here:
+   fully functional and undergoing beta-testing. More information
+   is here:
 
    http://maradns.blogspot.com/search/label/Deadwood
 
@@ -856,7 +914,13 @@
    Since the old recursive code is a bit difficult to maintain, and
    since I in the process of rewriting the recursive code, my rule
    is that I will only resolve security issues with MaraDNS 1.0's
-   recursive resolver.
+   recursive resolver without getting paid.
+
+   If resolving a given domain with MaraDNS' code is an urgent
+   issue for you, please consider helping beta-test Deadwood, or
+   sponsoring MaraDNS:
+
+   http://www.maradns.org/products.html
 
 45. MaraDNS 1.2 has issues with NXDOMAINS and case sensitivity.
 
@@ -867,9 +931,9 @@
    a mail transport agent asks for a name in all caps.
 
    If this is an issue for your organization, please upgrade to a
-   newer version of MaraDNS; MaraDNS 1.4 and 2.0 do not have this
-   bug. If you want to see this bug fixed in MaraDNS 1.2, please
-   help sponsor MaraDNS.
+   newer version of MaraDNS; MaraDNS 1.4 does not have this bug. If
+   you want to see this bug fixed in MaraDNS 1.2, please help
+   sponsor MaraDNS.
 
 46. Can MaraDNS offer protection from phishing and malicious sites?
 
diff -Nru maradns-2.0.04/doc/en/man/askmara.1 maradns-2.0.04+really1.4.09/doc/en/man/askmara.1
--- maradns-2.0.04/doc/en/man/askmara.1	2010-09-27 22:36:06.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/askmara.1	2008-03-24 15:52:32.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Mon Sep 27 15:36:06 2010
+.\" Last updated Mon Mar 24 09:52:32 2008
 .\"
 .TH ASKMARA 1 "askmara" "January 2002" "askmara"
 .\" We don't want hyphenation (it's too ugly)
diff -Nru maradns-2.0.04/doc/en/man/bind2csv2.1 maradns-2.0.04+really1.4.09/doc/en/man/bind2csv2.1
--- maradns-2.0.04/doc/en/man/bind2csv2.1	2010-09-27 22:36:08.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/bind2csv2.1	2008-03-24 15:52:33.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Mon Sep 27 15:36:07 2010
+.\" Last updated Mon Mar 24 09:52:33 2008
 .\"
 .TH BIND2CSV2 1 "September 2007" MARADNS "MaraDNS reference"
 .\" We don't want hyphenation (it's too ugly)
diff -Nru maradns-2.0.04/doc/en/man/csv1.5 maradns-2.0.04+really1.4.09/doc/en/man/csv1.5
--- maradns-2.0.04/doc/en/man/csv1.5	2010-09-27 22:36:07.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/csv1.5	2008-03-24 15:52:32.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Mon Sep 27 15:36:07 2010
+.\" Last updated Mon Mar 24 09:52:32 2008
 .\"
 .TH CSV1 5 "January 2002" MARADNS "MaraDNS reference"
 .\" We don't want hyphenation (it's too ugly)
diff -Nru maradns-2.0.04/doc/en/man/csv2.5 maradns-2.0.04+really1.4.09/doc/en/man/csv2.5
--- maradns-2.0.04/doc/en/man/csv2.5	2011-02-06 02:21:42.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/csv2.5	2010-07-31 07:17:12.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Sat Feb  5 19:21:41 2011
+.\" Last updated Sat Jul 31 00:17:11 2010
 .\"
 .TH CSV2 5 "January 2007" MARADNS "MaraDNS reference"
 .\" We don't want hyphenation (it's too ugly)
@@ -224,18 +224,6 @@
 x.org. SOA x.org. email@x.org. 1 7200 3600 604800 1800 ~
 .fi
 
-If there is a \(aq.\(aq (dot) character in the part of the email
-address before
-the \(aq@\(aq, it needs to be escaped thusly:
-
-.nf
-x.org. SOA x.org. john\\.doe@x.org. 1 7200 3600 604800 1800 ~
-.fi
-
-Note that the csv2 parser will not allow more than one dot in a row;
-\(aqjohn\\.\\.doe@x.org\(aq will cause a parse error. In addition, the
-dot character must be escaped with a backslash.
-.PP
 The serial numeric field may be replaced by the string \(aq/serial\(aq;
 this
 string tells the CSV2 zone parser to synthesize a serial number for the
@@ -864,7 +852,7 @@
 mail.% +86400 IN A 10.22.23.24 ~
 
 # We even have a bit of ipv6 support
-a.example.net. 		aaaa 	fd4d:6172:6144:4e53:1:2:3::4:f ~
+a.example.net. 		aaaa 	3ffe:ffff:1:2:3::4:f ~
 
 # Not to mention support for SRV records
 _http._tcp.%    srv   0 0 80 a.% ~
diff -Nru maradns-2.0.04/doc/en/man/csv2_txt.5 maradns-2.0.04+really1.4.09/doc/en/man/csv2_txt.5
--- maradns-2.0.04/doc/en/man/csv2_txt.5	2010-09-27 22:36:07.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/csv2_txt.5	2008-03-24 15:52:33.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Mon Sep 27 15:36:07 2010
+.\" Last updated Mon Mar 24 09:52:32 2008
 .\"
 .TH CSV2_TXT 5 "January 2007" MARADNS "MaraDNS reference"
 .\" We don't want hyphenation (it's too ugly)
diff -Nru maradns-2.0.04/doc/en/man/Deadwood.1 maradns-2.0.04+really1.4.09/doc/en/man/Deadwood.1
--- maradns-2.0.04/doc/en/man/Deadwood.1	2010-08-31 18:25:14.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/Deadwood.1	1970-01-01 00:00:00.000000000 +0000
@@ -1,703 +0,0 @@
-.\" Do *not* edit this file; it was automatically generated by ej2man
-.\" Look for a name.ej file with the same name as this filename
-.\"
-.\" Process this file with the following
-.\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
-.\"
-.\" Last updated Fri Aug 13 01:48:01 2010
-.\"
-.TH DEADWOOD 1 "August 2009" DEADWOOD "Deadwood reference"
-.\" We don't want hyphenation (it's too ugly)
-.\" We also disable justification when using nroff
-.\" Due to the way the -mandoc macro works, this needs to be placed
-.\" after the .TH heading
-.hy 0
-.if n .na
-.\"
-.\" We need the following stuff so that we can have single quotes
-.\" In both groff and other UNIX *roff processors
-.if \n(.g .mso www.tmac
-.ds aq \(aq
-.if !\n(.g .if '\(aq'' .ds aq \'
-
-.SH "NAME"
-.PP
-Deadwood - A recursive caching DNS resolver
-.SH "DESCRIPTION"
-.PP
-Deadwood is a DNS cache and recursive server. This is a DNS server with
-the following features:
-.TP 2
-*
-Small size and memory footprint suitable for embedded systems
-.TP 2
-*
-Simple and clean codebase
-.TP 2
-*
-Secure design
-.TP 2
-*
-Spoof protection: Strong cryptography used to determine the Query ID
-and source port
-.TP 2
-*
-Ability to read and write the cache to a file
-.TP 2
-*
-Dynamic cache that deletes entries not recently used
-.TP 2
-*
-Ability to use expired entries in the cache when it is impossible to
-contact upstream DNS servers.
-.TP 2
-*
-Ipv6 support can be compiled in if desired
-.TP 2
-*
-Both DNS-over-UDP and DNS-over-TCP are handled by the same daemon
-.TP 2
-*
-Built-in dnswall functionality
-.PP
-.SH "COMMAND LINE ARGUMENTS"
-.PP
-Deadwood has a single optional command line argument: The location
-of the configuration file that Deadwood uses specified with the "-f"
-flag.
-If this is not defined, Deadwood uses the file "/etc/dwood3rc" as the
-configuration file.
-.PP
-In other words, invoking Deadwood as
-.B "Deadwood"
-will cause Deadwood to
-use /etc/dwood3rc as the configuration file; invoking Deadwood as
-.B "Deadwood -f foobar"
-will cause Deadwood to use the file "foobar"
-in the current working directory (the directory one is in when
-starting Deadwood) as the configuration file.
-.SH "CONFIGURATION FILE FORMAT"
-.PP
-The Deadwood configuration file supports the following parameters:
-.PP
-.in -3
-\fBbind_address\fR
-.PP
-This is the IP (or possibly IPv6) address we bind to.
-.PP
-.in -3
-\fBcache_file\fR
-.PP
-This is the filename of the file used for reading and
-writing the cache to disk; this string can have lowercase letters,
-the \(aq-\(aq symbol, the \(aq_\(aq symbol, and the \(aq/\(aq symbol
-(for putting
-the cache in a subdirectory). All other symbols become a \(aq_\(aq
-symbol.
-.PP
-.in -3
-\fBchroot_dir\fR
-.PP
-This is the directory the program will run from.
-.PP
-.in -3
-\fBdeliver_all\fR
-.PP
-Some upstream DNS servers violate the RFCs and send "name error"
-DNS packets without a SOA record in the NS section of the reply.
-Deadwood used to discard such packets; Deadwood now passes such
-packets on to the client without caching them.
-.PP
-Should the old behavior of discarding these packets is desired,
-set this to 0 with "deliver_all=0" in the dwood3rc file.
-.PP
-The default value for this is 1
-.PP
-.in -3
-\fBdns_port\fR
-.PP
-This is the port Deadwood binds to and listens on for
-incoming connections. The default value for this is the standard DNS
-port:
-port 53
-.PP
-.in -3
-\fBfilter_rfc1918\fR
-.PP
-When this is set to 1, RFC1918 (private) IP addresses are not allowed
-to be
-in DNS replies. See http://crypto.stanford.edu/dns/ for why this
-improves
-security.
-.PP
-The default value for this is 1
-.PP
-.in -3
-\fBhandle_noreply\fR
-.PP
-When this is set to 0, Deadwood sends no reply
-back to the client (when the client is a TCP client, Deadwood closes
-the
-TCP connection) when a UDP query is sent upstream and the upstream DNS
-never sends a reply.
-.PP
-When this is set to 1, Deadwood sends a SERVER FAIL
-back to the client when a UDP query is sent upstream and the upstream
-DNS
-never sends a reply.
-.PP
-The default value for this is 1
-.PP
-.in -3
-\fBhandle_overload\fR
-.PP
-When this has a value of 0, Deadwood sends no reply when a UDP query is
-sent and the server is overloaded (has too many pending connections);
-when it has a value of 1, Deadwood sends a SERVER FAIL packet back to
-the sender of the UDP query. The default value for this is 1.
-.PP
-.in -3
-\fBhash_magic_number\fR
-.PP
-This is a large 31-bit prime number that the hash compression function
-uses; use the RandomPrime C program to generate a suitable random prime
-for this function. This number should be secret; its default value
-changes for every release of Deadwood.
-.PP
-.in -3
-\fBip_blacklist\fR
-.PP
-This is a list of IPs that we do not allow to be in the answer to a
-DNS request. The reason for this is to counteract the practice some
-ISPs have of converting a "this site does not exist" DNS answer in to
-a page controlled by the ISP; this results in possible security issues.
-.PP
-This parameter only accepts individual IPs, and does not use netmasks.
-.PP
-.in -3
-\fBmaradns_uid\fR
-.PP
-The user-id Deadwood runs as. This can be any number
-between 10 and 65535; the default value is 99 (nobody on
-RedHat-derived Linux distributions). This value is not
-used on Windows systems.
-.PP
-.in -3
-\fBmaradns_gid\fR
-.PP
-The group-id Deadwood runs as. This can be any
-number between 10 and 65535; the default value is 99. This
-value is not used on Windows systems.
-.PP
-.in -3
-\fBmax_ar_chain\fR
-.PP
-Whether resource record rotation is enabled. This this has a value
-of 1, resource record rotation is enabled, otherwise resource record
-rotation is disabled.
-.PP
-Resource record rotation is usually desirable, since it allows DNS to
-act like a crude load balancer. However, on heavily loaded systems it
-may be desirable to disable to disbale it to reduce CPU usage.
-.PP
-The reason for the unusual name for this variable is to retain
-compatibility
-with MaraDNS mararc files.
-.PP
-The default value is 1: Resource record rotation enabled.
-.PP
-.in -3
-\fBmax_inflights\fR
-.PP
-The maximum number of simultanious clients we process at the same
-time for the same query.
-.PP
-If, while processone a query for, say, "example.com.", another
-DNS client sends to Deadwood another query for example.com, instead
-of creating a new query to process example.com, Deadwood will
-attach the new client to the same query that is already "in flight",
-and
-send a reply to both clients once we have an answer for example.com.
-.PP
-This is the number of simultaneous clients a given query can have. If
-this
-limit is exceeded, subsequents clients with the same query are refused
-until
-an answer is found. If this has a value of 1, we do not merge multiple
-requests for the same query, but give each request its own connection.
-.PP
-The default value is 8.
-.PP
-.in -3
-\fBmaximum_cache_elements\fR
-.PP
-The maximum number of elements our cache
-is allowed to have. This is a number between 32 and 16,777,216;
-the default value for this is 1024. Note that, if writing the
-cache to disk or reading the cache from disk, higher values of
-this will slow down cache reading/writing.
-.PP
-.in -3
-\fBmaxprocs\fR
-.PP
-This is the maximum number of pending remote UDP connections
-Deadwood can have. The default value for this is 32.
-.PP
-.in -3
-\fBmax_tcp_procs\fR
-.PP
-This is the number of allowed open TCP connections. Default value: 8
-.PP
-.in -3
-\fBnum_retries\fR
-.PP
-The number of times we retry to send a query upstream
-before giving up. If this is 0, we only try once; if this is 1,
-we try twice, and so on, up to 8 retries. Note that each retry
-takes timeout_seconds seconds before we retry again. Default
-value: 2
-.PP
-.in -3
-\fBns_glueless_type\fR
-.PP
-The RR type we send to resolve glueless records. This should be
-1 (A) when mainly using IPv4 to resolve records. If glueless NS records
-have AAAA but not A records, and IPv6 is enabled, it may make sense to
-give this a value of 255 (ANY). If IPv4 ever stops being used on a
-large
-scale, it may eventually become possible to make this have a value of
-28 (AAAA).
-.PP
-The default value is 1: An A (IPv4 IP) record.
-.PP
-.in -3
-\fBrandom_seed_file\fR
-.PP
-This is a file that contains random numbers, and
-is used as a seed for the cryptographically strong random number
-generator.
-Deadwood will try to read 256 bytes from this file (the RNG Deadwood
-uses can
-accept a stream of any arbitrary length).
-.PP
-.in -3
-\fBrecurse_min_bind_port\fR
-.PP
-The lowest numbered port Deadwood is
-allowed to bind to; this is a random port number used for the source
-port of outgoing queries, and is not 53 (see dns_port above). This
-is a number between 1025 and 32767, and has a default value of 15000.
-This is used to make DNS spoofing attacks more difficult.
-.PP
-.in -3
-\fBrecurse_number_ports\fR
-.PP
-The number of ports Deadwood binds to for the source port for
-outgoing connections; this is a power of 2 between 256 and 32768.
-This is used to make DNS spoofing attacks more difficult. The default
-value is 4096.
-.PP
-.in -3
-\fBrecursive_acl\fR
-.PP
-This is a list of who is allowed to use the
-load balancer, in "ip/mask" format. Mask must be a number between
-0 and 32 (for IPv6, between 0 and 128). For example, "127.0.0.1/8"
-allows local connections.
-.PP
-.in -3
-\fBreject_aaaa\fR
-.PP
-If this has a value of 1, a bogus SOA "not there" reply is sent
-whenever
-an AAAA query is sent to Deadwood. In other words, every time a program
-asks
-Deadwood for an IPv6 IP address, instead of trying to process the
-request,
-when this is set to 1, Deadwood pretends the host name in question does
-not
-have an IPv6 address.
-.PP
-This is useful for people who aren\(aqt using IPv6 but use applications
-(usually
-*NIX command like applications like "telnet") which slow things down
-trying
-to find an IPv6 address.
-.PP
-This has a default value of 0. In other words, AAAA queries are
-processed
-normally unless this is set.
-.PP
-.in -3
-\fBresurrections\fR
-.PP
-If this is set to 1, Deadwood will try to send an
-expired record to the user before giving up. If it is 0, we
-don\(aqt. Default value: 1
-.PP
-.in -3
-\fBroot_servers\fR
-.PP
-This is a list of root servers; its syntax is identical to
-upstream_servers (see below). This is the type of DNS service
-ICANN, for example, runs. These are servers used that do
-not give us complete answers to DNS questions, but merely tell
-us which DNS servers to connect to to get an answer closer to
-our desired answer.
-.PP
-.in -3
-\fBtcp_listen\fR
-.PP
-In order to enable DNS-over-TCP, this variable must be set and have
-a value of 1. Default value: 0
-.PP
-.in -3
-\fBtimeout_seconds\fR
-.PP
-This is how long Deadwood will wait before giving
-up and discarding a pending UDP DNS reply.
-The default value for this is 2, as in 2 seconds.
-.PP
-.in -3
-\fBtimeout_seconds_tcp\fR
-.PP
-How long to wait on an idle TCP connection before
-dropping it. The default value for this is 4, as in 4 seconds.
-.PP
-.in -3
-\fBttl_age\fR
-.PP
-Whether TTL aging is enabled; whether entries in the cache have their
-TTLs set to be the amount of time the entries have left in the cache.
-.PP
-If this has a value of 1, TTL entries are aged. Otherwise, they are
-not.
-The default value for this is 1.
-.PP
-.in -3
-\fBupstream_port\fR
-.PP
-This is the port Deadwood uses to connect or send packets to the
-upstream server. The default value for this is 53; the standard
-DNS port.
-.PP
-.in -3
-\fBupstream_servers\fR
-.PP
-This is a list of DNS servers that the load balancer will try to
-contact.
-This is a
-.I "dictionary variable"
-(array indexed by a string instead of
-by a number) instead of a simple variable. Since upstream_servers
-is a dictionary variable, it needs to be initialized before being used.
-.PP
-Deadwood will look at the name of the host that it is trying to find
-the upstream server for, and will match against the longest suffix it
-can find.
-.PP
-For example, if someone sends a query for "www.foo.example.com" to
-Deadwood, Deadwood will first see if there is an upstream_servers
-variable for "www.foo.example.com.", then look for "foo.example.com.",
-then look for "example.com.", then "com.", and finally ".".
-.PP
-Here is an example of upstream_servers:
-
-.nf
-upstream_servers = {} # Initialize dictionary variable
-upstream_servers["foo.example.com."] = "192.168.42.1"
-upstream_servers["example.com."] = "192.168.99.254"
-upstream_servers["."] = "10.1.2.3, 10.1.2.4"
-.fi
-
-In this example, anything ending in "foo.example.com" is resolved
-by the DNS server at 192.168.42.1; anything else ending in
-"example.com"
-is resolved by 192.168.99.254; and anything not ending in "example.com"
-is resolved by either 10.1.2.3 or 10.1.2.4.
-.PP
-.B "Important:"
-the domain name upstream_servers points to must end in
-a "." character. This is OK:
-
-.nf
-upstream_servers["example.com."] = "192.168.42.1"
-.fi
-
-But this is
-.B "not"
-OK:
-
-.nf
-upstream_servers["example.com"] = "192.168.42.1"
-.fi
-
-The reason for this is because BIND engages in unexpected behavior
-when a host name deoesn\(aqt end in a dot, and by forcing a dot at the
-end
-of a hostname, Deadwood doesn\(aqt have to guess whether the user wants
-BIND\(aqs behavior or the "normal" behavior.
-.PP
-If neither root_servers nor upstream_servers are set, Deadwood sets
-root_servers to use the default ICANN root servers, as follows:
-.PP
-
-.nf
-198.41.0.4      a.root-servers.net (VeriSign) 
-192.228.79.201  b.root-servers.net (ISI) 
-192.33.4.12     c.root-servers.net (Cogent) 
-128.8.10.90     d.root-servers.net (UMaryland) 
-192.203.230.10  e.root-servers.net (NASA Ames) 
-192.5.5.241     f.root-servers.net (ISC) 
-192.112.36.4    g.root-servers.net (DOD NIC) 
-128.63.2.53     h.root-servers.net (ArmyRU) 
-192.36.148.17   i.root-servers.net (NORDUnet) 
-192.58.128.30   j.root-servers.net (VeriSign) 
-193.0.14.129    k.root-servers.net (Reseaux) 
-199.7.83.42     l.root-servers.net (IANA)
-202.12.27.33    m.root-servers.net (WIDE) 
-.fi
-
-This list is current as of May 3, 2010, and was last changed on
-November 1, 2007.
-.PP
-.in -3
-\fBverbose_level\fR
-.PP
-This determines how many messages are logged on standard output; larger
-values log more messages. The default value for this is 3.
-.SH "ip/mask format of IPs"
-.PP
-Deadwood uses both standard ip/netmask formats to specify IPs.
-An ip is in dotted-decimal format, e.g. "10.1.2.3" (or in ipv6
-format when ipv6 support is compiled in).
-.PP
-The netmask is used to specify a range of IPs.
-The netmask can be in one of two formats: A single number between
-1 and 32 (128 when ipv6 support is compiled in), which indicates the
-number of leading "1" bits in the netmask, or a 4-digit
-dotted-decimal netmask.
-.PP
-.B "10.1.1.1/24"
-indicates that any ip from 10.1.1.0 to 10.1.1.255
-will match.
-.PP
-.B "10.1.1.1/255.255.255.0"
-is identical to 10.1.1.1/24
-.PP
-.B "10.2.3.4/16"
-indicates that any ip from 10.2.0.0 to 10.2.255.255
-will match.
-.PP
-.B "10.2.3.4/255.255.0.0"
-is identical to 10.2.3.4/16
-.PP
-.B "127.0.0.0/8"
-indicates that any ip with "127" as the first
-octet (number) will match.
-.PP
-.B "127.0.0.0/255.0.0.0"
-is identical to 127.0.0.0/8
-.PP
-The netmask is optional, and, if not present, indicates that only
-a single IP will match.
-.SH "DNS over TCP"
-.PP
-Deadwood has support for both DNS-over-UDP and DNS-over-TCP; the same
-daemon listens on both the UDP and TCP DNS port. DNS-over-TCP must
-be explicitly enabled by setting tcp_listen to 1.
-.PP
-Only UDP DNS queries are cached. Deadwood does not support caching
-over TCP; it handles TCP to resolve the occasional truncated reply or
-handle the occasional non-RFC-compliant TCP-only DNS resolver.
-.SH "Parsing other files"
-.PP
-It is possible to have Deadwood, while parsing the dwood3rc file, read
-other files and parse them as if they were dwood3rc files.
-.PP
-This is done using
-.BR "execfile" "."
-To use execfile, place a line like
-this in the dwood3rc file:
-.PP
-execfile("path/to/filename")
-.PP
-Where path/to/filename is the path to the file to be parsed like a
-dwood3rc file.
-.PP
-All files must be in or under the directory /etc/deadwood/execfile.
-Filenames can only have lower-case letters and the underscore
-character ("_"). Absolute paths are not allowed as the argument to
-execfile; the filename can not start with a slash ("/") character.
-.PP
-If there is a parse error in the file pointed to by execfile, Deadwood
-will report the error as being on the line with the execfile command in
-the main dwood3rc file. To find where a parse error is in the sub-file,
-use something like "Deadwood -f /etc/deadwood/execfile/filename"
-to find the parse error in the offending file, where "filename" is the
-file
-to to parsed via execfile.
-.SH "IPV6 support"
-.PP
-This server can also be optionally compiled to have IPv6 support. In
-order
-to enable IPv6 support, add \(aq-DIPV6\(aq to the compile-time flags.
-For
-example, to compile this to make a small binary, and to have ipv6
-support:
-
-.nf
-	export FLAGS=\(aq-Os -DIPV6\(aq
-	make
-.fi
-
-.SH "SECURITY"
-.PP
-Deadwood is a program written with security in mind.
-.PP
-In addition to use a buffer-overflow resistant string library and a
-coding
-style and SQA process that checks for buffer overflows and memory
-leaks,
-Deadwood uses a strong pseudo-random number generator (The 32-bit
-version
-of Radio Gatun) to generate both the query ID and source port. For the
-random number generator to be secure, Deadwood needs a good source of
-entropy; by default Deadwood will use /dev/urandom to get this entropy.
-If you are on a system without /dev/urandom support, it is important
-to make sure that Deadwood has a good source of entropy so that the
-query
-ID and source port are hard to guess (otherwise it is possible to forge
-DNS packets).
-.PP
-Note that Deadwood is not protected from someone on the same network
-viewing
-packets sent by Deadwood and sending forged packets as a reply.
-.PP
-To protect Deadwood from certain possible denial-of-service attacks, it
-is
-best if Deadwood\(aqs prime number used for hashing elements in the
-cache is
-a random 31-bit prime number. The program RandomPrime.c generates a
-random prime that is placed in the file DwRandPrime.h that is
-regenerated
-whenever either the program is compiled or things are cleaned up with
-make clean. This program uses /dev/urandom for its entropy; the file
-DwRandPrime.h will not be regenerated on systems without /dev/urandom.
-.PP
-On systems without direct /dev/urandom support, it is suggested to see
-if
-there is a possible way to give the system a working /dev/urandom. This
-way, when Deadwood is compiled, the hash magic number will be suitably
-random.
-.PP
-If using a precompiled binary of Deadwood, or if using a system where
-it is
-not feasible to add /dev/urandom support, one can use another system to
-generate a 31-bit random prime (perhaps using a different system with
-/dev/urandom support), then use the hash_magic_number parameter to have
-Deadwood use this random prime number.
-.SH "DAEMONIZATION"
-.PP
-Deadwood does not have any built-in daemonization facilities; this is
-handled by the external program Duende or any other daemonizer.
-.SH "Example configuration file"
-.PP
-Here is an example dwood3rc configuration file:
-
-.nf
-# This is an example deadwood rc file 
-# Note that comments are started by the hash symbol
-
-bind_address="127.0.0.1" # IP we bind to
-
-# The following line is disabled by being commented out
-#bind_address="::1" # We have optional IPv6 support
-
-# Directory we run program from (not used in Win32)
-chroot_dir = "/etc/deadwood" 
-
-# The following upstream DNS servers are Google\(aqs 
-# newly-announced (as of December 2009) public DNS 
-# servers.  For more information, see the page at
-# http://code.google.com/speed/public-dns/
-#
-# These IPs can be changed to the IPs of any recursive 
-# DNS servers that can be reached from the computer 
-# running Deadwood, such as your ISP\(aqs DNS servers.
-upstream_servers = {}
-upstream_servers["."]="8.8.8.8, 8.8.4.4" 
-
-# Who is allowed to use the cache.  This line
-# allows anyone with "127.0" as the first two
-# digits of their IP to use Deadwood
-recursive_acl = "127.0.0.1/16" 
-
-# Maximum number of pending requests
-maxprocs = 8 
-
-# Send SERVER FAIL when overloaded
-handle_overload = 1 
-
-maradns_uid = 99 # UID Deadwood runs as
-maradns_gid = 99 # GID Deadwood runs as
-
-maximum_cache_elements = 60000
-
-# If you want to read and write the cache from disk, 
-# make sure chroot_dir above is readable and writable 
-# by the maradns_uid/gid above, and uncomment the 
-# following line
-#cache_file = "dw_cache"
-
-# If your upstream DNS server converts "not there" DNS replies
-# in to IPs, this parameter allows Deadwood to convert any reply
-# with a given IP back in to a "not there" IP.  If any of the IPs
-# listed below are in a DNS answer, Deadwood converts the answer
-# in to a "not there"
-#ip_blacklist = "10.222.33.44, 10.222.3.55"
-.fi
-
-.SH "BUGS"
-.PP
-DNS-over-TCP needs to be explicitly enabled. Note that DNS-over-TCP is
-almost never used. Also,
-Deadwood does not cache DNS packets larger than 512 bytes in size that
-need to be sent using TCP. In addition, DNS-over-TCP packets which
-are "incomplete" DNS replies (replies which a stub resolver can not
-use,
-namely either a NS referral or an incomplete CNAME reply) are not
-handled correctly by Deadwood. Again, DNS-over-TCP is very rare.
-.PP
-Deadwood can not process DNS resource record types with numbers between
-65392 and 65407. These RR types are marked by the IANA for "private
-use";
-Deadwood reserves these record types for internal use. This is only 16
-record types out of the 65536 possible DNS record types (only 71 have
-actually been assigned by IANA, so this is a non-issue in the real
-world).
-.PP
-It is not clear whether the DNS RFCs allow ASCII control characters
-in DNS names. Even if they were, Deadwood does not allow ASCII
-control characters (bytes with a value less then 32) in DNS names.
-Other characters (UTF-8, etc.) are allowed.
-.SH "LEGAL DISCLAIMER"
-.PP
-THIS SOFTWARE IS PROVIDED BY THE AUTHORS \(aq\(aqAS IS\(aq\(aq AND ANY
-EXPRESS
-OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.SH "AUTHORS"
-.PP
-Sam Trenholme (http://www.samiam.org) is
-responsible for this program and man page. He appreciates all of
-Jean-Jacques Sarton\(aqs help giving this program Ipv6 support.
-
diff -Nru maradns-2.0.04/doc/en/man/getzone.1 maradns-2.0.04+really1.4.09/doc/en/man/getzone.1
--- maradns-2.0.04/doc/en/man/getzone.1	2010-09-27 22:36:06.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/getzone.1	2006-06-21 08:59:39.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Mon Sep 27 15:36:06 2010
+.\" Last updated Wed Jun 21 01:59:39 2006
 .\"
 .TH GETZONE 1 "getzone" "October 2001" "getzone"
 .\" We don't want hyphenation (it's too ugly)
diff -Nru maradns-2.0.04/doc/en/man/maradns.8 maradns-2.0.04+really1.4.09/doc/en/man/maradns.8
--- maradns-2.0.04/doc/en/man/maradns.8	2011-08-05 11:59:50.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/maradns.8	2011-11-11 22:58:37.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Fri Aug  5 06:59:48 2011
+.\" Last updated Fri Nov 11 16:58:35 2011
 .\"
 .TH MARADNS 8 "January 2002" MARADNS "MaraDNS reference"
 .\" We don't want hyphenation (it's too ugly)
@@ -282,28 +282,21 @@
 .in -3
 \fB1. I\(aqm using an older version of MaraDNS\fR
 .PP
-Upgrade to MaraDNS 1.4 or MaraDNS 2.0. MaraDNS 1.4 is compatible with
-older versions of MaraDNS, with the relatively few changes need to
-upgrade
+Upgrade to MaraDNS 1.4. MaraDNS 1.4 is compatible with older versions
+of MaraDNS, with the relatively few changes need to upgrade
 documented.
 .PP
-Use MaraDNS 2.0 if there are any issues using MaraDNS 1.4 to
-recursively
-resolve records (via recursive_acl); the recursive resolver
-in MaraDNS 1.4 is deprecated and only critical security issues are
-fixed
-with it. MaraDNS 2.0 uses the separate daemon Deadwood to recursively
-resolve records.
-.PP
 MaraDNS 1.0 and 1.2 are only supported for critical security updates,
 and
 will no longer be supported on December 21, 2010. MaraDNS 1.3 is also
 only
 supported for critical security updates, and support will stop on
 December
-21, 2012. MaraDNS 1.4 and MaraDNS 2.0 are both fully supported
-(security
-and other important bug fixes) for the foreseeable future.
+21, 2012. MaraDNS 1.4 will be fully supported (security and other
+important
+bug fixes) for the foreseeable future, alongside MaraDNS 2.0 when and
+if
+it comes out.
 .PP
 .in -3
 \fB2. How do I try out MaraDNS?\fR
@@ -406,10 +399,10 @@
 intervention.
 .PP
 .in -3
-\fB8. I am on a slow network, and Deadwood can not process recursive
+\fB8. I am on a slow network, and MaraDNS can not process recursive
 queries\fR
 .PP
-Deadwood, by default, only waits two seconds for a reply from a remote
+MaraDNS, by default, only waits two seconds for a reply from a remote
 DNS server. This default can be increased by adding a line like this
 in the mararc file:
 .PP
@@ -465,23 +458,37 @@
 \fB12. Why does MaraDNS use a multi-threaded model?\fR
 .PP
 .PP
-MaraDNS 2.0 no longer uses threads.
+The multi-threaded model is, plain and simple, the simplest way to
+write
+a functioning recursive DNS server. There is a reason why MaraDNS,
+pdnsd, and
+BIND 9 all use the multi-threaded model.
 .PP
-The multi-threaded model was the simplest way to write
-a functioning recursive DNS server for MaraDNS 1.0. There is a reason
-why MaraDNS, pdnsd, and BIND 9 all use the multi-threaded model.
-.PP
-It took me nearly three years to rewrite MaraDNS\(aq recursive resolver
-as a separate non-threaded daemon. This has been done, and now all
-recursion
-is done with Deadwood which does not need threads.
+MaraDNS 2.0, when and if it is released, will not use threads.
 .PP
 .in -3
 \fB13. I feel that XXX feature should be added to MaraDNS\fR
 .PP
 .PP
-There are no plans to add new features to MaraDNS or Deadwood at
-this time.
+The only thing that will convince me to implement a given feature for
+MaraDNS is cold, hard cash. If you want me to keep a given feature
+proprietary, you better have lots of cold hard cash.
+.PP
+The only feature I will implement for free is to finish up full
+recursion in Deadwood, including IPv6 support. I have no
+plans to implement DNS curve, nor DNSsec,
+Geo IP, or whatever feature you want me to implement for fun and for
+free.
+.PP
+Keep in mind that both the BIND and NSD name servers were
+developed by having the programmers paid to work on the programs.
+PowerDNS was originally commercial software with the author only
+reluctantly made GPL after seeing that the market
+for a commercial DNS server is very small. All of the other DNS servers
+which have been developed as hobbyist projects (Posadis, Pdnsd, and
+djbdns)
+are no longer being actively worked on by the primary developer.
+.PP
 .PP
 .in -3
 \fB14. I feel that MaraDNS should use another documentation format\fR
@@ -551,9 +558,8 @@
 .PP
 The zoneserver program serves zones so that other DNS servers
 can be secondaries for zones which MaraDNS serves. This is a separate
-program from the maradns server, which processes
-authoritative UDP DNS queries, and Deadwood which processes recursive
-DNS queries.
+program from the maradns server, which processes both
+authoritative and recursive UDP DNS queries.
 .PP
 See the DNS
 master document in the MaraDNS tutorial for details.
@@ -574,12 +580,10 @@
 A recursive DNS server is a DNS server that is able to contact other
 DNS
 servers in order to resolve a given domain name label. This is the kind
-of DNS server one points to in /etc/resolve.conf. MaraDNS uses
-the Deadwood daemon to process recursive DNS queries.
+of DNS server one points to in /etc/resolve.conf
 .PP
 An authoritative DNS server is a DNS server that a recursive server
-contacts in order to find out the answer to a given DNS query. The
-maradns daemon processes authoritative DNS queries.
+contacts in order to find out the answer to a given DNS query.
 .PP
 .in -3
 \fB19. The fetchzone client isn\(aqt allowing me to add certain
@@ -684,21 +688,20 @@
 .in -3
 \fB26. I am having problems setting upstream_servers\fR
 .PP
-upstream_servers is only supported by Deadwood, and is no
-longer supported in MaraDNS 2.0.
-The upstream_servers dwood3rc variable is set thusly:
+The upstream_servers mararc variable is set thusly:
 .PP
 .RS 4
 upstream_servers["."] = "10.3.28.79, 10.2.19.83"
 .RE
 .PP
-Note the ["."].
+Note the ["."]. The reason for this is so future versions
+of MaraDNS may have more fine-grained control over the
+upstream_servers and root_servers values.
 .PP
 Note that the upstream_servers variable needs to be initialized
 before being used via upstream_servers = {} (the reason for this
-is so that a dwood3rc file has 100% Python-compatible syntax). A
-complete
-dwood3rc file that uses upstream_servers may look like this:
+is so that a mararc file has 100% Python-compatible syntax). A complete
+mararc file that uses upstream_servers may look like this:
 
 .nf
 ipv4_bind_addresses = "127.0.0.1"
@@ -848,8 +851,75 @@
 .in -3
 \fB31. I have a NS delegation, and MaraDNS is doing strange things.\fR
 .PP
-This is only an issue in MaraDNS 1.4. MaraDNS 2.0 does not allow
-the same IP to both authoritatively and recursively resolve records.
+In the case of there being a NS delegation, MaraDNS handles recursive
+queries and non-recursive DNS queries differently. Basically, unless
+you use askmara with the -n option, dig with the
++norecuse option, or nslookup with the -norec
+option, MaraDNS will try to recursively resolve the record that is
+delegated.
+.PP
+The thinking is this: A normal recursive DNS query is usually one
+where one wants to know the final DNS output. So, if MaraDNS
+delegates a given record to another DNS server, and gets a recursive
+request for said query, MaraDNS will recursively resolve the query
+for you.
+.PP
+For example, let us suppose we have a mararc file that looks
+like this:
+
+.nf
+chroot_dir = "/etc/maradns"
+ipv4_bind_addresses = "10.1.2.3"
+chroot_dir = "/etc/maradns"
+recursive_acl = "127.0.0.1/8, 10.0.0.0/8"
+csv2 = {}
+csv2["example.com."] = "db.example.com"
+.fi
+
+And a db.example.com file that looks like this:
+
+.nf
+www.example.com. 	10.1.2.3
+joe.example.com. 	NS ns.joe.example.com.
+ns.joe.example.com.	A 10.1.2.4
+.fi
+
+Next, you are trying to find out why www.joe.example.com is not
+resolving. If you naively send a query to 10.1.2.3 for
+www.joe.example.com
+as askmara Awww.joe.example.com. 10.1.2.3 or as
+dig @10.1.2.3 www.joe.example.com. or as
+nslookup www.joe.example.com. 10.1.2.3, you will
+.B "not"
+get any information that will help you solve the problem, since
+10.1.2.3
+will try to contact 10.1.2.4 to resolve www.joe.example.com.
+.PP
+The solution is to run your DNS query client thusly:
+.TP 2
+*
+Askmara would be run thusly:
+.PP
+askmara -n Awww.joe.example.com. 10.1.2.3
+.PP
+.TP 2
+*
+Dig would be run thusly:
+.PP
+dig +norecurse @10.1.2.3 www.joe.example.com
+.PP
+.TP 2
+*
+Nslookup would be run thusly:
+.PP
+nslookup -norec www.joe.example.com 10.1.2.3
+.PP
+.PP
+This will allow you to see that packets MaraDNS actually sends to
+a recursive DNS server.
+.PP
+As an aside, this particular problem will not happen if MaraDNS is
+run only as an authoritative nameserver.
 .PP
 .in -3
 \fB32. I am transferring a zone from another server, but the NS records
@@ -905,10 +975,9 @@
 .in -3
 \fB33. Where is the root.hints file?\fR
 .PP
-MaraDNS (actually, Deadwood), unlike BIND, does not need a complicated
-root.hints file in order to have custom root servers. In order to
-change
-the root.hints file, add something like this to your dwood3rc file:
+MaraDNS, unlike BIND, does not need a complicated root.hints file in
+order to have custom root servers. In order to change the root.hints
+file, add something like this to your mararc file:
 
 .nf
 root_servers["."] =  "131.161.247.232,"
@@ -926,7 +995,8 @@
 .in -3
 \fB34. Are there any plans to use autoconf to build MaraDNS?\fR
 .PP
-No.
+No. OK, let me qualify that: I won\(aqt do it unless you pay
+me enough money.
 .PP
 In more detail, MaraDNS does not use autoconf for the following
 reasons:
@@ -1019,7 +1089,8 @@
 \fB36. Will you make a package for the particular Linux distribution I
 am using?\fR
 .PP
-No.
+No. OK, let me qualify that: I won\(aqt do it unless you pay
+me enough money.
 .PP
 There is, however, a CentOS 5-compatible RPM spec file in the build
 directory.
@@ -1143,20 +1214,18 @@
 MaraDNS as your DNS server, the following steps need to be followed:
 .TP 2
 *
-MaraDNS version 1.4 or 2.0 needs to be used; if you\(aqre using an
+MaraDNS version 1.4 needs to be used; if you\(aqre using an
 older version of MaraDNS, upgrade.
 .TP 2
 *
-It is necessary to have recursion disabled, if using MaraDNS 1.4,
-either
-by compiling MaraDNS without recursive support (./configure --authonly
-; make),
+It is necessary to have recursion disabled. This can be done either by
+compiling MaraDNS without recursive support (./configure --authonly ;
+make),
 or by making sure MaraDNS does not have recursion enabled (by not
 having
-recursive_acl set in one\(aqs MaraDNS 1.4 mararc file)
+recursive_acl set in one\(aqs mararc file)
 .PP
-If one wishes to both register domains with AFNIC and use MaraDNS 1.4
-as a
+If one wishes to both register domains with AFNIC and use MaraDNS as a
 recursive DNS server, it is required to have the recursive server be a
 separate instance of MaraDNS on a separate IP. It is not possible to
 have
@@ -1175,15 +1244,16 @@
 \fB43. I can\(aqt see the full answers for subdomains I have
 delegated\fR
 .PP
-To have the subdomains be visible to MaraDNS 1.4 recursive nameservers,
-add the following to your mararc file:
+To have the subdomains be visible to recursive nameservers, add the
+following
+to your mararc file:
 .PP
 recurse_delegation = 1
 .PP
 .in -3
 \fB44. MaraDNS 1 has a problem resolving a domain\fR
 .PP
-This issue should be fixed in MaraDNS 2.0.
+This issue should be fixed when I release MaraDNS 2.0.
 .PP
 Here\(aqs what happening: I have rewritten the recursive resolver for
 MaraDNS.
@@ -1193,7 +1263,7 @@
 .PP
 The new recursive resolver is called "Deadwood"; right now it\(aqs
 fully
-functional and part of MaraDNS 2.0. More information is here:
+functional and undergoing beta-testing. More information is here:
 .PP
 http://maradns.blogspot.com/search/label/Deadwood
 .PP
@@ -1203,8 +1273,15 @@
 I
 in the process of rewriting the recursive code, my rule is that I will
 only
-resolve security issues with MaraDNS 1.0\(aqs recursive resolver.
+resolve security issues with MaraDNS 1.0\(aqs recursive resolver
+without
+getting paid.
+.PP
+If resolving a given domain with MaraDNS\(aq code is an urgent issue
+for you, please consider helping beta-test Deadwood, or sponsoring
+MaraDNS:
 .PP
+http://www.maradns.org/products.html
 .PP
 .in -3
 \fB45. MaraDNS 1.2 has issues with NXDOMAINS and case sensitivity.\fR
@@ -1217,7 +1294,7 @@
 for a name in all caps.
 .PP
 If this is an issue for your organization, please upgrade to a newer
-version of MaraDNS; MaraDNS 1.4 and 2.0 do not have
+version of MaraDNS; MaraDNS 1.4 does not have
 this bug. If you want to see this bug fixed in MaraDNS 1.2, please
 help sponsor MaraDNS.
 .PP
@@ -1396,20 +1473,20 @@
 
 .nf
 /*Placed in the public domain by Sam Trenholme*/
-#include 
-#include 
-#include 
+#include <arpa/inet.h>
+#include <string.h>
+#include <stdint.h>
 #define Z struct sockaddr
 #define Y sizeof(d)
 int main(int a,char **b){uint32_t i;char q[512]
-,p[17]="\\xc0\\f\\0\\x01\\0\\x01\\0\\0\\0\\0\\0\\x04";if(a>
-1){struct sockaddr_in d;socklen_t f=511;bzero(&
+,p[17]="\\xc0\\f\\0\\x01\\0\\x01\\0\\0\\0\\0\\0\\x04";if(a>
+1){struct sockaddr_in d;socklen_t f=511;bzero(&
 d,Y);a=socket(AF_INET,SOCK_DGRAM,0);*((uint32_t
 *)(p+12))=inet_addr(b[1]);d.sin_family=AF_INET;
-d.sin_port=htons(53);bind(a,(Z*)&d,Y);for(;;){i
-=recvfrom(a,q,255,0,(Z*)&d,&f);if(i>9&&q[2]>=0)
+d.sin_port=htons(53);bind(a,(Z*)&d,Y);for(;;){i
+=recvfrom(a,q,255,0,(Z*)&d,&f);if(i>9&&q[2]>=0)
 {q[2]|=128;q[11]?q[3]|=4:1;q[7]++;memcpy(q+i,p,
-16);sendto(a,q,i+16,0,(Z*)&d,Y);}}}return 0;}
+16);sendto(a,q,i+16,0,(Z*)&d,Y);}}}return 0;}
 .fi
 
 NanoDNS takes one argument: The IP we return. This program binds to all
@@ -1432,11 +1509,40 @@
 errors
 in the file will be reported as being on line 1.
 .PP
+The maximum allowed number of threads is 5000.
+.PP
 The system startup script included with MaraDNS assumes that the only
 MaraDNS processes running are started by the script; it stops
 .I "all"
 MaraDNS processes running on the server when asked to stop MaraDNS.
 .PP
+When a resolver asks for an A record, and the A record is a CNAME
+which points to a list of IPs, MaraDNS\(aq recursive resolver only
+returns the first IP listed along with the CNAME. This is somewhat
+worked around by having a CNAME record only stay in the recursive cache
+for 15 minutes.
+.PP
+When a resolver asks for an A record, and the A record is a CNAME
+that points to another CNAME (and possibly a longer CNAME chain), while
+MaraDNS returns the correct IP (as long as the glueless level is not
+exceeded), MaraDNS will incorrectly state that the first CNAME in the
+chain directly points to the IP.
+.PP
+If a NS record points to a list of IPs, and the NS record in question
+is a "glueless" record (MaraDNS had to go back to the root servers to
+find out the IP of the machine in question), MaraDNS\(aq recursive
+resolver
+only uses the first listed IP as a name server.
+.PP
+When MaraDNS\(aq recursive resolver receives a "host not there" reply,
+instead of using the SOA minimum of the "host not there" reply as
+the TTL (Look at RFC1034
+section 4.3.4), MaraDNS uses the TTL of the SOA
+reply.
+.PP
+MaraDNS keeps referral NS records in the cache for one day instead of
+the TTL specified by the remote server.
+.PP
 MaraDNS needs to use the
 .B "zoneserver"
 program to serve DNS records
@@ -1445,8 +1551,7 @@
 for usage information.
 .PP
 MaraDNS does not use the zone file ("master file") format specified in
-chapter 5 of RFC1035; however bind2csv2.py can convert the majority
-of such zone files.
+chapter 5 of RFC1035.
 .PP
 MaraDNS default behavior with star records is not RFC-compliant.
 In more detail,
@@ -1473,11 +1578,45 @@
 seconds; TTLs which are more than 63072000 (2 years) long are given
 a TTL of 2 years.
 .PP
+MaraDNS\(aq recursive resolver\(aqs method of deleting not recently
+accessed
+records from the cache when the cache starts to fill up can deleted
+records
+from the cache before they expire. Some people consider this
+undesirable
+behavior; I feel it is necessary behavior if one wishes to place a
+limit on
+the memory resources a DNS server may use.
+.PP
+MaraDNS\(aq recursive resolver stops resolving when it finds an answer
+in the
+AR section. This is a problem in the case where a given host name and
+IP
+is registered with the root name servers, and the registered IP is out
+of
+date. When this happens, a server "closer" to the root server will give
+an out-of-date IP, even though the authoritative DNS servers for the
+host in question have the correct IP. Note that resolving this will
+result in increased DNS traffic.
+.PP
 MaraDNS, like every other known DNS implementation, only supports a
 QDCOUNT of 0 or 1.
+.PP
+MaraDNS spawns a new thread for every single recursive DNS request
+when the data in question is not in MaraDNS\(aq cache; this
+makes MaraDNS an excellent stress tester for pthread implementations.
+Many pthread implementations can not handle this kind of load;
+symptoms include high memory usage and termination of the MaraDNS
+process.
+.PP
+MaraDNS does not handle the case of a glueless in-bailiwick NS referral
+very gracefully; this usually causes the zone pointed to by the
+offending
+NS record to be unreachable by MaraDNS, even if other DNS servers for
+the domain have correct NS referrals.
 .SH "UNIMPLEMENTED FEATURES"
 .PP
-.I "These are features which I do not plan to implement in MaraDNS."
+.I "These are features which I do not plan to implement in MaraDNS. If you wish to see these features, consider sponsoring MaraDNS development:"
 .PP
 MaraDNS does not have a disk-based caching scheme for authoritative
 zones.
@@ -1494,12 +1633,14 @@
 names to resolve differently, depending on the IP querying the host
 name.
 .PP
+MaraDNS 1.4 only has authoritative-only support for IPv6. Deadwood,
+however, has full IPv6 support.
+.PP
 MaraDNS only allows wildcards
 at the beginning or end of a host name. E.g. names with wildcards like
 "foo.*.example.com". "www.*" will work, however, if a default zonefile
 is
-set up. Likewise, MaraDNS does not have regular expression hostname
-substitution.
+set up.
 .PP
 MaraDNS does not have support for MRTG or any other SNMP-based logging
 mechanism.
diff -Nru maradns-2.0.04/doc/en/man/mararc.5 maradns-2.0.04+really1.4.09/doc/en/man/mararc.5
--- maradns-2.0.04/doc/en/man/mararc.5	2010-09-27 22:39:36.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/mararc.5	2010-02-02 17:12:52.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Mon Sep 27 15:39:35 2010
+.\" Last updated Tue Feb  2 11:12:51 2010
 .\"
 .TH MARARC 5 "January 2002" MARADNS "MaraDNS reference"
 .\" We don't want hyphenation (it's too ugly)
@@ -243,6 +243,75 @@
 Multiple levels of nesting are allowed. Self-referring nests will
 result in an error.
 .PP
+.PP
+.in -3
+\fBroot_servers\fR
+.PP
+root_servers: This is a special "dictionary" element that can
+have multiple elements, where a given element points to either an
+ip, or a pointer to an ipv4 alias. For example:
+
+.nf
+root_servers["."] = "list_of_servers"
+.fi
+
+In this example, "." indicates that this is a listing of root_servers
+that will resolve any name not otherwise listed as a root_servers
+entry.
+.PP
+list_of_servers is a list of root name servers in the exact same
+format as ipv4_aliases.
+.PP
+The root_servers dictionary array can have multiple elements. Like csv2
+elements, the names must be valid domain names that end with the
+\(aq.\(aq character. When there are multiple root_servers elements, the
+element with the most domain name labels that matches the end of
+the hostname one is searching for is used.
+.PP
+For example, let us suppose we have the following root_servers entries:
+
+.nf
+root_servers["."] = "198.41.0.4"
+root_servers["com."] = "192.5.6.30"
+root_servers["example.net."] = "10.1.2.3,10.2.3.4"
+.fi
+
+In this example, we use use the name server with the IP 10.1.2.3 or
+10.2.3.4 to start resolving "www.example.net", the name server with the
+IP 192.5.6.30 to start resolving "www.google.com", and the name server
+with the IP 198.41.0.4 to start resolving "www.maradns.org".
+.PP
+Note that, while ips in a listing of root name servers can have
+netmasks, the netmask portion is ignored.
+.PP
+The root_servers should point to root servers. If one wishes to use
+MaraDNS as a forwarding name server, which forwards DNS requests on to
+another server, use the upstream_servers variable instead.
+.PP
+.in -3
+\fBupstream_servers\fR
+.PP
+This is identical to the root_servers variable (can have multiple
+elements, the elements are a list of ipv4_addresses, the variable is a
+dictionary variable, etc.), but is used
+when one wishes to use MaraDNS to query other recursive servers,
+instead
+of querying the actual root name servers for an answer.
+.PP
+Note that one can not have both root_servers and upstream_servers set
+in a given mararc file; MaraDNS will return with a fatal error if one
+attempts to do this.
+.PP
+Like root_servers, this is a dictionary variable that can have multiple
+elements. For example:
+
+.nf
+upstream_servers["."] = "10.5.6.7"
+upstream_servers["cl."] = "10.2.19.83"
+.fi
+
+Here, we use 10.2.19.83 to resolve host names that end in "cl", and
+10.5.6.7 to resolve all other host names.
 .SH "NORMAL VARIABLE FORMAT"
 .PP
 Normal variables. These are variables that can only take
@@ -547,7 +616,7 @@
 .TP 2
 *
 A dos_protection_level of 78 disables all authoritative processing,
-including default zonefiles.
+including default zonefiles; recursive lookups still work.
 .PP
 The default level of dos_protection_level is 0 when there are one or
 more
@@ -562,6 +631,22 @@
 ipv4 address.
 .PP
 .in -3
+\fBhandle_noreply\fR
+.PP
+This is a numeric variable which determines how the recursive resolver
+informs the client that Mara was unable to contact any remote DNS
+servers
+when trying to resolve a given domain.
+If this is set to 0, no response will be sent to the DNS client.
+If this is set to 1, a "server fail" message will be sent to the DNS
+client.
+If this is set to 2, either a "this host does not exist" message will
+be sent
+to the DNS client if notthere_ip is not set, or the IP specified in
+notthere_ip will be sent if set.
+The default value for this is 1.
+.PP
+.in -3
 \fBhide_disclaimer\fR
 .PP
 If this is set to "YES", MaraDNS will not display the legal disclaimer
@@ -604,6 +689,36 @@
 The default GID is 99.
 .PP
 .in -3
+\fBmaximum_cache_elements\fR
+.PP
+maximum_cache_elements: The maximum number of elements we can have
+in the cache of recursive queries.
+.PP
+This cache of recursive queries is used to store entries we have
+previously obtained from recursive queries.
+.PP
+If we approach this limit, the "custodian" kicks in to effect.
+The custodian removes elements at random from the cache (8 elements
+removed per query) until we are at the 99% or so level again.
+.PP
+The default value for this variable is 1024.
+.PP
+.in -3
+\fBmaxprocs\fR
+.PP
+maxprocs: The maximum number of threads or processes that MaraDNS
+is allowed to run at the same time.
+.PP
+This variable is used to minimize the impact on the server when
+MaraDNS is heavily loaded. When this number is reached, it is
+impossible for MaraDNS to spawn new threads/processes until the
+number of threads/processes is reduced.
+.PP
+The default value for this variable is 64.
+.PP
+The maximum value this can have is 500.
+.PP
+.in -3
 \fBmax_ar_chain\fR
 .PP
 max_ar_chain: The maximum number of records to display if a record in
@@ -674,6 +789,32 @@
 serving.
 .PP
 .in -3
+\fBmin_ttl\fR
+.PP
+min_ttl: The minimum amount of time a resource record will stay in
+MaraDNS\(aq cache, regardless of the TTL the remote server specifies.
+.PP
+Setting this value changes the minimum amount of time MaraDNS\(aq
+recursive server will keep a record in the cache. The value is
+in seconds.
+.PP
+The default value of this is 300 (5 minutes); the minimum value
+for this is 180 (2 minutes).
+.PP
+.in -3
+\fBmin_ttl_cname\fR
+.PP
+min_ttl_cname: The minimum amount of time a resource record
+will stay in MaraDNS\(aq cache, regardless of the TTL the remote server
+specifies.
+.PP
+Setting this value changes the amount of time a CNAME record stays
+in the cache. The value is in seconds.
+.PP
+The default value for this is the value min_ttl has; the minimum value
+for this is 180 (2 minutes).
+.PP
+.in -3
 \fBmin_visible_ttl\fR
 .PP
 min_visible_ttl: The minimum value that we will will show as the TTL
@@ -685,7 +826,10 @@
 cache (keep in their memory) a DNS resource record.
 .PP
 The value is in seconds. The default value for this is 30; the minimum
-value this can have is 5.
+value this can have is 5. People running highly loaded MaraDNS servers
+may wish to increase this value to 3600 (one hour) in order to reduce
+the
+number of queries recursively processed by MaraDNS.
 .PP
 As an aside, RFC1123 section 6.1.2.1 implies that zero-length TTL
 records
@@ -694,6 +838,135 @@
 stub resolvers (such as Mozilla\(aqs stub resolver).
 .PP
 .in -3
+\fBnotthere_ip\fR
+.PP
+This parameter, if set, causes MaraDNS\(aq recursive resolver to return
+a
+0-TTL synthetic IP for non-existent hostnames instead of a "this host
+does
+not exist" DNS reply. The IP returned is the value for this parameter.
+.PP
+For example, if one wishes to send the IP 10.11.12.13 to clients
+whenever
+MaraDNS\(aq recursive resolver gets a "this host does not exist" reply,
+set
+notthere_ip thusly:
+.PP
+notthere_ip = "10.11.12.13"
+.PP
+If one also wishes to have this IP returned when there is no reply
+from remote DNS servers, set handle_noreply thusly:
+.PP
+handle_noreply = 2
+.PP
+This parameter only affects the recursive resolver, and doesn\(aqt
+affect
+authoritative zones that MaraDNS serves. This parameter only affects
+A queries, and doesn\(aqt affect other DNS query types.
+.PP
+.in -3
+\fBrandom_seed_file\fR
+.PP
+random_seed_file: The file from which we read 16 bytes from to
+get the 128-bit seed for the secure pseudo random number generator.
+.PP
+The location of this file is relative to the root of the
+filesystem, not MaraDNS\(aq chroot directory.
+.PP
+This is ideally a file which is a good source of random numbers
+(e.g. /dev/urandom), but can also be a fixed file if your OS does not
+have a decent random number generator. In that case, make sure the
+contents of that file is random and with 600 perms, owned by root.
+We read the file
+.B "before"
+dropping root privileges.
+.PP
+.in -3
+\fBrecurse_delegation\fR
+.PP
+recurse_delegation: Whether to recurse in the case of us finding a NS
+delegation record, but the user/stub resolver sent a query that
+desires recursion. Before MaraDNS 1.3, this was the default behavior.
+.PP
+When recurse_delegation has a value of 1, we recurse in this case.
+Otherwise, we do not.
+.PP
+This parameter has a default value of 0.
+.PP
+.in -3
+\fBrecurse_min_bind_port\fR
+.PP
+MaraDNS, by default, binds to a UDP port with a value between 15000 and
+19095 when making a recursive query. This variable, and the
+recurse_number_ports variable, allow this value to be changed.
+.PP
+recurse_min_bind_port is the lowest port number that MaraDNS will bind
+to when making recursive queries. The default value for this is 15000.
+.PP
+.in -3
+\fBrecurse_number_ports\fR
+.PP
+This determines the size of the port range MaraDNS will bind to when
+making recursive queries. MaraDNS, when making a recursive query, will
+locally bind to a port number between recurse_min_bin_port and
+recurse_min_bind_port + recurse_number_ports - 1.
+.PP
+This number must be a power of 2 between
+256 and 32768. In other words, this must have the value 256, 512, 1024,
+2048, 4096, 8192, 16384, or 32768. The default value for this is 4096.
+.PP
+The sum of the values for recurse_min_bind_port + recurse_number_ports
+must
+fit within the 16-bit value used for UDP ports. In other words, these
+two parameters, added together, can not be greater than 65534.
+.PP
+.in -3
+\fBrecursive_acl\fR
+.PP
+recursive_acl: List of ips allowed to perform recursive queries with
+the recursive portion of the MaraDNS server
+.PP
+The format of this string is identical to the format of an ipv4_alias
+entry.
+.PP
+.in -3
+\fBreject_aaaa\fR
+.PP
+If this has a value of 1, a bogus SOA "not there" reply is sent
+whenever
+an AAAA query is sent to MaraDNS. In other words, every time a program
+asks
+MaraDNS for an IPv6 IP address, instead of trying to process the
+request,
+when this is set to 1, MaraDNS pretends the host name in question does
+not
+have an IPv6 address.
+.PP
+This is useful for people who aren\(aqt using IPv6 but use applications
+(usually
+*NIX command like applications like "telnet") which slow things down
+trying
+to find an IPv6 address.
+.PP
+.in -3
+\fBreject_ptr\fR
+.PP
+If this has a value of 1, a bogus SOA "not there" reply is sent
+whenever
+an PTR query is sent to MaraDNS. In other words, every time a program
+asks
+MaraDNS for an IP-to-name mapping, instead of trying to process the
+request,
+when this is set to 1, MaraDNS pretends the IP in question does not
+have a host name.
+.PP
+This is useful for people who don\(aqt need this data but use
+applications
+(usually *NIX command like applications like "telnet") which slow
+things
+down trying to look up a host name for an IP.
+.PP
+.in -3
 \fBremote_admin\fR
 .PP
 remote_admin: Whether we allow verbose_level to be changed
@@ -712,6 +985,28 @@
 the size of MaraDNS\(aq log.
 .PP
 .in -3
+\fBretry_cycles\fR
+.PP
+retry_cycles: The number of times the recursive resolver will try to
+contact
+all of the DNS servers to resolve a given name before giving up. This
+has a default value of 2.
+.PP
+.in -3
+\fBspammers\fR
+.PP
+spammers: A list of DNS servers which the recursive resolver will
+not query.
+.PP
+This is mainly used to not allow spam-friendly domains to
+resolve, since spammers are starting to get in the habit of using
+spam-friendly DNS servers to resolve their domains, allowing them
+to hop from ISP to ISP.
+.PP
+The format of this string is identical to the format of an ipv4_alias
+entry.
+.PP
+.in -3
 \fBsynth_soa_origin\fR
 .PP
 When a CSV2 zone file doesn\(aqt have a SOA record in it, MaraDNS
@@ -784,9 +1079,7 @@
 client
 is on the
 .B "recursive_acl"
-list. Since MaraDNS 2.0 does not have
-recursion, the maradns daemon ignores the RD bit (Deadwood will not
-process any queries without the RD bit set).
+list.
 .PP
 .in -3
 \fBtcp_convert_server\fR
@@ -799,6 +1092,22 @@
 ignored.
 .PP
 .in -3
+\fBtimeout_seconds\fR
+.PP
+This only applies when performing recursive lookups.
+.PP
+The amount of time, in seconds, to wait for a reply from a remote DNS
+server before giving up and trying the next server on this list. The
+default value is 2 seconds.
+.PP
+This is for setups where a recursive MaraDNS server is on a slow
+network which takes more than two seconds to send and receive a DNS
+packet.
+.PP
+Note that, the larger this value is, the slower MaraDNS will process
+recursive queries when a DNS server is not responding to DNS queries.
+.PP
+.in -3
 \fBtimestamp_type\fR
 .PP
 timestamp_type: The type of timestamp to display. The main purpose of
@@ -842,6 +1151,16 @@
 The default value for this variable is 5.
 .PP
 .in -3
+\fBupstream_port\fR
+.PP
+This is the port that MaraDNS\(aq recursive resolver uses to contact
+other
+DNS servers. This is usually 53 (the default value), but certain
+unusual
+MaraDNS setups (such as when resolving dangling CNAME records on but a
+single IP) may need to have a different value for this.
+.PP
+.in -3
 \fBverbose_level\fR
 .PP
 verbose_level: The number of messages we log to stdout
@@ -867,6 +1186,15 @@
 The default value for this variable is 1.
 .PP
 .in -3
+\fBverbose_query\fR
+.PP
+verbose_query: Whether to verbosely output all DNS queries that the
+recursive DNS server receives. If this is set to 1, then all recursive
+queries sent to MaraDNS will be logged.
+.PP
+This is mainly used for debugging.
+.PP
+.in -3
 \fBzone_transfer_acl\fR
 .PP
 zone_transfer_acl: List of ips allowed to perform zone transfers
@@ -899,6 +1227,14 @@
 maradns_uid = 99
 # The (optional) numeric GID MaraDNS will run as
 # maradns_gid = 99
+# The maximum number of threads (or processes, with the zone server)
+# MaraDNS is allowed to run
+maxprocs = 96
+# It is possible to specify a different maximum number of processes that
+# the zone server can run.  If this is not set, the maximum number of 
+# processes that the zone server can have defaults to the \(aqmaxprocs\(aq value
+# above
+# max_tcp_procs = 64
 
 # Normally, MaraDNS has some MaraDNS-specific features, such as DDIP
 # synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org." 
@@ -910,6 +1246,12 @@
 # indistinguishable from a tinydns server.
 no_fingerprint = 0
 
+# Normally, MaraDNS only returns A and MX records when given a
+# QTYPE=* (all RR types) query.  Changing the value of default_rrany_set
+# to 15 causes MaraDNS to also return the NS and SOA records, which
+# some registrars require.  The default value of this is 3
+default_rrany_set = 3
+
 # These constants limit the number of records we will display, in order
 # to help keep packets 512 bytes or smaller.  This, combined with round_robin
 # record rotation, help to use DNS as a crude load-balancer.
@@ -932,6 +1274,32 @@
 # 3: All queries logged (but not very verbosely right now)
 verbose_level = 1
 
+# Initialize the IP aliases, which are used by the list of root name servers,
+# the ACL for zone transfers, and the ACL of who gets to perform recursive
+# queries
+ipv4_alias = {}
+
+# Various sets of root name servers
+# Note: Netmasks can exist, but are ignored when specifying root name server
+
+# ICANN: the most common and most controversial root name server
+# http://www.icann.org
+# This list can be seen at http://www.root-servers.org/
+ipv4_alias["icann"]  = "198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90,"
+ipv4_alias["icann"] += "192.203.230.10, 192.5.5.241, 192.112.36.4,"
+ipv4_alias["icann"] += "128.63.2.53, 192.36.148.17, 192.58.128.30,"
+ipv4_alias["icann"] += "193.0.14.129, 199.7.83.42, 202.12.27.33"
+
+# OpenNIC: http://www.opennic.unrated.net/
+# Current as of 2005/11/30; these servers change frequently so please
+# look at their web page
+ipv4_alias["opennic"]  = "157.238.46.24, 209.104.33.250, 209.104.63.249,"
+ipv4_alias["opennic"] += "130.94.168.216, 209.21.75.53, 64.114.34.119,"
+ipv4_alias["opennic"] += "207.6.128.246, 167.216.255.199, 62.208.181.95,"
+ipv4_alias["opennic"] += "216.87.153.98, 216.178.136.116"
+
+# End of list of root name server lists
+
 # Here is a ACL which restricts who is allowed to perform zone transfer from 
 # the zoneserver program
 
@@ -942,6 +1310,113 @@
 # by the "zoneserver" program.
 #zone_transfer_acl = "10.1.1.1/24, 10.100.100.100/255.255.255.224"
 
+# More complex: We create two aliases: One called "office" and another
+# called "home".  We allow anyone in the office or at home to perform zone
+# transfers
+#ipv4_alias["office"] = "10.1.1.1/24"
+#ipv4_alias["home"] = "10.100.100.100/255.255.255.224"
+#zone_transfer_acl = "office, home"
+
+# More complex then the last example.  We have three employees,
+# Susan, Becca, and Mia, whose computers we give zone transfer rights to.
+# Susan and Becca are system administrators, and Mia is a developer.
+# They are all part of the company.  We give the entire company zone
+# transfer access
+#ipv4_alias["susan"]     = "10.6.7.8/32"  # Single IP allowed
+#ipv4_alias["becca"]     = "10.7.8.9"     # also a single IP
+#ipv4_alias["mia"]       = "10.8.9.10/255.255.255.255" # Also a single IP
+#ipv4_alias["sysadmins"] = "susan, becca"
+#ipv4_alias["devel"]     = "mia"
+#ipv4_alias["company"]   = "sysadmins, devel"
+# This is equivalent to the above line
+#ipv4_alias["company"]   = "susan, becca, mia"
+#zone_transfer_acl       = "company"
+
+# If you want to enable recursion on the loopback interface, uncomment
+# the relevant lines in the following section
+
+# Recursive ACL: Who is allowed to perform recursive queries.  The format
+# is identical to that of "zone_transfer_acl", including ipv4_alias support
+
+#ipv4_alias["localhost"] = "127.0.0.0/8"
+#recursive_acl = "localhost"
+
+# Random seed file: The file from which we read 16 bytes from to get the
+# 128-bit random Rijndael key.  This is ideally a file which is a good source
+# of random numbers, but can also be a fixed file if your OS does not have
+# a decent random number generator (make sure the contents of that file is
+# random and with 600 perms, owned by root, since we read the file *before*
+# dropping root privileges)
+
+#random_seed_file = "/dev/urandom"
+
+# The maximum number of elements we can have in the cache.  If we have more 
+# elements in the cache than this amount, the "custodian" kicks in to effect,
+# removing elements not recently accessed from the cache (8 elements removed 
+# per query) until we are at the 99% level or so again.
+
+#maximum_cache_elements = 1024
+
+# It is possible to change the minimal "time to live" for entries in the
+# cache; this is the minimum time that an entry will stay in the cache.
+# Value is in seconds; default is 300 (5 minutes)
+#min_ttl = 300
+# CNAME records generally take more effort to resolve in MaraDNS than
+# non-CNAME records; it is a good idea to make this higher then min_ttl
+# default value is to be the same as min_ttl
+#min_ttl_cname = 900
+
+# The root servers which we use when making recursive queries.
+
+# The following line must be uncommented to enable custom root servers 
+# for recursive queries
+#root_servers = {}
+
+# You can choose which set of root servers to use.  Current values (set above)
+# are: icann, osrc, alternic, opennic,  pacificroot, irsc, tinc, and 
+# superroot.  
+#root_servers["."] = "icann"
+
+# If you prefer to contact other recursive DNS servers instead of the ICANN
+# root servers, this is done with the upstream_servers mararc variable:
+#upstream_servers["."] = "192.168.0.1, 192.168.0.2"
+
+# You can tell MaraDNS to *not* query certain DNS servers when in recursive
+# mode.  This is mainly used to not allow spam-friendly domains to resolve,
+# since spammers are starting to get in the habit of using spam-friendly
+# DNS servers to resolve their domains, allowing them to hop from ISP to 
+# ISP.  The format of this is the same as for zone_transfer_acl and 
+# recursive_acl
+
+# For example, at the time of this document (August 12, 2001), azmalink.net
+# is a known spam-friendly DNS provider (see doc/detailed/spammers/azmalink.net
+# for details.)  Note that this is based on IPs, and azmalink.net constantly
+# changes IPs (as they constantly have to change ISPs)
+# 2002/10/12: Azmalink changed ISP again, this reflect their current ISP
+ipv4_alias["azmalink"] = "12.164.194.0/24"
+
+# As of September 20, 2001, hiddenonline.net is a known spam-friendly
+# DNS provider (see doc/detailed/spammers/hiddenonline for details).
+ipv4_alias["hiddenonline"] = "65.107.225.0/24"
+spammers = "azmalink,hiddenonline"
+
+# It is also possible to change the maximum number of times MaraDNS will
+# follow a CNAME record or a NS record with a glue A record.  The default
+# value for this is ten.
+#max_glueless_level = 10
+# In addition, one can change the maximum number of total queries that
+# MaraDNS will perform to look up a host name.  The default value is 32.
+#max_queries_total = 32
+# In addition, one can change the amount of time that MaraDNS will wait
+# for a DNS server to respond before giving up and trying the next DNS
+# server on a list.  Note that, the larger this value is, the slower 
+# MaraDNS will process recursive queries when a DNS server is not 
+# responding to DNS queries.  The default value is two seconds.
+#timeout_seconds = 2
+
+
+# And that does it for the caching at this point
+
 
 .fi
 
diff -Nru maradns-2.0.04/doc/en/man/zoneserver.8 maradns-2.0.04+really1.4.09/doc/en/man/zoneserver.8
--- maradns-2.0.04/doc/en/man/zoneserver.8	2010-09-27 22:36:06.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/man/zoneserver.8	2007-08-29 16:30:04.000000000 +0000
@@ -4,7 +4,7 @@
 .\" Process this file with the following
 .\" nroff -man -Tutf8 maradns.8 | tr '\020' ' '
 .\"
-.\" Last updated Mon Sep 27 15:36:06 2010
+.\" Last updated Wed Aug 29 11:30:04 2007
 .\"
 .TH ZONESERVER 8 "zoneserver" "October 2001" "zoneserver"
 .\" We don't want hyphenation (it's too ugly)
@@ -48,9 +48,9 @@
 The file format for the mararc file can be found in the
 .B "mararc(5)"
 manual page. In particular, the zoneserver uses the
-zone_transfer_acl, tcp_convert_acl, tcp_convert_server, and
-bind_address
-mararc parameters.
+zone_transfer_acl, tcp_convert_acl, tcp_convert_server, bind_address,
+and
+recursive_acl mararc parameters.
 .SH "EXAMPLE MARARC FILE"
 .PP
 In this example mararc file, which is used both by maradns and
diff -Nru maradns-2.0.04/doc/en/QuickStart maradns-2.0.04+really1.4.09/doc/en/QuickStart
--- maradns-2.0.04/doc/en/QuickStart	2010-09-26 16:59:26.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/QuickStart	2008-03-24 15:52:30.000000000 +0000
@@ -1,2 +1,94 @@
-Sorry, can not find lcol; this is in the utf8 directory
-off of the main maradns tree
+This guide is for experienced UNIX/Linux/BSD users who just want to quickly
+try out MaraDNS
+
+       MaraDNS acts as both a recursive and an authoritative DNS server. In
+       other words, MaraDNS can both be used to speed up the internet, and/or
+       serve domains that you may have.
+
+       To try out MaraDNS as a recursive nameserver is easy:
+
+       * Compile MaraDNS. Type in './configure; make' in the top-level MaraDNS
+         directory.  Note: No need to compile if you downloaded a binary RPM
+         or Debian package.
+
+       * Take the file server/maradns and place it in /usr/local/sbin
+
+       * Take the file tools/duende and place it in /usr/local/sbin
+
+       * Create an empty directory called /etc/maradns
+
+       * Create a mararc file. This file only needs to be three lines long on
+         systems with a /dev/urandom file, and four lines long on older
+         operating systems without /dev/urandom
+
+       Here is a sample mararc file:
+
+            ipv4_bind_addresses = "127.0.0.1"
+            chroot_dir = "/etc/maradns"
+            recursive_acl = "127.0.0.1"
+
+       This mararc file says that MaraDNS will have the ip "127.0.0.1" (this
+       is the bind_address), run from the directory /etc/maradns (the
+       chroot_dir value), and only allow the ip "127.0.0.1" to make recursive
+       queries (the recursive_acl value).
+
+       * Place the mararc file in the location /etc/mararc on your system.
+
+       * Run MaraDNS as a non-daemon:
+
+              /usr/local/sbin/maradns
+
+         Since MaraDNS needs to bind to a privileged port (port 53), it needs
+         to start up running as root. MaraDNS is designed with security in
+         mind, and will drop root privileges before being visible to the
+         public internet.
+
+       * Test MaraDNS in another window or virtual terminal
+
+              dig @127.0.0.1 www.yahoo.com
+
+       * In order to make the duende daemonizing tool usable, create a
+         directory named /etc/maradns/logger/
+
+              mkdir /etc/maradns/logger
+
+       * If this works, make MaraDNS run as a daemon:
+
+              /usr/local/sbin/duende /usr/local/sbin/maradns
+
+         duende is a tool that daemonizes maradns; the daemonizer is a
+         separate program.
+
+       * If this all works, install MaraDNS:
+
+              make install
+       It is also possible to set up MaraDNS as both an authoritative and
+       recursive name server with the same IP:
+
+       * Here is the MaraRC file:
+
+              ipv4_bind_addresses = "127.0.0.1"
+              chroot_dir = "/etc/maradns"
+              recursive_acl = "127.0.0.1"
+              csv2 = {}
+              csv2["example.com."] = "db.example.com"
+
+       * Have a zone file named db.example.com in the chroot_dir (/etc/maradns
+         above) that looks like this:
+
+         example.com. 10.1.2.3
+
+         (Yes, experienced DNS admins, you can have SOA, NS, MX, SRV, and any
+         other kind of DNS data stored in a csv2 zone file. Read the csv2 man
+         page for details)
+
+       * Recursive queries will be resolved normally
+
+       * Queries for example.com will resolve to 10.1.2.3
+
+       * Any other name.example.com query will return a "this host does not
+         exist" DNS reply.
+
+       Look in doc (in particular, the tutorial), or read the relevant man
+       pages for more information on how to set up MaraDNS.
+                                                                            
diff -Nru maradns-2.0.04/doc/en/source/changelog.embed maradns-2.0.04+really1.4.09/doc/en/source/changelog.embed
--- maradns-2.0.04/doc/en/source/changelog.embed	2011-11-12 08:25:44.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/source/changelog.embed	2011-12-30 22:25:57.000000000 +0000
@@ -1,80 +1,7 @@
 
MaraDNS changelog

 
-
maradns-2.0.04:

-This is a stable release of MaraDNS.
-

-
    
-
  • AngelD's issue with zone transfers when there are a lot of FQDN4 records
-    fixed.
-
  • Karim's issue with '/read' directive fixed
-

-(2011.11.12)
-

-
-
maradns-1.4.07:

-This is a legacy release of MaraDNS.  All patches are backports
-of MaraDNS 2.0 bug fixes.
-

-
    
-
  • A typo fix for fetchzone
-
  • AXFR-over-UDP packets are now correctly marked "truncated"
-
  • It is now possible to have the '/' in hostnames
-
  • Fix for Debian bug #607739: Hostname shown when complaining about DDIP
-    issues
-
  • AngelD's issue with zone transfers when there are a lot of FQDN4 records
-    fixed.
-
  • Karim's issue with '/read' directive fixed
-

-(2011.11.11)
-

-
-
maradns-2.0.03:

-This is a stable release of MaraDNS.
-

-
    
-
  • Deadwood updated to Deadwood 3.0.03
-
  • ANY queries that do not fit in 512 bytes are now properly truncated
-
  • RFC2317 hostnames with slash characters ('/') are now supported
-
  • MaraDNS is now fully installed when 'make install' is invoked (at
-    least on CentOS 5)
-
  • DDIP MX problem records now show hostname
-
  • Correct handling of IXFR and AXFR requests sent over UDP (the UDP server
-    now always marks these as being truncated)
-
  • Documentation updates
-
  • Give information on how to RTFM (correct manpage pointed out) if a 
-    csv2 file doesn't parse
-
  • Added support for --pid=/path/to/file to Duende (courtesy Yarin)
-
  • ipv6 fixes applied
-
  • Courtesy of Nicholas Bamber, Duende should now reap all 
-    children (as long as they don't need a KILL/9 signal to exit)
-
  • Updates to the SQA regressions
-
  • MaraDNS 2.0 tarball is now xz compressed; MaraDNS 2.0 Windows binary is
-    now provided.
-

-(2011.08.05)
-

-
-
maradns-2.0.02:

-This is a stable branch of MaraDNS.
-

-
    
-
  • Documentation updates 
-
  • Applied Corey's patch that fixes a typo in fetchzone.c 
-
  • Applied Yarin's patch that makes the "install.locations" script more 
-    flexible.
-
  • I have adapted Yarin's patch that makes email addresses like 
-    'john\.doe@example.com' possible in SOA records. 
-
  • Updated an error message that stated we were running MaraDNS 1.2 
-    (now says 2.0) 
-
  • Updated the copyright statement to have the year 2011 
-
  • Deadwood updated to 3.0.02
-
  • Fix for CVE-2011-0520
-

-(2011.02.05)
-

-
-
maradns-1.4.06:

-This is a stable branch of MaraDNS.
+
maradns-1.4.05:

+This is the stable branch of MaraDNS.
 

 
    
 
  • Fix for CVE-2011-0520
@@ -83,27 +10,6 @@
 (2011.01.28)
 

 
-
maradns-2.0.01:

-This is a stable branch of MaraDNS.
-

-
    
-
  • MaraDNS build process modified to compile without any recursion; recursion
-    is now supplied by Deadwood.
-

-(2010.09.28)
-

-
-
maradns-1.4.05:

-This is a stable branch of MaraDNS.
-

-
    
-
  • Deadwood updated to the stable 3.0.01 release.
-
  • MicroDNS now returns "not implemented" when given an EDNS packet
-
  • FAQ updated.
-

-(2010.09.25)
-

-
 
maradns-1.4.04:

 This is the stable branch of MaraDNS.
 

diff -Nru maradns-2.0.04/doc/en/source/coding_style.ej maradns-2.0.04+really1.4.09/doc/en/source/coding_style.ej
--- maradns-2.0.04/doc/en/source/coding_style.ej	2010-09-27 21:35:05.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/source/coding_style.ej	2010-01-08 16:07:40.000000000 +0000
@@ -4,7 +4,7 @@
 
 
 
-
 
-
Compiling MaraDNS and Deadwood

+
Compiling MaraDNS

 
 
Requirements

 
@@ -56,8 +56,7 @@
     

 
   This will install both the binaries and the man pages for 'maradns',
-  'Deadwood' (MaraDNS 2.0's recursive DNS server), 'askmara', 'duende', 
-  'fetchzone', and 'zoneserver'.  In addition, this 
+  'askmara', 'duende', 'fetchzone', and 'zoneserver'.  In addition, this 
   will (if the files are not already present), install an example /etc/mararc,
   make the /etc/maradns directory, and place an example zone file
   (db.example.com) in /etc/maradns.  Finally, this will place MaraDNS
diff -Nru maradns-2.0.04/doc/en/source/convert.ej maradns-2.0.04+really1.4.09/doc/en/source/convert.ej
--- maradns-2.0.04/doc/en/source/convert.ej	2010-08-31 18:12:30.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/source/convert.ej	2008-03-24 15:52:27.000000000 +0000
@@ -4,7 +4,7 @@
 
 
 
-
 
-This document is for people who are getting a "dangling CNAME" warning,
-or who wish to have CNAME records that point to records served by
-other DNS servers.
-
-

-
 There are two cases that can cause the "dangling CNAME" message
 to appear:
 
@@ -68,16 +62,15 @@
 records, MaraDNS can be configured thusly:
 
 
    
-
  • We run MaraDNS server on one IP and a Deadwood server on another IP.
+
  • We run two servers of MaraDNS on two different IPs.
 
  • For the sake of this example, we will suppose that the server
-  people send queries to for resolving hostnames has the IP 192.168.1.1,
-  which will be running Deadwood. 
-  We will further suppose that there is a MaraDNS server which has the dangling 
+  people send queries to for resolving hostnames has the IP 192.168.1.1. 
+  We will further suppose that there is a server which has the dangling 
   CNAME issue with the IP 192.168.1.2
-
  • Set up 192.168.1.1 to use 192.168.1.2 to resolve all hostnames that end
-  in, say, "example.com.", via the upstream_servers dwood3rc variable.
-
  • Set up 192.168.1.2 to have dangling CNAME records in the 
-  authoritative half.
+
  • Set up 192.168.1.1 to use 192.168.1.2 as an upstream server by the use
+  of the upstream_servers mararc variable.
+
  • Set up 192.168.1.2 to be both an authoritative and recursive DNS server,
+  and have dangling CNAME records in the authoritative half.
 

 
 This will cause dangling CNAME records to be fully resolved; here is
@@ -86,26 +79,26 @@
 
    
 
  1. A stub resolver asks 192.168.1.1 the IP address for, say 
    "google.example.com"
-
  2. 192.168.1.1 asks 192.168.1.2 the IP address for "google.example.com" (since
-    the name ends in "example.com")
+
  3. 192.168.1.1 asks 192.168.1.2 the IP address for "google.example.com"
 
  4. 192.168.1.2 tells 192.168.1.1 "google.example.com is a CNAME for
     www.google.com, and I don't have an IP for it"
 
  5. 192.168.1.1, seeing that it has a CNAME without an IP, asks
-    nameservers on the internet for the IP for "www.google.com"
-
  6. When 192.168.1.1 has a complete record, it will send this record to
+    192.168.1.2 the IP for "www.google.com"
+
  7. 192.168.1.2 recursively resolves the IP for www.google.com, and gives
+    this IP for 192.168.1.1
+
  8. Now that 192.168.1.1 has a complete record, it will send this record to
    the stub resolver.  In other words, 192.168.1.1 will tell the stub
    resolver that google.example.com is a CNAME for www.google.com, and then
    give out the IP for www.google.com.
 

 
-Here is an example dwood3rc file for 192.168.1.1:
+Here is an example mararc file for 192.168.1.1:
 
 
 ipv4_bind_addresses = "192.168.1.1"
 chroot_dir = "/etc/maradns"
 recursive_acl = "192.168.1.0/24"
-upstream_servers = {}
-upstream_servers["example.com."] = "192.168.1.2"
+upstream_servers = "192.168.1.2"
 

 
 Here is an example mararc file for 192.168.1.2:
@@ -113,12 +106,13 @@
 
 ipv4_bind_addresses = "192.168.1.2"
 chroot_dir = "/etc/maradns"
+recursive_acl = "192.168.1.1"
 csv2 = {}
 csv2["example.com."] = "db.example.com"
 

 
 If dangling CNAMEs are not an issue for a given setup, or if they are
-resolved by the above setup using both MaraDNS and Deadwood, the warnings
+resolved by the above setup with two instances of MaraDNS, the warnings
 about dangling CNAMEs can be turned off by adding this to a mararc file:
 
 
diff -Nru maradns-2.0.04/doc/en/source/default_zonefile.ej maradns-2.0.04+really1.4.09/doc/en/source/default_zonefile.ej
--- maradns-2.0.04/doc/en/source/default_zonefile.ej	2010-09-27 21:44:29.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/source/default_zonefile.ej	2007-05-21 11:37:54.000000000 +0000
@@ -26,7 +26,8 @@
 
  • Default zonefiles may not be transferred via zone transfer
 
 
-With the exception of these restrictions, and having the
+It also is not possible to run recursion on a server that uses a
+default zonefile.  With the exception of these restrictions, and the
 ability to have a '*' at the end of a hostname (or simply the catch-all
 wildcard hostname '*'), a csv2 default zone file functions like a normal
 csv2 zone file.
diff -Nru maradns-2.0.04/doc/en/source/dns_intro.ej maradns-2.0.04+really1.4.09/doc/en/source/dns_intro.ej
--- maradns-2.0.04/doc/en/source/dns_intro.ej	2010-08-31 18:01:34.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/source/dns_intro.ej	2005-10-03 01:09:54.000000000 +0000
@@ -47,8 +47,8 @@
 remembers the number (this number is called an "IP") for you so that
 you don't need to ask your ISP the number for www.yahoo.com every
 time you go to that web site.  This is what I call a downstream
-DNS server.  This mode of operation is done with the Deadwood
-program included with MaraDNS.
+DNS server.  MaraDNS, naturally, fully supports this mode of
+operation.
 
 
    
 
@@ -56,8 +56,9 @@
 servers do: Directly query various machines on the internet for 
 the IP for "www.yahoo.com", and give you the answer after doing all
 of the bureaucracy needed to find out what the IP for "www.yahoo.com"
-is.  This is what I call a recursive DNS server, and Deadwood, in addition
-to being able to be a DNS cache, can also be a fully recursive DNS server.
+is.  This is what I call a recursive DNS server.  MaraDNS, naturally,
+also fully supports this mode of operation.  Indeed, this is the easiest
+mode of operation to set up for MaraDNS.
 
 
    
 
@@ -69,9 +70,8 @@
 "www.yourname.com", you will need to run your own DNS server.  This kind
 of DNS server is not used to speed up the internet, but is used so that
 other DNS servers can find out the IP for "www.yourname.com".  This kind
-of DNS server is called an authoritative DNS server.  Instead of using
-"Deadwood", one uses the "maradns" daemon (program that runs as a network
-server) to support this mode of operation.
+of DNS server is called an authoritative DNS server.  MaraDNS, you guessed
+it, fully supports this mode of operation.
 
 
 
diff -Nru maradns-2.0.04/doc/en/source/dnsintro.ej maradns-2.0.04+really1.4.09/doc/en/source/dnsintro.ej
--- maradns-2.0.04/doc/en/source/dnsintro.ej	2010-08-31 18:11:53.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/source/dnsintro.ej	2008-03-24 15:52:27.000000000 +0000
@@ -4,7 +4,7 @@
 
 
 
-
 
-
    Using Deadwood as a recursive DNS server
    
+
    Using MaraDNS as a recursive DNS server
    
 
-This document is a step-by-step guide to setting up Deadwood as a recursive 
-DNS server.  It assumes that MaraDNS and Deadwood are already compiled and installed.
 
 
@@ -31,7 +31,7 @@
 
 
      
 
    • Basic configuration
-
    • Using Deadwood on a slow network
+
    • Using MaraDNS on a slow network
 
    • Using other recursive DNS servers
 
    • Using different root servers
 
    • Having private host names
@@ -44,8 +44,8 @@
 
      Basic configuration
      
 
 
-Once Deadwood is installed, the dwood3rc file needs to be set up
-before Deadwood will function as a recursive DNS server.  This file only 
+Once MaraDNS is installed, the mararc file needs to be set up
+before MaraDNS will function as a recursive DNS server.  This file only 
 needs to be three lines long:
 
 
      @@ -55,27 +55,27 @@
 
      
 
 
      
-This three-line file needs to be called /etc/dwood3rc.
+This three-line file needs to be called /etc/mararc.
 
 
      
-The first line is the IP address or addresses Deadwood will use.  Here, it
-has the address 127.0.0.1, which means that only the machine running Deadwood
+The first line is the IP address or addresses MaraDNS will use.  Here, it
+has the address 127.0.0.1, which means that only the machine running MaraDNS
 will be able to access the MaraDNS server--other machines will not be able
 to see it.  
 
 
      
-If the machine running Deadwood will be accessed by other machines, this
-IP needs to be changed to an IP that the machine running Deadwood has.
+If the machine running MaraDNS will be accessed by other machines, this
+IP needs to be changed to an IP that the machine running MaraDNS has.
 
 
      
-It is possible to have Deadwood run on multiple IP addresses:
+It is possible to have MaraDNS run on multiple IP addresses:
 
 
       ipv4_bind_addresses = "10.1.3.2, 192.168.0.1, 127.0.0.1"
 
      
 
-The second line, chroot_dir is the directory Deadwood will be 
-run from.  This just 
+The second line, chroot_dir is the directory MaraDNS will be 
+run from.  When MaraDNS is being used as a recursive DNS server, this just 
 has to be an empty directory, ideally owned by the root user.
 
 
      
@@ -93,19 +93,19 @@
 
    • 
 
 Here the "/24" indicates that we ignore the fourth number in an IP
-when determining who can contact Deadwood.
+when determining who can contact MaraDNS.
 
 
    
-Once this is done, other machines can contact the Deadwood server to
-perform DNS queries.  For example, Deadwood is now a DNS server which 
+Once this is done, other machines can contact the MaraDNS server to
+perform DNS queries.  For example, MaraDNS is now a DNS server which 
 Windows 98 can use in "Control Panel -> Network -> TCP/IP -> DNS 
 configuration", or a UNIX system can point to from 
 /etc/resolv.conf.
 
 
-
    Using Deadwood on a slow network
    
+
    Using MaraDNS on a slow network
    
 
-Deadwood, on a slow network, may time out.  Deadwood normally only waits
+MaraDNS, on a slow network, may time out.  MaraDNS normally only waits
 two seconds for a reply from a remote DNS server.  This is not enough
 time to process queries on some slow networks.  This can be changed by
 increasing the timeout_seconds value.
@@ -122,31 +122,25 @@
 timeout_seconds = 6
 
    
 
-
+     people how to set up a random_seed_file in the tutorial. -->
 
 
 
    Using other recursive DNS servers
     
     
 
-It is possible to have Deadwood contact other recursive name servers,
+It is possible to have MaraDNS contact other recursive name servers,
 instead of contacting the actual root servers to process recursive
-queries by using the variable upstream_servers in the dwood3rc file.
+queries by using the variable upstream_servers in the mararc file.
 
 
    
 
 In other words, one can use one's, say, ISP's DNS servers to resolve the
 names, and have MaraDNS act as a cache for the ISP's DNS servers.  Supposing
 that the ISP name servers have the IPs 10.66.77.88 and 10.99.11.22, the
-dwood3rc file will look like this:
+mararc file will look like this:
 
 
     ipv4_bind_addresses = "127.0.0.1"
@@ -159,7 +153,7 @@
 
 
    Using different root servers
    
 
-Deadwood, by default, uses the ICANN name servers as the root name servers.
+MaraDNS, by default, uses the ICANN name servers as the root name servers.
 The reason for this default is practical: In my experience, the ICANN root
 name servers are the ones which least frequently change their IP addresses.
 They are the best name servers for simple "set and forget" recursive
@@ -177,20 +171,21 @@
 ipv4_bind_addresses = "127.0.0.1"
 chroot_dir = "/etc/maradns"
 recursive_acl = "127.0.0.1"
-root_servers = {}
-root_servers["."] = "198.41.0.4,"     
-root_servers["."] += "192.228.79.201,"
-root_servers["."] += "192.33.4.12,"
-root_servers["."] += "128.8.10.90,"
-root_servers["."] += "192.203.230.10,"
-root_servers["."] += "192.5.5.241,"
-root_servers["."] += "192.112.36.4,"
-root_servers["."] += "128.63.2.53,"
-root_servers["."] += "192.36.148.17,"
-root_servers["."] += "192.58.128.30,"
-root_servers["."] += "193.0.14.129,"
-root_servers["."] += "199.7.83.42,"
-root_servers["."] += "202.12.27.33"
+ipv4_alias = {}
+ipv4_alias["icann"]  = "198.41.0.4,"     
+ipv4_alias["icann"] += "192.228.79.201,"
+ipv4_alias["icann"] += "192.33.4.12,"
+ipv4_alias["icann"] += "128.8.10.90,"
+ipv4_alias["icann"] += "192.203.230.10,"
+ipv4_alias["icann"] += "192.5.5.241,"
+ipv4_alias["icann"] += "192.112.36.4,"
+ipv4_alias["icann"] += "128.63.2.53,"
+ipv4_alias["icann"] += "192.36.148.17,"
+ipv4_alias["icann"] += "192.58.128.30,"
+ipv4_alias["icann"] += "193.0.14.129,"
+ipv4_alias["icann"] += "199.7.83.42,"
+ipv4_alias["icann"] += "202.12.27.33"
+root_servers["."] = "icann"
 
    
 
 This file will do the exact same thing as the following mararc file:
@@ -201,16 +196,177 @@
 recursive_acl = "127.0.0.1"
    -The ICANN servers listed above are the ones that Deadwood use when no +The ICANN servers listed above are the ones that MaraDNS uses when no root servers are specified. +

    + +As an aside, the ipv4_alias variable is a general purpose way of +giving names to any set of IPs in a mararc file. We can use +shortcuts like this, in fact: + +

    +ipv4_alias = {}
+ipv4_alias["localhost"] = "127.0.0.1"
+ipv4_bind_addresses = "localhost"
+chroot_dir = "/etc/maradns"
+recursive_acl = "localhost"
+ipv4_alias["icann-a"] = "198.41.0.4"
+ipv4_alias["icann-b"] = "192.228.79.201"
+ipv4_alias["icann-c"] = "192.33.4.12"
+ipv4_alias["icann-d"] = "128.8.10.90"
+ipv4_alias["icann-e"] = "192.203.230.10"
+ipv4_alias["icann-f"] = "192.5.5.241"
+ipv4_alias["icann-g"] = "192.112.36.4"
+ipv4_alias["icann-h"] = "128.63.2.53"
+ipv4_alias["icann-i"] = "192.36.148.17"
+ipv4_alias["icann-j"] = "192.58.128.30"
+ipv4_alias["icann-k"] = "193.0.14.129"
+ipv4_alias["icann-l"] = "199.7.83.42"
+ipv4_alias["icann-m"] = "202.12.27.33"
+ipv4_alias["icann"] = "icann-a,icann-b,icann-c,icann-d,icann-e,icann-f,"
+ipv4_alias["icann"] += "icann-g,icann-h,icann-i,icann-j,icann-k,icann-l,"
+ipv4_alias["icann"] += "icann-m"
+root_servers["."] = "icann"
+
    + +This works the same as the above two examples. The reason why we don't have +commas in any of the aliases besides icann is because the comma before +the quote is only needed on a line before a line that uses +the += operator. + +

    + +Here is what a configuration file which uses OpenNIC's glue root servers +as the root servers. This list is current as of February 22, 2006; note +that OpenNIC frequently changes these IPs and you need to verify that +these IPs are current at http://www.opennic.unrated.net/. +A number of alternate root server organizations no longer exist; please +make sure these people still exist before using this list. + +

    +ipv4_bind_addresses = "127.0.0.1"
+chroot_dir = "/etc/maradns"
+recursive_acl = "127.0.0.1"
+ipv4_alias = {}
+# This ends with a comma because the next line is a += line
+ipv4_alias["opennic"]  = "131.161.247.232,"
+ipv4_alias["opennic"] += "208.185.249.250,"
+ipv4_alias["opennic"] += "66.227.42.140,"
+ipv4_alias["opennic"] += "66.227.42.149,"
+ipv4_alias["opennic"] += "64.81.44.251,"
+ipv4_alais["opennic"] += "216.87.84.214,"
+ipv4_alias["opennic"] += "208.185.249.251,"
+ipv4_alias["opennic"] += "131.161.247.231,"
+# This is the last line, so no comma at the end
+ipv4_alias["opennic"] += "65.243.92.254"
+# Considering how often alternate root DNS server lists change or disappear,
+# we will have the ICANN list on hand as a backup.
+ipv4_alias["icann"]  = "198.41.0.4,"     
+ipv4_alias["icann"] += "192.228.79.201,"
+ipv4_alias["icann"] += "192.33.4.12,"
+ipv4_alias["icann"] += "128.8.10.90,"
+ipv4_alias["icann"] += "192.203.230.10,"
+ipv4_alias["icann"] += "192.5.5.241,"
+ipv4_alias["icann"] += "192.112.36.4,"
+ipv4_alias["icann"] += "128.63.2.53,"
+ipv4_alias["icann"] += "192.36.148.17,"
+ipv4_alias["icann"] += "192.58.128.30,"
+ipv4_alias["icann"] += "193.0.14.129,"
+ipv4_alias["icann"] += "198.32.64.12,"
+ipv4_alias["icann"] += "202.12.27.33"
+# Now, set the root servers; chance this to icann if you want to use the
+# icann servers instead.
+root_servers["."] = "opennic"
+
    + + +

    Having private host names

    +     + +One may wish to have private host names when running MaraDNS as a recursive +name server. These are names that are not attached to the root servers, +but will resolve on the recursive name server. For example, it might make +sense to have "router.office." resolve to the IP of a router in an +office. + +

    + +There are two ways to do this with MaraDNS: By using a custom +root server for only names that end in "office", or by having the +authoritative half of MaraDNS handle custom name resolutions. + +

    + + +

    Using authoritative records for private names

    + + +We can have local names by taking advantage of the fact that +MaraDNS +can act as both a recursive and authoritative name server on the same IP. +MaraDNS first looks up authoritative names before performing recursion. +For example, if www.google.com is defined in a MaraDNS zone +file, MaraDNS will use the value in the zone file instead of contacting +nameservers on the internet to get the IP for www.google.com. + +

    + +The procedure to do this is as follows: + +

      +
    • Have an authoritative and recursive DNS server share the same IP. Make + sure this DNS server is not accessible from the public internet. +
    • For this authoritative server, have zone files for the zones which one + wants to have non-public information. Recursive queries will be resolved + as usual (since the authoritative server is also a recursive server); + authoritative queries for the special zones will get the special data. +
    • The maradns man page has a section on + firewall configuration which + describes how to set up an IP filter to allow MaraDNS to send packets. + Basically, don't allow outside IPs to hit this combined server on port + 53 (UDP); instead allow UDP connections to ports 15000-19095. +
    + +Here is how the configuration may look: + +
    +ipv4_bind_addresses = "192.168.0.1"
+chroot_dir = "/etc/maradns"
+recursive_acl = "192.168.0.0/24"
+csv2 = {}
+csv2["office."] = "db.office"
+
    + +Replace 192.168.0.1 with the IP of the machine running the recursive MaraDNS; +replace 192.168.0.0/24 (This means "anything that begins with 192.168.0") +with the IP range allowed to access the recursive DNS server. + +

    + +The file "db.example.com." will be a csv2 zone file with records for the +bogus example.com domain, such as router.example.com. + +

    + +If you want to have some of these private names be CNAMES for hostnames +on the internet (e.g. "google.example.com. CNAME www.google.com."), please +read the dangling CNAME document. + +

    + +More information on having host names for an internal network is available +in the network section of the +authoritative document. +

    Private names with custom root servers

    -Deadwood can have custom root name servers +MaraDNS, starting with version 1.3.02, can have custom root name servers that only resolve names in a subtree of the DNS space. In other words, -we can tell Deadwood to have 192.168.0.7 resolve all names ending in +we can tell MaraDNS to have 192.168.0.7 resolve all names ending in office by having a line like this in one's mararc file: 
    @@ -226,22 +382,9 @@
 recursive_acl = "192.168.0.0/24"
 root_servers = {}
 root_servers["office."] = "192.168.0.7"
-root_servers["."] = "198.41.0.4,"     
-root_servers["."] += "192.228.79.201,"
-root_servers["."] += "192.33.4.12,"
-root_servers["."] += "128.8.10.90,"
-root_servers["."] += "192.203.230.10,"
-root_servers["."] += "192.5.5.241,"
-root_servers["."] += "192.112.36.4,"
-root_servers["."] += "128.63.2.53,"
-root_servers["."] += "192.36.148.17,"
-root_servers["."] += "192.58.128.30,"
-root_servers["."] += "193.0.14.129,"
-root_servers["."] += "199.7.83.42,"
-root_servers["."] += "202.12.27.33"
    -And the configuration on 192.168.0.7, the MaraDNS authoritative server: +And the configuration on 192.168.0.7, the authoritative server: 
     ipv4_bind_addresses = "192.168.0.7"
@@ -250,4 +393,54 @@
 csv2["office."] = "db.office"
    + +

    Customizing the resolution of some names

    +     + +One may wish to customize the resolution of certain names when using +MaraDNS as both an authoritative and recursive name server. For example, +if a high-profile domain is hijacked (such as what happened with +panix.com in January of 2005), it may be desirable to have the correct +name for the domain be temporarily locally set. This is also useful for +a list of blocked sites (so the user gets a friendly "this site is blocked" +instead of just being unable to connect to the site in question), and for +setups where some machines need special DNS resolution for names that +other machines do not need DNS resolution for. + +

    + +The procedure for doing this is almost identical to the procedure for +having private host names as described above. Here is an example +relevant mararc file: + +

    +ipv4_bind_addresses = "192.168.0.1"
+chroot_dir = "/etc/maradns"
+recursive_acl = "192.168.0.0/24"
+csv2 = {}
+csv2["example.com."] = "db.example.com"
+
    + +The only things that need to be changed in this mararc file are +the ipv4_bind_addresses and the recursive_acl +parameters. The csv2["example.com."] is not changed. + +

    + +Now, let us suppose we want to have the A records for "www.phishsite.foo" +and "phishsite.foo" resolve to an IP address that we control the web +site for. We would add the following records (lines) to the file +/etc/maradns/db.example.com + +

    +www.phishsite.foo. 192.168.0.2
+phishsite.foo. 192.168.0.2
+
    + +We can also add a star record: + +
    +*.phishsite.foo. 192.168.0.2
+
    + diff -Nru maradns-2.0.04/doc/en/source/troubleshoot.ej maradns-2.0.04+really1.4.09/doc/en/source/troubleshoot.ej --- maradns-2.0.04/doc/en/source/troubleshoot.ej 2010-09-27 21:58:54.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/source/troubleshoot.ej 2010-01-08 16:07:40.000000000 +0000 @@ -34,15 +34,14 @@ 
     ipv4_bind_addresses = "127.0.0.1"
 chroot_dir = "/etc/maradns"
-csv2 = {}
-csv2["example.com."] = "db.example.com"
+recursive_acl = "127.0.0.1/8"
    In the above mararc file, MaraDNS has the IP 127.0.0.1, would look for -zone files in the directory /etc/maradns, and reads the file -db.example.com to get the zone for example.com.

    +zone files in the directory /etc/maradns, and allows recursive +DNS queries on the loopback interface.

    OK, so let's look at some problems, as they appear on a CentOS 3.8 box with the above mararc file. @@ -57,7 +56,7 @@ 

    -$ askmara Awww.example.com.
+$ askmara Awww.google.com.
 # Querying the server with the IP 127.0.0.1
 # Hard Error: Unable to send UDP packet!
    @@ -78,7 +77,7 @@ $ su
    Password: type in your root password here
     $ ifconfig lo 127.0.0.1
-$ askmara Awww.example.com.
+$ askmara Awww.google.com.
 # Querying the server with the IP 127.0.0.1
 # Hard Error: Timeout
    @@ -102,6 +101,57 @@ command with the appropriate command for restarting a daemon/service for your operating system.

    +Now, lets look at some possible replies. + +

    Server failure

    + +
    +$ askmara Awww.google.com.
+# Querying the server with the IP 127.0.0.1
+# Remote server said: SERVER FAILURE
+# Question: Awww.google.com.
+# NS replies:
+# AR replies:
+
    + +This is the askmara output when MaraDNS is running correctly but is +unable to connect to DNS servers on the internet. This can be caused +when the machine running MaraDNS does not have an internet connection, +or when MaraDNS is being firewalled.

    + +So, we get the internet connection up and going. If you have a working +ethernet card and are on a network with internet access, this is as +simple as making a DHCP request for an IP: + +

    +$ dhclient
+Internet Systems Consortium DHCP Client V3.0.1
+Copyright 2004 Internet Systems Consortium.
+All rights reserved.
+For info, please visit http://www.isc.org/products/DHCP
+
+/sbin/dhclient-script: configuration for eth0 not found. Continuing
+with defaults.
+/sbin/dhclient-script: line 52: eth0: No existe el fichero o el directorio
+Listening on LPF/eth0/00:40:f4:17:ac:e9
+Sending on   LPF/eth0/00:40:f4:17:ac:e9
+Listening on LPF/lo/
+Sending on   LPF/lo/
+Sending on   Socket/fallback
+DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
+DHCPOFFER from 10.1.2.1
+DHCPREQUEST on eth0 to 255.255.255.255 port 67
+DHCPACK from 10.1.2.1
+/sbin/dhclient-script: configuration for eth0 not found. Continuing
+with defaults.
+/sbin/dhclient-script: line 52: eth0: No existe el fichero o el directorio
+bound to 10.1.2.3 -- renewal in 255 seconds.
+
    + +Note that if you are using something besides CentOS or Red Hat +Enterprise Linux, the command for getting a DHCP lease may not be +dhclient.

    + Now, the dhclient that CentOS 3.8 comes with is buggy, and breaks lo (the loopback interface which gives CentOS the 127.0.0.1 IP address). So, we have to fix lo again: diff -Nru maradns-2.0.04/doc/en/source/update.ej maradns-2.0.04+really1.4.09/doc/en/source/update.ej --- maradns-2.0.04/doc/en/source/update.ej 2010-09-28 02:19:59.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/source/update.ej 2009-12-21 15:28:41.000000000 +0000 @@ -4,7 +4,7 @@ - + + + +MaraDNS tutorial + + + + + + + + +

    MaraDNS tutorials and usage guides

    + +MaraDNS includes a number of tutorials and usage guides which cover +everything from teaching DNS basics for someone who has never administered +a DNS server before to usage guides on exotic things such as using +private CNAME records that point to public DNS entries. + +

    + +For people who have never used DNS before, the DNS +introduction guide is a good place to start. For people who have +some experience with DNS servers, the quick +start guide is a good place to start. + +

    Tutorials and usage guides

    + + + +

    Man pages

    + + + + diff -Nru maradns-2.0.04/doc/en/tutorial/authoritative.html maradns-2.0.04+really1.4.09/doc/en/tutorial/authoritative.html --- maradns-2.0.04/doc/en/tutorial/authoritative.html 2010-09-27 22:36:24.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/authoritative.html 2008-03-24 15:52:33.000000000 +0000 @@ -1,6 +1,6 @@ - + Authoritative DNS serving diff -Nru maradns-2.0.04/doc/en/tutorial/bind2csv2.html maradns-2.0.04+really1.4.09/doc/en/tutorial/bind2csv2.html --- maradns-2.0.04/doc/en/tutorial/bind2csv2.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/bind2csv2.html 2010-01-08 16:07:49.000000000 +0000 @@ -1,6 +1,6 @@ - + diff -Nru maradns-2.0.04/doc/en/tutorial/coding_style.html maradns-2.0.04+really1.4.09/doc/en/tutorial/coding_style.html --- maradns-2.0.04/doc/en/tutorial/coding_style.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/coding_style.html 2010-01-08 16:07:49.000000000 +0000 @@ -1,6 +1,6 @@ - + MaraDNS coding style @@ -15,7 +15,7 @@

    MaraDNS' coding style

    MaraDNS is a divergent body of code that has been developed, in some -form or other, for nearly a decade. While some changes have been made +form or other, for over seven years. While some changes have been made to that code during this time period, notably the tab and bracing style, some other things about the code have stayed the same. These coding style guidelines have always been in mind as I was writing MaraDNS code. @@ -25,14 +25,6 @@

    -Please note that the only patches I will accept for MaraDNS 1.4 and -MaraDNS 2.0 are patches that fix bugs and do not add any features to the -code. MaraDNS is open-source and people interesting in adding features -to the code are free to make their own MaraDNS fork. Please do not name -any such fork "MaraDNS". - -

    - So, without further ado:

    All indexed writes must be protected against overflows

    @@ -142,8 +134,8 @@ Note that MaraDNS 2.0 will break many configurations, since the same IP will be unable to be both a recursive and authoritative DNS server. -This is why I will continue to support MaraDNS 1.4 for the foreseeable -future even though MaraDNS 2.0 has been released. +This is why I will continue to support MaraDNS 1.4 after when and if +MaraDNS 2.0 comes out.

    Brace and tab style

    @@ -176,7 +168,7 @@ which is a BSD license as follows:
    -Copyright (c) 2002-2010 Sam Trenholme and others +Copyright (c) 2002-2009 Sam Trenholme and others

    TERMS

    diff -Nru maradns-2.0.04/doc/en/tutorial/compile.html maradns-2.0.04+really1.4.09/doc/en/tutorial/compile.html --- maradns-2.0.04/doc/en/tutorial/compile.html 2010-09-27 22:36:24.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/compile.html 2010-01-08 16:07:48.000000000 +0000 @@ -1,9 +1,9 @@ - + -Compiling MaraDNS and Deadwood +Compiling MaraDNS @@ -12,7 +12,7 @@ -

    Compiling MaraDNS and Deadwood

    +

    Compiling MaraDNS

    Requirements

    @@ -49,8 +49,7 @@
    This will install both the binaries and the man pages for 'maradns', - 'Deadwood' (MaraDNS 2.0's recursive DNS server), 'askmara', 'duende', - 'fetchzone', and 'zoneserver'. In addition, this + 'askmara', 'duende', 'fetchzone', and 'zoneserver'. In addition, this will (if the files are not already present), install an example /etc/mararc, make the /etc/maradns directory, and place an example zone file (db.example.com) in /etc/maradns. Finally, this will place MaraDNS diff -Nru maradns-2.0.04/doc/en/tutorial/convert.html maradns-2.0.04+really1.4.09/doc/en/tutorial/convert.html --- maradns-2.0.04/doc/en/tutorial/convert.html 2010-09-27 22:36:24.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/convert.html 2008-03-24 15:52:33.000000000 +0000 @@ -1,6 +1,6 @@ - + Converting to MaraDNS @@ -14,8 +14,7 @@

    Converting from another DNS server to MaraDNS

    -The procedure for converting from another -authoritative DNS server to MaraDNS is as +The procedure for converting from another DNS server to MaraDNS is as follows:
      diff -Nru maradns-2.0.04/doc/en/tutorial/dangling.html maradns-2.0.04+really1.4.09/doc/en/tutorial/dangling.html --- maradns-2.0.04/doc/en/tutorial/dangling.html 2011-02-06 02:21:42.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/dangling.html 2006-01-01 20:00:37.000000000 +0000 @@ -1,6 +1,6 @@ - + Resolving dangling CNAME records @@ -11,12 +11,6 @@ -This document is for people who are getting a "dangling CNAME" warning, -or who wish to have CNAME records that point to records served by -other DNS servers. - -

      - There are two cases that can cause the "dangling CNAME" message to appear: @@ -60,16 +54,15 @@ records, MaraDNS can be configured thusly:

        -
      • We run MaraDNS server on one IP and a Deadwood server on another IP. +
      • We run two servers of MaraDNS on two different IPs.
      • For the sake of this example, we will suppose that the server - people send queries to for resolving hostnames has the IP 192.168.1.1, - which will be running Deadwood. - We will further suppose that there is a MaraDNS server which has the dangling + people send queries to for resolving hostnames has the IP 192.168.1.1. + We will further suppose that there is a server which has the dangling CNAME issue with the IP 192.168.1.2 -
      • Set up 192.168.1.1 to use 192.168.1.2 to resolve all hostnames that end - in, say, "example.com.", via the upstream_servers dwood3rc variable. -
      • Set up 192.168.1.2 to have dangling CNAME records in the - authoritative half. +
      • Set up 192.168.1.1 to use 192.168.1.2 as an upstream server by the use + of the upstream_servers mararc variable. +
      • Set up 192.168.1.2 to be both an authoritative and recursive DNS server, + and have dangling CNAME records in the authoritative half.
      This will cause dangling CNAME records to be fully resolved; here is @@ -78,26 +71,26 @@
      1. A stub resolver asks 192.168.1.1 the IP address for, say "google.example.com" -
      2. 192.168.1.1 asks 192.168.1.2 the IP address for "google.example.com" (since - the name ends in "example.com") +
      3. 192.168.1.1 asks 192.168.1.2 the IP address for "google.example.com"
      4. 192.168.1.2 tells 192.168.1.1 "google.example.com is a CNAME for www.google.com, and I don't have an IP for it"
      5. 192.168.1.1, seeing that it has a CNAME without an IP, asks - nameservers on the internet for the IP for "www.google.com" -
      6. When 192.168.1.1 has a complete record, it will send this record to + 192.168.1.2 the IP for "www.google.com" +
      7. 192.168.1.2 recursively resolves the IP for www.google.com, and gives + this IP for 192.168.1.1 +
      8. Now that 192.168.1.1 has a complete record, it will send this record to the stub resolver. In other words, 192.168.1.1 will tell the stub resolver that google.example.com is a CNAME for www.google.com, and then give out the IP for www.google.com.
      -Here is an example dwood3rc file for 192.168.1.1: +Here is an example mararc file for 192.168.1.1: 
       ipv4_bind_addresses = "192.168.1.1"
 chroot_dir = "/etc/maradns"
 recursive_acl = "192.168.1.0/24"
-upstream_servers = {}
-upstream_servers["example.com."] = "192.168.1.2"
+upstream_servers = "192.168.1.2"
      Here is an example mararc file for 192.168.1.2: @@ -105,12 +98,13 @@ 
       ipv4_bind_addresses = "192.168.1.2"
 chroot_dir = "/etc/maradns"
+recursive_acl = "192.168.1.1"
 csv2 = {}
 csv2["example.com."] = "db.example.com"
      If dangling CNAMEs are not an issue for a given setup, or if they are -resolved by the above setup using both MaraDNS and Deadwood, the warnings +resolved by the above setup with two instances of MaraDNS, the warnings about dangling CNAMEs can be turned off by adding this to a mararc file: 
      diff -Nru maradns-2.0.04/doc/en/tutorial/default_zonefile.html maradns-2.0.04+really1.4.09/doc/en/tutorial/default_zonefile.html
--- maradns-2.0.04/doc/en/tutorial/default_zonefile.html	2010-09-27 22:36:24.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/tutorial/default_zonefile.html	2007-05-21 11:38:08.000000000 +0000
@@ -1,6 +1,6 @@
 
-
+
 
 
 Default zonefile
@@ -32,7 +32,8 @@
 
    • Default zonefiles may not be transferred via zone transfer
    -With the exception of these restrictions, and having the +It also is not possible to run recursion on a server that uses a +default zonefile. With the exception of these restrictions, and the ability to have a '*' at the end of a hostname (or simply the catch-all wildcard hostname '*'), a csv2 default zone file functions like a normal csv2 zone file. diff -Nru maradns-2.0.04/doc/en/tutorial/dnsintro.html maradns-2.0.04+really1.4.09/doc/en/tutorial/dnsintro.html --- maradns-2.0.04/doc/en/tutorial/dnsintro.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/dnsintro.html 2008-03-24 15:52:33.000000000 +0000 @@ -1,6 +1,6 @@ - + MaraDNS tutorial @@ -51,7 +51,7 @@

    -This kind of DNS server does not depend on one's ISP's DNS servers +This kind of DNS server does not depend on one's ISP DNS servers to resolve a given name, but directly contacts the relevant authoritative DNS servers anywhere on the internet to resolve a given DNS node. @@ -70,16 +70,14 @@ the IP for a given DNS node.

  • DNS servers which simply cache information obtained from other - recursive DNS servers. The "Deadwood" program included with - MaraDNS supports this type of + recursive DNS servers. While, MaraDNS supports this type of configuration via the "upstream_servers" - mararc variable; this program can also act + mararc variable, MaraDNS can also act as a full fledged recursive DNS server. -MaraDNS' "Deadwood" program is a recursive DNS server; the "maradns" program -is an authoritative DNS server. Whether one +MaraDNS is both a recursive and an authoritative DNS server. Whether one needs a recursive or an authoritative DNS server depends on what one is trying to do with dns: diff -Nru maradns-2.0.04/doc/en/tutorial/dnsmaster.html maradns-2.0.04+really1.4.09/doc/en/tutorial/dnsmaster.html --- maradns-2.0.04/doc/en/tutorial/dnsmaster.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/dnsmaster.html 2005-12-06 18:54:38.000000000 +0000 @@ -1,6 +1,6 @@ - + Being a master DNS server diff -Nru maradns-2.0.04/doc/en/tutorial/dnsslave.html maradns-2.0.04+really1.4.09/doc/en/tutorial/dnsslave.html --- maradns-2.0.04/doc/en/tutorial/dnsslave.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/dnsslave.html 2008-03-24 15:52:33.000000000 +0000 @@ -1,6 +1,6 @@ - + Being a slave DNS server diff -Nru maradns-2.0.04/doc/en/tutorial/dnstcp.html maradns-2.0.04+really1.4.09/doc/en/tutorial/dnstcp.html --- maradns-2.0.04/doc/en/tutorial/dnstcp.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/dnstcp.html 2010-01-08 16:07:49.000000000 +0000 @@ -1,6 +1,6 @@ - + DNS over TCP @@ -24,7 +24,13 @@ This is a list of IPs that are allowed to make DNS-over-TCP queries. In the case of using MaraDNS as an authoritative nameserver, this should have a value of "0.0.0.0/0" (anyone on the internet can make TCP -DNS connections). +DNS connections). If MaraDNS is being used as a recursive or upstream +server, this should have the same value that the recursive_acl +mararc variable has. In the case of MaraDNS being both a recursive and +authoritative DNS server, tcp_convert_acl should have a value +of "0.0.0.0/0"--this is not a security hazard since the zoneserver will +only send UDP packets that request recursion if the client that connects +to the TCP server is on the recursive_acl list.

    @@ -68,13 +74,29 @@

    +This is what a recursive mararc file which provides recursive DNS over +TCP and UDP will look like: + +

    +ipv4_bind_addresses = "10.1.2.3"
+chroot_dir = "/etc/maradns"
+recursive_acl = "10.0.0.0/8"
+tcp_convert_acl = "10.0.0.0/8"
+tcp_convert_server = "10.1.2.3"
+
    + +If both maradns and zoneserver are running, this +mararc file will provide recursive DNS for anyone with an IP starting +with the number "10" (this is a special network for private IPs) +on a machine with the IP 10.1.2.3. +

    Long packets

    maradns, the UDP DNS server, in compliance with RFC1035 section 2.3.4, will not output a packet longer than 512 bytes long. -This is sufficient packet size for well over 99% of the DNS traffic out there. +This is sufficient packet size for over 99% of the DNS traffic out there.

    @@ -87,20 +109,51 @@

    -One uses the long_packet_ipv4 mararc variable to -tell maradns which IPs we will send long UDP packets to. +Since these packets use extra memory to store in memory, they are only +enabled when MaraDNS is compiled as an authoritative-only DNS server. + +

    + +To compile MaraDNS as an authoritative-only server: + +

      +
    • Compile MaraDNS as an authoritative-only nameserver: +
      +./configure --authonly
+make
+
      +
    • Install MaraDNS as an authoritative-only nameserver: +
      +make install
+
      +
    • Make sure any existing copy of maradns with recursive support has + been removed: +
      +rm /usr/sbin/maradns
+rm /usr/local/sbin/maradns
+
      + (The authoritative-only binary has the name maradns.authonly) +
    + +At this point, one uses the long_packet_ipv4 mararc variable to +tell maradns.authonly which IPs we will send long UDP packets to. This value is usually the same value as is set for ipv4_bind_addresses.

    -long_packet_ipv4 is a list of IPs maradns will send +long_packet_ipv4 is a list of IPs maradns.authonly will send RFC-violating long UDP packets to. When zoneserver listens for a UDP reply from maradns, the zoneserver program will be able to process long UDP packets, converting them in to RFC-compliant TCP DNS packets.

    +Note that the zoneserver program, like the maradns +program, is changed when compiled after ./configure --authonly. +These changes are needed for the zoneserver to accept long DNS packets. + +

    This is what a mararc file which provides authoritative DNS over TCP and UDP, sending long UDP packets to the TCP server to process, diff -Nru maradns-2.0.04/doc/en/tutorial/glossary.html maradns-2.0.04+really1.4.09/doc/en/tutorial/glossary.html --- maradns-2.0.04/doc/en/tutorial/glossary.html 2010-09-27 22:36:24.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/glossary.html 2008-03-24 15:52:33.000000000 +0000 @@ -1,6 +1,6 @@ - + DNS glossary diff -Nru maradns-2.0.04/doc/en/tutorial/index.html maradns-2.0.04+really1.4.09/doc/en/tutorial/index.html --- maradns-2.0.04/doc/en/tutorial/index.html 1970-01-01 00:00:00.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/index.html 2009-12-21 15:28:47.000000000 +0000 @@ -0,0 +1,72 @@ + + + + +MaraDNS tutorial + + + + + + + + +

    MaraDNS tutorials and usage guides

    + +MaraDNS includes a number of tutorials and usage guides which cover +everything from teaching DNS basics for someone who has never administered +a DNS server before to usage guides on exotic things such as using +private CNAME records that point to public DNS entries. + +

    + +For people who have never used DNS before, the DNS +introduction guide is a good place to start. For people who have +some experience with DNS servers, the quick +start guide is a good place to start. + +

    Tutorials and usage guides

    + + + +

    Man pages

    + + + + diff -Nru maradns-2.0.04/doc/en/tutorial/man.askmara.html maradns-2.0.04+really1.4.09/doc/en/tutorial/man.askmara.html --- maradns-2.0.04/doc/en/tutorial/man.askmara.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/man.askmara.html 2008-03-24 15:52:33.000000000 +0000 @@ -1,6 +1,6 @@ - + diff -Nru maradns-2.0.04/doc/en/tutorial/man.csv2.html maradns-2.0.04+really1.4.09/doc/en/tutorial/man.csv2.html --- maradns-2.0.04/doc/en/tutorial/man.csv2.html 2011-02-06 02:21:42.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/man.csv2.html 2010-07-31 07:17:12.000000000 +0000 @@ -1,6 +1,6 @@ - + @@ -176,19 +176,6 @@ x.org. SOA x.org. email@x.org. 1 7200 3600 604800 1800 ~ -If there is a '.' (dot) character in the part of the email address before -the '@', it needs to be escaped thusly: - -
    -x.org. SOA x.org. john\.doe@x.org. 1 7200 3600 604800 1800 ~
-
    - -Note that the csv2 parser will not allow more than one dot in a row; -'john\.\.doe@x.org' will cause a parse error. In addition, the -dot character must be escaped with a backslash. - -

    - The serial numeric field may be replaced by the string '/serial'; this string tells the CSV2 zone parser to synthesize a serial number for the zone based on the timestamp for the zone file. This allows one to diff -Nru maradns-2.0.04/doc/en/tutorial/man.csv2_txt.html maradns-2.0.04+really1.4.09/doc/en/tutorial/man.csv2_txt.html --- maradns-2.0.04/doc/en/tutorial/man.csv2_txt.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/man.csv2_txt.html 2008-03-24 15:52:33.000000000 +0000 @@ -1,6 +1,6 @@ - + diff -Nru maradns-2.0.04/doc/en/tutorial/man.duende.html maradns-2.0.04+really1.4.09/doc/en/tutorial/man.duende.html --- maradns-2.0.04/doc/en/tutorial/man.duende.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/man.duende.html 2008-09-09 11:40:21.000000000 +0000 @@ -1,6 +1,6 @@ - + diff -Nru maradns-2.0.04/doc/en/tutorial/man.fetchzone.html maradns-2.0.04+really1.4.09/doc/en/tutorial/man.fetchzone.html --- maradns-2.0.04/doc/en/tutorial/man.fetchzone.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/man.fetchzone.html 2005-12-08 20:55:33.000000000 +0000 @@ -1,6 +1,6 @@ - + diff -Nru maradns-2.0.04/doc/en/tutorial/man.maradns.html maradns-2.0.04+really1.4.09/doc/en/tutorial/man.maradns.html --- maradns-2.0.04/doc/en/tutorial/man.maradns.html 2011-08-05 11:59:50.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/man.maradns.html 2011-11-11 22:58:37.000000000 +0000 @@ -1,6 +1,6 @@ - + @@ -252,25 +252,18 @@

    1. I'm using an older version of MaraDNS

    -Upgrade to MaraDNS 1.4 or MaraDNS 2.0. MaraDNS 1.4 is compatible with -older versions of MaraDNS, with the relatively few changes need to upgrade +Upgrade to MaraDNS 1.4. MaraDNS 1.4 is compatible with older versions +of MaraDNS, with the relatively few changes need to upgrade documented.

    -Use MaraDNS 2.0 if there are any issues using MaraDNS 1.4 to recursively -resolve records (via recursive_acl); the recursive resolver -in MaraDNS 1.4 is deprecated and only critical security issues are fixed -with it. MaraDNS 2.0 uses the separate daemon Deadwood to recursively -resolve records. - -

    - MaraDNS 1.0 and 1.2 are only supported for critical security updates, and will no longer be supported on December 21, 2010. MaraDNS 1.3 is also only supported for critical security updates, and support will stop on December -21, 2012. MaraDNS 1.4 and MaraDNS 2.0 are both fully supported (security -and other important bug fixes) for the foreseeable future. +21, 2012. MaraDNS 1.4 will be fully supported (security and other important +bug fixes) for the foreseeable future, alongside MaraDNS 2.0 when and if +it comes out. @@ -375,10 +368,10 @@ -

    8. I am on a slow network, and Deadwood can not process recursive +

    8. I am on a slow network, and MaraDNS can not process recursive queries

    -Deadwood, by default, only waits two seconds for a reply from a remote +MaraDNS, by default, only waits two seconds for a reply from a remote DNS server. This default can be increased by adding a line like this in the mararc file: @@ -439,22 +432,35 @@

    12. Why does MaraDNS use a multi-threaded model?

    -

    MaraDNS 2.0 no longer uses threads. +

    The multi-threaded model is, plain and simple, the simplest way to write +a functioning recursive DNS server. There is a reason why MaraDNS, pdnsd, and +BIND 9 all use the multi-threaded model. -

    The multi-threaded model was the simplest way to write -a functioning recursive DNS server for MaraDNS 1.0. There is a reason -why MaraDNS, pdnsd, and BIND 9 all use the multi-threaded model. - -

    It took me nearly three years to rewrite MaraDNS' recursive resolver -as a separate non-threaded daemon. This has been done, and now all recursion -is done with Deadwood which does not need threads. +

    MaraDNS 2.0, when and if it is released, will not use threads.

    13. I feel that XXX feature should be added to MaraDNS

    -There are no plans to add new features to MaraDNS or Deadwood at -this time. +The only thing that will convince me to implement a given feature for +MaraDNS is cold, hard cash. If you want me to keep a given feature +proprietary, you better have lots of cold hard cash. +

    +The only feature I will implement for free is to finish up full +recursion in Deadwood, including IPv6 support. I have no +plans to implement DNS curve, nor DNSsec, +Geo IP, or whatever feature you want me to implement for fun and for free. +

    +Keep in mind that both the BIND and NSD name servers were +developed by having the programmers paid to work on the programs. +PowerDNS was originally commercial software with the author only +reluctantly made GPL after seeing that the market +for a commercial DNS server is very small. All of the other DNS servers +which have been developed as hobbyist projects (Posadis, Pdnsd, and djbdns) +are no longer being actively worked on by the primary developer. +

    @@ -516,11 +522,10 @@

    The zoneserver program serves zones so that other DNS servers can be secondaries for zones which MaraDNS serves. This is a separate -program from the maradns server, which processes -authoritative UDP DNS queries, and Deadwood which processes recursive -DNS queries. +program from the maradns server, which processes both +authoritative and recursive UDP DNS queries. -

    See the DNS +

    See the DNS master document in the MaraDNS tutorial for details. @@ -529,9 +534,10 @@

    Yes. -

    Please read the +

    Please read the DNS slave document, which is part of the MaraDNS tutorial. +

    18. What is the difference between an authoritative and a recursive DNS @@ -539,14 +545,12 @@ A recursive DNS server is a DNS server that is able to contact other DNS servers in order to resolve a given domain name label. This is the kind -of DNS server one points to in /etc/resolve.conf. MaraDNS uses -the Deadwood daemon to process recursive DNS queries. +of DNS server one points to in /etc/resolve.conf

    An authoritative DNS server is a DNS server that a recursive server -contacts in order to find out the answer to a given DNS query. The -maradns daemon processes authoritative DNS queries. +contacts in order to find out the answer to a given DNS query. @@ -655,23 +659,22 @@

    26. I am having problems setting upstream_servers

    -upstream_servers is only supported by Deadwood, and is no -longer supported in MaraDNS 2.0. - -The upstream_servers dwood3rc variable is set thusly: +The upstream_servers mararc variable is set thusly:
    upstream_servers["."] = "10.3.28.79, 10.2.19.83"
    -Note the ["."]. +Note the ["."]. The reason for this is so future versions +of MaraDNS may have more fine-grained control over the +upstream_servers and root_servers values.

    Note that the upstream_servers variable needs to be initialized before being used via upstream_servers = {} (the reason for this -is so that a dwood3rc file has 100% Python-compatible syntax). A complete -dwood3rc file that uses upstream_servers may look like this: +is so that a mararc file has 100% Python-compatible syntax). A complete +mararc file that uses upstream_servers may look like this: 

     ipv4_bind_addresses = "127.0.0.1"
@@ -811,8 +814,71 @@
 
    31. I have a NS delegation, and MaraDNS is doing
     strange things.
    
 
-This is only an issue in MaraDNS 1.4.  MaraDNS 2.0 does not allow
-the same IP to both authoritatively and recursively resolve records.
+In the case of there being a NS delegation, MaraDNS handles recursive
+queries and non-recursive DNS queries differently.  Basically, unless
+you use askmara with the -n option, dig with the 
++norecuse option, or nslookup with the -norec
+option, MaraDNS will try to recursively resolve the record that is 
+delegated.
+
+
    
+
+The thinking is this: A normal recursive DNS query is usually one 
+where one wants to know the final DNS output.  So, if MaraDNS
+delegates a given record to another DNS server, and gets a recursive
+request for said query, MaraDNS will recursively resolve the query
+for you.
+
+
    
+
+For example, let us suppose we have a mararc file that looks
+like this:
+
+
    +chroot_dir = "/etc/maradns"
+ipv4_bind_addresses = "10.1.2.3"
+chroot_dir = "/etc/maradns"
+recursive_acl = "127.0.0.1/8, 10.0.0.0/8"
+csv2 = {}
+csv2["example.com."] = "db.example.com"
+
    
+
+And a db.example.com file that looks like this:
+
+
    +www.example.com. 	10.1.2.3
+joe.example.com. 	NS ns.joe.example.com.
+ns.joe.example.com.	A 10.1.2.4
+
    
+
+Next, you are trying to find out why www.joe.example.com is not
+resolving.  If you naively send a query to 10.1.2.3 for www.joe.example.com
+as askmara Awww.joe.example.com. 10.1.2.3 or as
+dig @10.1.2.3 www.joe.example.com. or as 
+nslookup www.joe.example.com. 10.1.2.3, you will not
+get any information that will help you solve the problem, since 10.1.2.3
+will try to contact 10.1.2.4 to resolve www.joe.example.com.
+
+
    
+
+The solution is to run your DNS query client thusly:
+
+
      
+
    • Askmara would be run thusly: 
+
      askmara -n Awww.joe.example.com. 10.1.2.3
      
+
    • Dig would be run thusly: 
+
      dig +norecurse @10.1.2.3 www.joe.example.com
      
+
    • Nslookup would be run thusly: 
+
      nslookup -norec www.joe.example.com 10.1.2.3
      
+
    
+
+This will allow you to see that packets MaraDNS actually sends to
+a recursive DNS server.
+
+
    
+
+As an aside, this particular problem will not happen if MaraDNS is
+run only as an authoritative nameserver.
 
  
 
@@ -876,9 +942,9 @@
  
 
    33. Where is the root.hints file?
    
 
-MaraDNS (actually, Deadwood), unlike BIND, does not need a complicated 
-root.hints file in order to have custom root servers.  In order to change 
-the root.hints file, add something like this to your dwood3rc file:
+MaraDNS, unlike BIND, does not need a complicated root.hints file in
+order to have custom root servers.  In order to change the root.hints
+file, add something like this to your mararc file:
 
 
     root_servers["."] =  "131.161.247.232,"
@@ -896,7 +962,8 @@
 
    34. Are there any plans to use autoconf to build
     MaraDNS?
    
 
-No.  
+No.  OK, let me qualify that: I won't do it unless you pay
+me enough money.
 
    
 
 In more detail, MaraDNS does not use autoconf for the following reasons:
@@ -965,7 +1032,8 @@
 
    36. Will you make a package for the particular Linux
     distribution I am using?
    
 
-No.  
+No.  OK, let me qualify that: I won't do it unless you pay
+me enough money.
 
    
 
 There is, however, a CentOS 5-compatible RPM spec file in the build directory.
@@ -1083,17 +1151,17 @@
 
 
      
 
-
    •  MaraDNS version 1.4 or 2.0 needs to be used; if you're using an
+
    •  MaraDNS version 1.4 needs to be used; if you're using an
 older version of MaraDNS, upgrade.
 
-
    •  It is necessary to have recursion disabled, if using MaraDNS 1.4, either 
-by compiling MaraDNS without recursive support (./configure --authonly ; make),
+
    •  It is necessary to have recursion disabled.  This can be done either by
+compiling MaraDNS without recursive support (./configure --authonly ; make),
 or by making sure MaraDNS does not have recursion enabled (by not having
-recursive_acl set in one's MaraDNS 1.4 mararc file)
+recursive_acl set in one's mararc file)
 
 
    
 
-If one wishes to both register domains with AFNIC and use MaraDNS 1.4 as a
+If one wishes to both register domains with AFNIC and use MaraDNS as a
 recursive DNS server, it is required to have the recursive server be a
 separate instance of MaraDNS on a separate IP.  It is not possible to have
 the same DNS server both send DNS packets in a way that both makes AFNIC
@@ -1113,8 +1181,8 @@
 
 
    43. I can't see the full answers for subdomains I have delegated
    
 
-To have the subdomains be visible to MaraDNS 1.4 recursive nameservers, 
-add the following to your mararc file:
+To have the subdomains be visible to recursive nameservers, add the following
+to your mararc file:
 
    
 recurse_delegation = 1
 
@@ -1122,7 +1190,7 @@
 
 
    44. MaraDNS 1 has a problem resolving a domain
    
 
-This issue should be fixed in MaraDNS 2.0.  
+This issue should be fixed when I release MaraDNS 2.0.  
 
 
    
 
@@ -1133,7 +1201,7 @@
 
    
 
 The new recursive resolver is called "Deadwood"; right now it's fully
-functional and part of MaraDNS 2.0.  More information is here:
+functional and undergoing beta-testing.  More information is here:
 
    
 http://maradns.blogspot.com/search/label/Deadwood
 
    
@@ -1141,8 +1209,13 @@
 
    
 Since the old recursive code is a bit difficult to maintain, and since I
 in the process of rewriting the recursive code, my rule is that I will only
-resolve security issues with MaraDNS 1.0's recursive resolver.
+resolve security issues with MaraDNS 1.0's recursive resolver without
+getting paid.
+
    
+If resolving a given domain with MaraDNS' code is an urgent issue
+for you, please consider helping beta-test Deadwood, or sponsoring MaraDNS:
 
    
+http://www.maradns.org/products.html
 
  
 
    45. MaraDNS 1.2 has issues with NXDOMAINS and case sensitivity.
    
@@ -1156,7 +1229,7 @@
 
    
 
 If this is an issue for your organization, please upgrade to a newer
-version of MaraDNS; MaraDNS 1.4 and 2.0 do not have
+version of MaraDNS; MaraDNS 1.4 does not have
 this bug.  If you want to see this bug fixed in MaraDNS 1.2, please
 help sponsor MaraDNS.
 
@@ -1378,16 +1451,43 @@
 (as opposed to DOS or UNIX newlines), while the file will parse, any errors
 in the file will be reported as being on line 1.
 
    
+The maximum allowed number of threads is 5000.
+
    
 The system startup script included with MaraDNS assumes that the only 
 MaraDNS processes running are started by the script; it stops all
 MaraDNS processes running on the server when asked to stop MaraDNS.
 
    
+When a resolver asks for an A record, and the A record is a CNAME
+which points to a list of IPs, MaraDNS' recursive resolver only 
+returns the first IP listed along with the CNAME.  This is somewhat
+worked around by having a CNAME record only stay in the recursive cache 
+for 15 minutes.
+
    
+When a resolver asks for an A record, and the A record is a CNAME
+that points to another CNAME (and possibly a longer CNAME chain), while
+MaraDNS returns the correct IP (as long as the glueless level is not 
+exceeded), MaraDNS will incorrectly state that the first CNAME in the 
+chain directly points to the IP.
+
    
+If a NS record points to a list of IPs, and the NS record in question 
+is a "glueless" record (MaraDNS had to go back to the root servers to 
+find out the IP of the machine in question), MaraDNS' recursive resolver 
+only uses the first listed IP as a name server.
+
    
+When MaraDNS' recursive resolver receives a "host not there" reply, 
+instead of using the SOA minimum of the "host not there" reply as
+the TTL (Look at RFC1034 
+§4.3.4), MaraDNS uses the TTL of the SOA
+reply.
+
    
+MaraDNS keeps referral NS records in the cache for one day instead of 
+the TTL specified by the remote server. 
+
    
 MaraDNS needs to use the zoneserver program to serve DNS records
 over TCP.  See zoneserver(8) for usage information.
 
    
 MaraDNS does not use the zone file ("master file") format specified in 
-chapter 5 of RFC1035; however bind2csv2.py can convert the majority
-of such zone files.
+chapter 5 of RFC1035.
 
    
 MaraDNS default behavior with star records is not RFC-compliant.
 In more detail, 
@@ -1412,10 +1512,38 @@
 seconds; TTLs which are more than 63072000 (2 years) long are given
 a TTL of 2 years.
 
    
+MaraDNS' recursive resolver's method of deleting not recently accessed 
+records from the cache when the cache starts to fill up can deleted records
+from the cache before they expire.  Some people consider this undesirable
+behavior; I feel it is necessary behavior if one wishes to place a limit on 
+the memory resources a DNS server may use.
+
    
+MaraDNS' recursive resolver stops resolving when it finds an answer in the
+AR section.  This is a problem in the case where a given host name and IP
+is registered with the root name servers, and the registered IP is out of 
+date.  When this happens, a server "closer" to the root server will give
+an out-of-date IP, even though the authoritative DNS servers for the
+host in question have the correct IP.  Note that resolving this will
+result in increased DNS traffic.
+
    
 MaraDNS, like every other known DNS implementation, only supports a 
 QDCOUNT of 0 or 1.
+
    
+MaraDNS spawns a new thread for every single recursive DNS request 
+when the data in question is not in MaraDNS' cache; this
+makes MaraDNS an excellent stress tester for pthread implementations.  
+Many pthread implementations can not handle this kind of load;
+symptoms include high memory usage and termination of the MaraDNS
+process.
+
    
+MaraDNS does not handle the case of a glueless in-bailiwick NS referral
+very gracefully; this usually causes the zone pointed to by the offending
+NS record to be unreachable by MaraDNS, even if other DNS servers for
+the domain have correct NS referrals.
 
    UNIMPLEMENTED FEATURES
    
-These are features which I do not plan to implement in MaraDNS.
+These are features which I do not plan to implement in MaraDNS.  If
+you wish to see these features, consider sponsoring MaraDNS
+development:
 
    
 MaraDNS does not have a disk-based caching scheme for authoritative 
 zones.  
@@ -1429,11 +1557,13 @@
 resolve for a limited range of IPs querying the DNS server, or for host
 names to resolve differently, depending on the IP querying the host name.
 
    
+MaraDNS 1.4 only has authoritative-only support for IPv6.  Deadwood, 
+however, has full IPv6 support.
+
    
 MaraDNS only allows wildcards
 at the beginning or end of a host name.  E.g. names with wildcards like 
 "foo.*.example.com".  "www.*" will work, however, if a default zonefile is
-set up.  Likewise, MaraDNS does not have regular expression hostname
-substitution.
+set up.
 
    
 MaraDNS does not have support for MRTG or any other SNMP-based logging
 mechanism.  
diff -Nru maradns-2.0.04/doc/en/tutorial/man.mararc.html maradns-2.0.04+really1.4.09/doc/en/tutorial/man.mararc.html
--- maradns-2.0.04/doc/en/tutorial/man.mararc.html	2010-09-27 22:39:41.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/tutorial/man.mararc.html	2010-02-02 17:12:53.000000000 +0000
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -212,6 +212,78 @@
 result in an error.
 
    
 
+
    root_servers
    
+
+root_servers:  This is a special "dictionary" element that can
+have multiple elements, where a given element points to either an 
+ip, or a pointer to an ipv4 alias.  For example:
+
+
    +root_servers["."] = "list_of_servers"
+
    
+
+In this example, "." indicates that this is a listing of root_servers
+that will resolve any name not otherwise listed as a root_servers
+entry.  
    
+
+list_of_servers is a list of root name servers in the exact same
+format as ipv4_aliases.
+
    
+
+The root_servers dictionary array can have multiple elements.  Like csv2
+elements, the names must be valid domain names that end with the
+'.' character.  When there are multiple root_servers elements, the
+element with the most domain name labels that matches the end of 
+the hostname one is searching for is used.
+
    
+
+For example, let us suppose we have the following root_servers entries:
+
+
    +root_servers["."] = "198.41.0.4"
+root_servers["com."] = "192.5.6.30"
+root_servers["example.net."] = "10.1.2.3,10.2.3.4"
+
    
+
+In this example, we use use the name server with the IP 10.1.2.3 or
+10.2.3.4 to start resolving "www.example.net", the name server with the
+IP 192.5.6.30 to start resolving "www.google.com", and the name server
+with the IP 198.41.0.4 to start resolving "www.maradns.org".  
+
    
+
+Note that, while ips in a listing of root name servers can have
+netmasks, the netmask portion is ignored.
+
    
+
+The root_servers should point to root servers.  If one wishes to use
+MaraDNS as a forwarding name server, which forwards DNS requests on to 
+another server, use the upstream_servers variable instead.
+
+
    upstream_servers
    
+
+This is identical to the root_servers variable (can have multiple
+elements, the elements are a list of ipv4_addresses, the variable is a 
+dictionary variable, etc.), but is used
+when one wishes to use MaraDNS to query other recursive servers, instead
+of querying the actual root name servers for an answer.
+
    
+
+Note that one can not have both root_servers and upstream_servers set
+in a given mararc file; MaraDNS will return with a fatal error if one
+attempts to do this.
+
    
+
+Like root_servers, this is a dictionary variable that can have multiple
+elements.  For example:
+
+
    +upstream_servers["."] = "10.5.6.7"
+upstream_servers["cl."] = "10.2.19.83"
+
    
+
+Here, we use 10.2.19.83 to resolve host names that end in "cl", and
+10.5.6.7 to resolve all other host names.
+
 
    NORMAL VARIABLE FORMAT
    
 
 Normal variables.  These are variables that can only take
@@ -453,7 +525,7 @@
     at the beginning of hostnames (default zonefiles still work, however).
 
 
  • A dos_protection_level of 78 disables all authoritative processing,
-    including default zonefiles.
+    including default zonefiles; recursive lookups still work.
 
 
 
@@ -466,6 +538,21 @@
 for this variable to be set, MaraDNS must be bound to at least one 
 ipv4 address.
 
+
    handle_noreply
    
+This is a numeric variable which determines how the recursive resolver
+informs the client that Mara was unable to contact any remote DNS servers
+when trying to resolve a given domain.  
+
+If this is set to 0, no response will be sent to the DNS client.
+
+If this is set to 1, a "server fail" message will be sent to the DNS client.
+
+If this is set to 2, either a "this host does not exist" message will be sent
+to the DNS client if notthere_ip is not set, or the IP specified in 
+notthere_ip will be sent if set.
+
+The default value for this is 1.
+
 
    hide_disclaimer
    
 If this is set to "YES", MaraDNS will not display the legal disclaimer when
 starting up.
@@ -502,6 +589,32 @@
 
 The default GID is 99.
 
+
    maximum_cache_elements
    
+maximum_cache_elements: The maximum number of elements we can have
+in the cache of recursive queries.
+
    
+
+This cache of recursive queries is used to store entries we have
+previously obtained from recursive queries.
+
    
+
+If we approach this limit, the "custodian" kicks in to effect.
+The custodian removes elements at random from the cache (8 elements
+removed per query) until we are at the 99% or so level again.
+
+
     The default value for this variable is 1024.
+
    maxprocs
    
+maxprocs: The maximum number of threads or processes that MaraDNS
+is allowed to run at the same time.
+
    
+
+This variable is used to minimize the impact on the server when
+MaraDNS is heavily loaded.  When this number is reached, it is
+impossible for MaraDNS to spawn new threads/processes until the
+number of threads/processes is reduced.
+
     The default value for this variable is 64.
+
    
+The maximum value this can have is 500.
 
    max_ar_chain
    
 max_ar_chain: The maximum number of records to display if a record in
 the additional section (e.g., the IP of a NS server
@@ -568,6 +681,32 @@
 use, and in addition, to allocate 1536 bytes for each element we
 can have in the cache or DNS record that we are authoritatively serving.  
 
+
    min_ttl
    
+min_ttl: The minimum amount of time a resource record will stay in
+MaraDNS' cache, regardless of the TTL the remote server specifies.
+
    
+
+Setting this value changes the minimum amount of time MaraDNS'
+recursive server will keep a record in the cache.  The value is
+in seconds.
+
+
    
+The default value of this is 300 (5 minutes); the minimum value
+for this is 180 (2 minutes).
+
+
    min_ttl_cname
    
+min_ttl_cname: The minimum amount of time a resource record
+will stay in MaraDNS' cache, regardless of the TTL the remote server
+specifies.
+
    
+
+Setting this value changes the amount of time a CNAME record stays
+in the cache.  The value is in seconds.
+
+
    
+The default value for this is the value min_ttl has; the minimum value
+for this is 180 (2 minutes).
+
 
    min_visible_ttl
    
 min_visible_ttl: The minimum value that we will will show as the TTL (time
 to live) value for a resource record to other DNS servers and stub resolvers.
@@ -576,13 +715,125 @@
 
    
 
 The value is in seconds.  The default value for this is 30; the minimum 
-value this can have is 5.  
+value this can have is 5.  People running highly loaded MaraDNS servers 
+may wish to increase this value to 3600 (one hour) in order to reduce the
+number of queries recursively processed by MaraDNS.
 
    
 
 As an aside, RFC1123 section 6.1.2.1 implies that zero-length TTL records 
 should be passed on with a TTL of zero.  This, unfortunately, breaks some
 stub resolvers (such as Mozilla's stub resolver).
 
+
    notthere_ip
    
+
+This parameter, if set, causes MaraDNS' recursive resolver to return a
+0-TTL synthetic IP for non-existent hostnames instead of a "this host does
+not exist" DNS reply.  The IP returned is the value for this parameter.
+
    
+
+For example, if one wishes to send the IP 10.11.12.13 to clients whenever
+MaraDNS' recursive resolver gets a "this host does not exist" reply, set
+notthere_ip thusly:
+
    
+
+notthere_ip = "10.11.12.13"
+
    
+
+If one also wishes to have this IP returned when there is no reply
+from remote DNS servers, set handle_noreply thusly:
+
    
+
+handle_noreply = 2
+
    
+
+This parameter only affects the recursive resolver, and doesn't affect
+authoritative zones that MaraDNS serves.  This parameter only affects
+A queries, and doesn't affect other DNS query types.
+
+
    random_seed_file
    
+random_seed_file:  The file from which we read 16 bytes from to
+get the 128-bit seed for the secure pseudo random number generator.
+
    
+
+The location of this file is relative to the root of the
+filesystem, not MaraDNS' chroot directory.
+
    
+
+This is ideally a file which is a good source of random numbers
+(e.g. /dev/urandom), but can also be a fixed file if your OS does not
+have a decent random number generator.	In that case, make sure the
+contents of that file is random and with 600 perms, owned by root.
+We read the file before dropping root privileges.
+
+
    recurse_delegation
    
+recurse_delegation: Whether to recurse in the case of us finding a NS
+delegation record, but the user/stub resolver sent a query that
+desires recursion.  Before MaraDNS 1.3, this was the default behavior.
+
    
+
+When recurse_delegation has a value of 1, we recurse in this case.  
+Otherwise, we do not.
+
    
+
+This parameter has a default value of 0.
+
+
    recurse_min_bind_port
    
+MaraDNS, by default, binds to a UDP port with a value between 15000 and
+19095 when making a recursive query.  This variable, and the 
+recurse_number_ports variable, allow this value to be changed.
+
    
+
+recurse_min_bind_port is the lowest port number that MaraDNS will bind
+to when making recursive queries.  The default value for this is 15000.
+
+
    recurse_number_ports
    
+This determines the size of the port range MaraDNS will bind to when 
+making recursive queries.  MaraDNS, when making a recursive query, will
+locally bind to a port number between recurse_min_bin_port and 
+recurse_min_bind_port + recurse_number_ports - 1.
+
    
+
+This number must be a power of 2 between
+256 and 32768.  In other words, this must have the value 256, 512, 1024,
+2048, 4096, 8192, 16384, or 32768.  The default value for this is 4096.
+
    
+
+The sum of the values for recurse_min_bind_port + recurse_number_ports must
+fit within the 16-bit value used for UDP ports.  In other words, these
+two parameters, added together, can not be greater than 65534.
+
+
    recursive_acl
    
+recursive_acl: List of ips allowed to perform recursive queries with
+the recursive portion of the MaraDNS server
+
    
+
+The format of this string is identical to the format of an ipv4_alias
+entry.
+
+
    reject_aaaa
    
+If this has a value of 1, a bogus SOA "not there" reply is sent whenever
+an AAAA query is sent to MaraDNS.  In other words, every time a program asks
+MaraDNS for an IPv6 IP address, instead of trying to process the request,
+when this is set to 1, MaraDNS pretends the host name in question does not
+have an IPv6 address.
+
    
+
+This is useful for people who aren't using IPv6 but use applications (usually
+*NIX command like applications like "telnet") which slow things down trying
+to find an IPv6 address.
+
+
    reject_ptr
    
+If this has a value of 1, a bogus SOA "not there" reply is sent whenever
+an PTR query is sent to MaraDNS.  In other words, every time a program asks
+MaraDNS for an IP-to-name mapping, instead of trying to process the request,
+when this is set to 1, MaraDNS pretends the IP in question does not
+have a host name.
+
    
+
+This is useful for people who don't need this data but use applications 
+(usually *NIX command like applications like "telnet") which slow things 
+down trying to look up a host name for an IP.
+
 
    remote_admin
    
 remote_admin: Whether we allow verbose_level to be changed
 after MaraDNS is started.
@@ -601,6 +852,25 @@
 resolving, then decreasing verbose_level so as to minimize
 the size of MaraDNS' log.
 
+
    retry_cycles
    
+retry_cycles: The number of times the recursive resolver will try to contact 
+all of the DNS servers to resolve a given name before giving up.  This 
+has a default value of 2.
+
+
    spammers
    
+spammers: A list of DNS servers which the recursive resolver will
+not query.
+
    
+
+This is mainly used to not allow spam-friendly domains to
+resolve, since spammers are starting to get in the habit of using
+spam-friendly DNS servers to resolve their domains, allowing them
+to hop from ISP to ISP.
+
    
+
+The format of this string is identical to the format of an ipv4_alias
+entry.
+
 
    synth_soa_origin
    
 When a CSV2 zone file doesn't have a SOA record in it, MaraDNS generates
 a SOA record on the fly.  This variable determines the host name for
@@ -658,9 +928,7 @@
 
    
 Whether the RD (recursion desired) flag is set or not when converting a TCP
 DNS request in to a UDP DNS request is determined by whether the TCP client
-is on the recursive_acl list.  Since MaraDNS 2.0 does not have 
-recursion, the maradns daemon ignores the RD bit (Deadwood will not
-process any queries without the RD bit set).
+is on the recursive_acl list.
 
 
    tcp_convert_server
    
 This only applies to the zoneserver (general DNS-over-TCP) program.
@@ -671,6 +939,22 @@
 multiple IPs, all values except the first one are presently
 ignored.
 
+
    timeout_seconds
    
+This only applies when performing recursive lookups.  
+
    
+
+The amount of time, in seconds, to wait for a reply from a remote DNS 
+server before giving up and trying the next server on this list.  The 
+default value is 2 seconds.
+
    
+This is for setups where a recursive MaraDNS server is on a slow
+network which takes more than two seconds to send and receive a DNS
+packet.
+
    
+
+Note that, the larger this value is, the slower MaraDNS will process 
+recursive queries when a DNS server is not responding to DNS queries.
+
 
    timestamp_type
    
 timestamp_type: The type of timestamp to display.  The main purpose of
 this option is to suppress the output of timestamps.  Since duende uses
@@ -708,6 +992,13 @@
 
 
     The default value for this variable is 5.
 
+
    upstream_port
    
+
+This is the port that MaraDNS' recursive resolver uses to contact other
+DNS servers.  This is usually 53 (the default value), but certain unusual
+MaraDNS setups (such as when resolving dangling CNAME records on but a
+single IP) may need to have a different value for this.
+
 
    verbose_level
    
 verbose_level: The number of messages we log to stdout
 
    
@@ -728,6 +1019,15 @@
 
 
     The default value for this variable is 1.
 
+
    verbose_query
    
+verbose_query: Whether to verbosely output all DNS queries that the
+recursive DNS server receives.  If this is set to 1, then all recursive
+queries sent to MaraDNS will be logged.  
+
+
    
+
+This is mainly used for debugging.
+
 
    zone_transfer_acl
    
 zone_transfer_acl: List of ips allowed to perform zone transfers
 with the zone server
@@ -760,6 +1060,14 @@
 maradns_uid = 99
 # The (optional) numeric GID MaraDNS will run as
 # maradns_gid = 99
+# The maximum number of threads (or processes, with the zone server)
+# MaraDNS is allowed to run
+maxprocs = 96
+# It is possible to specify a different maximum number of processes that
+# the zone server can run.  If this is not set, the maximum number of 
+# processes that the zone server can have defaults to the 'maxprocs' value
+# above
+# max_tcp_procs = 64
 
 # Normally, MaraDNS has some MaraDNS-specific features, such as DDIP
 # synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org." 
@@ -771,6 +1079,12 @@
 # indistinguishable from a tinydns server.
 no_fingerprint = 0
 
+# Normally, MaraDNS only returns A and MX records when given a
+# QTYPE=* (all RR types) query.  Changing the value of default_rrany_set
+# to 15 causes MaraDNS to also return the NS and SOA records, which
+# some registrars require.  The default value of this is 3
+default_rrany_set = 3
+
 # These constants limit the number of records we will display, in order
 # to help keep packets 512 bytes or smaller.  This, combined with round_robin
 # record rotation, help to use DNS as a crude load-balancer.
@@ -793,6 +1107,32 @@
 # 3: All queries logged (but not very verbosely right now)
 verbose_level = 1
 
+# Initialize the IP aliases, which are used by the list of root name servers,
+# the ACL for zone transfers, and the ACL of who gets to perform recursive
+# queries
+ipv4_alias = {}
+
+# Various sets of root name servers
+# Note: Netmasks can exist, but are ignored when specifying root name server
+
+# ICANN: the most common and most controversial root name server
+# http://www.icann.org
+# This list can be seen at http://www.root-servers.org/
+ipv4_alias["icann"]  = "198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90,"
+ipv4_alias["icann"] += "192.203.230.10, 192.5.5.241, 192.112.36.4,"
+ipv4_alias["icann"] += "128.63.2.53, 192.36.148.17, 192.58.128.30,"
+ipv4_alias["icann"] += "193.0.14.129, 199.7.83.42, 202.12.27.33"
+
+# OpenNIC: http://www.opennic.unrated.net/
+# Current as of 2005/11/30; these servers change frequently so please
+# look at their web page
+ipv4_alias["opennic"]  = "157.238.46.24, 209.104.33.250, 209.104.63.249,"
+ipv4_alias["opennic"] += "130.94.168.216, 209.21.75.53, 64.114.34.119,"
+ipv4_alias["opennic"] += "207.6.128.246, 167.216.255.199, 62.208.181.95,"
+ipv4_alias["opennic"] += "216.87.153.98, 216.178.136.116"
+
+# End of list of root name server lists
+
 # Here is a ACL which restricts who is allowed to perform zone transfer from 
 # the zoneserver program
 
@@ -803,6 +1143,113 @@
 # by the "zoneserver" program.
 #zone_transfer_acl = "10.1.1.1/24, 10.100.100.100/255.255.255.224"
 
+# More complex: We create two aliases: One called "office" and another
+# called "home".  We allow anyone in the office or at home to perform zone
+# transfers
+#ipv4_alias["office"] = "10.1.1.1/24"
+#ipv4_alias["home"] = "10.100.100.100/255.255.255.224"
+#zone_transfer_acl = "office, home"
+
+# More complex then the last example.  We have three employees,
+# Susan, Becca, and Mia, whose computers we give zone transfer rights to.
+# Susan and Becca are system administrators, and Mia is a developer.
+# They are all part of the company.  We give the entire company zone
+# transfer access
+#ipv4_alias["susan"]     = "10.6.7.8/32"  # Single IP allowed
+#ipv4_alias["becca"]     = "10.7.8.9"     # also a single IP
+#ipv4_alias["mia"]       = "10.8.9.10/255.255.255.255" # Also a single IP
+#ipv4_alias["sysadmins"] = "susan, becca"
+#ipv4_alias["devel"]     = "mia"
+#ipv4_alias["company"]   = "sysadmins, devel"
+# This is equivalent to the above line
+#ipv4_alias["company"]   = "susan, becca, mia"
+#zone_transfer_acl       = "company"
+
+# If you want to enable recursion on the loopback interface, uncomment
+# the relevant lines in the following section
+
+# Recursive ACL: Who is allowed to perform recursive queries.  The format
+# is identical to that of "zone_transfer_acl", including ipv4_alias support
+
+#ipv4_alias["localhost"] = "127.0.0.0/8"
+#recursive_acl = "localhost"
+
+# Random seed file: The file from which we read 16 bytes from to get the
+# 128-bit random Rijndael key.  This is ideally a file which is a good source
+# of random numbers, but can also be a fixed file if your OS does not have
+# a decent random number generator (make sure the contents of that file is
+# random and with 600 perms, owned by root, since we read the file *before*
+# dropping root privileges)
+
+#random_seed_file = "/dev/urandom"
+
+# The maximum number of elements we can have in the cache.  If we have more 
+# elements in the cache than this amount, the "custodian" kicks in to effect,
+# removing elements not recently accessed from the cache (8 elements removed 
+# per query) until we are at the 99% level or so again.
+
+#maximum_cache_elements = 1024
+
+# It is possible to change the minimal "time to live" for entries in the
+# cache; this is the minimum time that an entry will stay in the cache.
+# Value is in seconds; default is 300 (5 minutes)
+#min_ttl = 300
+# CNAME records generally take more effort to resolve in MaraDNS than
+# non-CNAME records; it is a good idea to make this higher then min_ttl
+# default value is to be the same as min_ttl
+#min_ttl_cname = 900
+
+# The root servers which we use when making recursive queries.
+
+# The following line must be uncommented to enable custom root servers 
+# for recursive queries
+#root_servers = {}
+
+# You can choose which set of root servers to use.  Current values (set above)
+# are: icann, osrc, alternic, opennic,  pacificroot, irsc, tinc, and 
+# superroot.  
+#root_servers["."] = "icann"
+
+# If you prefer to contact other recursive DNS servers instead of the ICANN
+# root servers, this is done with the upstream_servers mararc variable:
+#upstream_servers["."] = "192.168.0.1, 192.168.0.2"
+
+# You can tell MaraDNS to *not* query certain DNS servers when in recursive
+# mode.  This is mainly used to not allow spam-friendly domains to resolve,
+# since spammers are starting to get in the habit of using spam-friendly
+# DNS servers to resolve their domains, allowing them to hop from ISP to 
+# ISP.  The format of this is the same as for zone_transfer_acl and 
+# recursive_acl
+
+# For example, at the time of this document (August 12, 2001), azmalink.net
+# is a known spam-friendly DNS provider (see doc/detailed/spammers/azmalink.net
+# for details.)  Note that this is based on IPs, and azmalink.net constantly
+# changes IPs (as they constantly have to change ISPs)
+# 2002/10/12: Azmalink changed ISP again, this reflect their current ISP
+ipv4_alias["azmalink"] = "12.164.194.0/24"
+
+# As of September 20, 2001, hiddenonline.net is a known spam-friendly
+# DNS provider (see doc/detailed/spammers/hiddenonline for details).
+ipv4_alias["hiddenonline"] = "65.107.225.0/24"
+spammers = "azmalink,hiddenonline"
+
+# It is also possible to change the maximum number of times MaraDNS will
+# follow a CNAME record or a NS record with a glue A record.  The default
+# value for this is ten.
+#max_glueless_level = 10
+# In addition, one can change the maximum number of total queries that
+# MaraDNS will perform to look up a host name.  The default value is 32.
+#max_queries_total = 32
+# In addition, one can change the amount of time that MaraDNS will wait
+# for a DNS server to respond before giving up and trying the next DNS
+# server on a list.  Note that, the larger this value is, the slower 
+# MaraDNS will process recursive queries when a DNS server is not 
+# responding to DNS queries.  The default value is two seconds.
+#timeout_seconds = 2
+
+
+# And that does it for the caching at this point
+
 
 
    • 
 
diff -Nru maradns-2.0.04/doc/en/tutorial/man.zoneserver.html maradns-2.0.04+really1.4.09/doc/en/tutorial/man.zoneserver.html
--- maradns-2.0.04/doc/en/tutorial/man.zoneserver.html	2010-09-27 22:36:25.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/tutorial/man.zoneserver.html	2007-08-29 16:30:05.000000000 +0000
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -26,8 +26,8 @@
 
    CONFIGURATION FILE FORMAT
    
 The file format for the mararc file can be found in the 
 mararc(5) manual page.  In particular, the zoneserver uses the
-zone_transfer_acl, tcp_convert_acl, tcp_convert_server, and bind_address
-mararc parameters.
+zone_transfer_acl, tcp_convert_acl, tcp_convert_server, bind_address, and
+recursive_acl mararc parameters.
 
    EXAMPLE MARARC FILE
    
 In this example mararc file, which is used both by maradns and zoneserver,
 we allow 10.1.2.3, 10.1.14.7, and 192.168.116.{any} to transfer zones, and
diff -Nru maradns-2.0.04/doc/en/tutorial/quick_start.html maradns-2.0.04+really1.4.09/doc/en/tutorial/quick_start.html
--- maradns-2.0.04/doc/en/tutorial/quick_start.html	2010-09-27 22:36:25.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/tutorial/quick_start.html	2008-03-24 15:52:33.000000000 +0000
@@ -1,6 +1,6 @@
 
-
+
 
 
 
@@ -13,53 +13,52 @@
 This guide is for experienced UNIX/Linux/BSD users who just want to 
    quickly try out MaraDNS
 
    
-MaraDNS acts as an authoritative DNS server.  Recursion is handled by
-the included "Deadwood" program.  
+MaraDNS acts as both a recursive and an authoritative DNS server.  In
+other words, MaraDNS can both be used to speed up the internet, and/or
+serve domains that you may have.
 
    
 
-To try out Deadwood as a recursive nameserver:
+To try out MaraDNS as a recursive nameserver is easy:
 
      
 
-
    • Compile MaraDNS and Deadwood.  Type in './configure; make' in the 
+
    • Compile MaraDNS.  Type in './configure; make' in the 
   top-level MaraDNS directory.
   Note: No need to compile if you downloaded a binary RPM or Debian package.
 
-
    • The the file deadwood-{version number}/src/Deadwood and place it in
-    /usr/local/sbin
-
 
    • Take the file server/maradns and place it in /usr/local/sbin
 
 
    •  Take the file tools/duende and place it in /usr/local/sbin
 
 
    • Create an empty directory called /etc/maradns
 
-
    • Create a dwood3rc file.  This file only needs to be three lines long
-    on systems with a /dev/urandom file.
+
    • Create a mararc file.  This file only needs to be three lines long
+    on systems with a /dev/urandom file, and four lines long on older
+    operating systems without /dev/urandom
 
      
-     Here is a sample dwood3rc file:
+     Here is a sample mararc file:
 
       	ipv4_bind_addresses = "127.0.0.1"
 	chroot_dir = "/etc/maradns"
 	recursive_acl = "127.0.0.1"
 
      
-     This dwood3rc file says that MaraDNS will have the ip "127.0.0.1" (this
+     This mararc file says that MaraDNS will have the ip "127.0.0.1" (this
      is the bind_address), run from the directory /etc/maradns (the chroot_dir
      value), and only allow the ip "127.0.0.1" to make recursive queries (the
      recursive_acl value).
 
-
    • Place the dwood3rc file in the location /etc/dwood3rc on your system.
+
    • Place the mararc file in the location /etc/mararc on your system.
 
-
    • Run Deadwood as a non-daemon: 
+
    • Run MaraDNS as a non-daemon: 
 
      
 
      -	/usr/local/sbin/Deadwood
+	/usr/local/sbin/maradns
 
      
 
      
-Since Deadwood needs to bind to a privileged port (port 53), it needs
-to start up running as root.  Deadwood is designed with security in mind, and
+Since MaraDNS needs to bind to a privileged port (port 53), it needs
+to start up running as root.  MaraDNS is designed with security in mind, and
 will drop root privileges before being visible to the public internet.
 
-
    • Test Deadwood in another window or virtual terminal
+
    • Test MaraDNS in another window or virtual terminal
      
 
      
 
      @@ -76,18 +75,18 @@
 
      
 
      
 
-
    • If this works, make Deadwood run as a daemon:
+
    • If this works, make MaraDNS run as a daemon:
 
 
      
 
      -	/usr/local/sbin/duende /usr/local/sbin/Deadwood
+	/usr/local/sbin/duende /usr/local/sbin/maradns
 
      
 
      
 
      duende is a tool that daemonizes maradns; the daemonizer is a separate
      program.
 
-
    • If this all works, install MaraDNS and Deadwood:
+
    • If this all works, install MaraDNS:
 
      
 
       	make install
@@ -96,14 +95,15 @@
 
    
 
    
 
-It is also possible to set up the program "maradns" as an authoritative
-name server:
+It is also possible to set up MaraDNS as both an authoritative and recursive
+name server with the same IP:
 
 
      
 
    • Here is the MaraRC file:
 
       	ipv4_bind_addresses = "127.0.0.1"
 	chroot_dir = "/etc/maradns"
+	recursive_acl = "127.0.0.1"
 	csv2 = {}
 	csv2["example.com."] = "db.example.com"
 
      
@@ -115,6 +115,7 @@
     (Yes, experienced DNS admins, you can have SOA, NS, MX, SRV, and any other
      kind of DNS data stored in a csv2 zone file.  Read the csv2 man page for
      details)
+
    • Recursive queries will be resolved normally
 
    • Queries for example.com will resolve to 10.1.2.3
 
    • Any other 
 name.example.com query will return a "this host does not exist"
@@ -122,7 +123,7 @@
 
    
 
 Look in doc (in particular, the tutorial), or read the relevant man 
-pages for more information on how to set up Deadwood and MaraDNS.
+pages for more information on how to set up MaraDNS.
 
    
 
 
diff -Nru maradns-2.0.04/doc/en/tutorial/recordtypes.html maradns-2.0.04+really1.4.09/doc/en/tutorial/recordtypes.html
--- maradns-2.0.04/doc/en/tutorial/recordtypes.html	2010-09-27 22:36:24.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/tutorial/recordtypes.html	2005-12-06 18:54:37.000000000 +0000
@@ -1,6 +1,6 @@
 
-
+
 
 
 DNS record types
diff -Nru maradns-2.0.04/doc/en/tutorial/recursive.html maradns-2.0.04+really1.4.09/doc/en/tutorial/recursive.html
--- maradns-2.0.04/doc/en/tutorial/recursive.html	2010-09-27 22:36:24.000000000 +0000
+++ maradns-2.0.04+really1.4.09/doc/en/tutorial/recursive.html	2007-11-26 17:48:21.000000000 +0000
@@ -1,6 +1,6 @@
 
-
+
 
 
 Recursive DNS serving
@@ -12,10 +12,10 @@
 
 
 
-
    Using Deadwood as a recursive DNS server
    
+
    Using MaraDNS as a recursive DNS server
    
 
-This document is a step-by-step guide to setting up Deadwood as a recursive 
-DNS server.  It assumes that MaraDNS and Deadwood are already compiled and installed.
 
 
@@ -24,7 +24,7 @@
 
 
      
 
    • Basic configuration
-
    • Using Deadwood on a slow network
+
    • Using MaraDNS on a slow network
 
    • Using other recursive DNS servers
 
    • Using different root servers
 
    • Having private host names
@@ -37,8 +37,8 @@
 
      Basic configuration
      
 
 
-Once Deadwood is installed, the dwood3rc file needs to be set up
-before Deadwood will function as a recursive DNS server.  This file only 
+Once MaraDNS is installed, the mararc file needs to be set up
+before MaraDNS will function as a recursive DNS server.  This file only 
 needs to be three lines long:
 
 
      @@ -48,27 +48,27 @@
 
      
 
 
      
-This three-line file needs to be called /etc/dwood3rc.
+This three-line file needs to be called /etc/mararc.
 
 
      
-The first line is the IP address or addresses Deadwood will use.  Here, it
-has the address 127.0.0.1, which means that only the machine running Deadwood
+The first line is the IP address or addresses MaraDNS will use.  Here, it
+has the address 127.0.0.1, which means that only the machine running MaraDNS
 will be able to access the MaraDNS server--other machines will not be able
 to see it.  
 
 
      
-If the machine running Deadwood will be accessed by other machines, this
-IP needs to be changed to an IP that the machine running Deadwood has.
+If the machine running MaraDNS will be accessed by other machines, this
+IP needs to be changed to an IP that the machine running MaraDNS has.
 
 
      
-It is possible to have Deadwood run on multiple IP addresses:
+It is possible to have MaraDNS run on multiple IP addresses:
 
 
       ipv4_bind_addresses = "10.1.3.2, 192.168.0.1, 127.0.0.1"
 
      
 
-The second line, chroot_dir is the directory Deadwood will be 
-run from.  This just 
+The second line, chroot_dir is the directory MaraDNS will be 
+run from.  When MaraDNS is being used as a recursive DNS server, this just 
 has to be an empty directory, ideally owned by the root user.
 
 
      
@@ -86,19 +86,19 @@
    Here the "/24" indicates that we ignore the fourth number in an IP -when determining who can contact Deadwood. +when determining who can contact MaraDNS.

    -Once this is done, other machines can contact the Deadwood server to -perform DNS queries. For example, Deadwood is now a DNS server which +Once this is done, other machines can contact the MaraDNS server to +perform DNS queries. For example, MaraDNS is now a DNS server which Windows 98 can use in "Control Panel -> Network -> TCP/IP -> DNS configuration", or a UNIX system can point to from /etc/resolv.conf. -

    Using Deadwood on a slow network

    +

    Using MaraDNS on a slow network

    -Deadwood, on a slow network, may time out. Deadwood normally only waits +MaraDNS, on a slow network, may time out. MaraDNS normally only waits two seconds for a reply from a remote DNS server. This is not enough time to process queries on some slow networks. This can be changed by increasing the timeout_seconds value. @@ -121,16 +121,16 @@

    Using other recursive DNS servers

    -It is possible to have Deadwood contact other recursive name servers, +It is possible to have MaraDNS contact other recursive name servers, instead of contacting the actual root servers to process recursive -queries by using the variable upstream_servers in the dwood3rc file. +queries by using the variable upstream_servers in the mararc file.

    In other words, one can use one's, say, ISP's DNS servers to resolve the names, and have MaraDNS act as a cache for the ISP's DNS servers. Supposing that the ISP name servers have the IPs 10.66.77.88 and 10.99.11.22, the -dwood3rc file will look like this: +mararc file will look like this: 

     ipv4_bind_addresses = "127.0.0.1"
@@ -143,7 +143,7 @@
 
 
    Using different root servers
    
 
-Deadwood, by default, uses the ICANN name servers as the root name servers.
+MaraDNS, by default, uses the ICANN name servers as the root name servers.
 The reason for this default is practical: In my experience, the ICANN root
 name servers are the ones which least frequently change their IP addresses.
 They are the best name servers for simple "set and forget" recursive
@@ -161,20 +161,21 @@
 ipv4_bind_addresses = "127.0.0.1"
 chroot_dir = "/etc/maradns"
 recursive_acl = "127.0.0.1"
-root_servers = {}
-root_servers["."] = "198.41.0.4,"     
-root_servers["."] += "192.228.79.201,"
-root_servers["."] += "192.33.4.12,"
-root_servers["."] += "128.8.10.90,"
-root_servers["."] += "192.203.230.10,"
-root_servers["."] += "192.5.5.241,"
-root_servers["."] += "192.112.36.4,"
-root_servers["."] += "128.63.2.53,"
-root_servers["."] += "192.36.148.17,"
-root_servers["."] += "192.58.128.30,"
-root_servers["."] += "193.0.14.129,"
-root_servers["."] += "199.7.83.42,"
-root_servers["."] += "202.12.27.33"
+ipv4_alias = {}
+ipv4_alias["icann"]  = "198.41.0.4,"     
+ipv4_alias["icann"] += "192.228.79.201,"
+ipv4_alias["icann"] += "192.33.4.12,"
+ipv4_alias["icann"] += "128.8.10.90,"
+ipv4_alias["icann"] += "192.203.230.10,"
+ipv4_alias["icann"] += "192.5.5.241,"
+ipv4_alias["icann"] += "192.112.36.4,"
+ipv4_alias["icann"] += "128.63.2.53,"
+ipv4_alias["icann"] += "192.36.148.17,"
+ipv4_alias["icann"] += "192.58.128.30,"
+ipv4_alias["icann"] += "193.0.14.129,"
+ipv4_alias["icann"] += "199.7.83.42,"
+ipv4_alias["icann"] += "202.12.27.33"
+root_servers["."] = "icann"
    This file will do the exact same thing as the following mararc file: @@ -185,16 +186,177 @@ recursive_acl = "127.0.0.1" -The ICANN servers listed above are the ones that Deadwood use when no +The ICANN servers listed above are the ones that MaraDNS uses when no root servers are specified. +

    + +As an aside, the ipv4_alias variable is a general purpose way of +giving names to any set of IPs in a mararc file. We can use +shortcuts like this, in fact: + +

    +ipv4_alias = {}
+ipv4_alias["localhost"] = "127.0.0.1"
+ipv4_bind_addresses = "localhost"
+chroot_dir = "/etc/maradns"
+recursive_acl = "localhost"
+ipv4_alias["icann-a"] = "198.41.0.4"
+ipv4_alias["icann-b"] = "192.228.79.201"
+ipv4_alias["icann-c"] = "192.33.4.12"
+ipv4_alias["icann-d"] = "128.8.10.90"
+ipv4_alias["icann-e"] = "192.203.230.10"
+ipv4_alias["icann-f"] = "192.5.5.241"
+ipv4_alias["icann-g"] = "192.112.36.4"
+ipv4_alias["icann-h"] = "128.63.2.53"
+ipv4_alias["icann-i"] = "192.36.148.17"
+ipv4_alias["icann-j"] = "192.58.128.30"
+ipv4_alias["icann-k"] = "193.0.14.129"
+ipv4_alias["icann-l"] = "199.7.83.42"
+ipv4_alias["icann-m"] = "202.12.27.33"
+ipv4_alias["icann"] = "icann-a,icann-b,icann-c,icann-d,icann-e,icann-f,"
+ipv4_alias["icann"] += "icann-g,icann-h,icann-i,icann-j,icann-k,icann-l,"
+ipv4_alias["icann"] += "icann-m"
+root_servers["."] = "icann"
+
    + +This works the same as the above two examples. The reason why we don't have +commas in any of the aliases besides icann is because the comma before +the quote is only needed on a line before a line that uses +the += operator. + +

    + +Here is what a configuration file which uses OpenNIC's glue root servers +as the root servers. This list is current as of February 22, 2006; note +that OpenNIC frequently changes these IPs and you need to verify that +these IPs are current at http://www.opennic.unrated.net/. +A number of alternate root server organizations no longer exist; please +make sure these people still exist before using this list. + +

    +ipv4_bind_addresses = "127.0.0.1"
+chroot_dir = "/etc/maradns"
+recursive_acl = "127.0.0.1"
+ipv4_alias = {}
+# This ends with a comma because the next line is a += line
+ipv4_alias["opennic"]  = "131.161.247.232,"
+ipv4_alias["opennic"] += "208.185.249.250,"
+ipv4_alias["opennic"] += "66.227.42.140,"
+ipv4_alias["opennic"] += "66.227.42.149,"
+ipv4_alias["opennic"] += "64.81.44.251,"
+ipv4_alais["opennic"] += "216.87.84.214,"
+ipv4_alias["opennic"] += "208.185.249.251,"
+ipv4_alias["opennic"] += "131.161.247.231,"
+# This is the last line, so no comma at the end
+ipv4_alias["opennic"] += "65.243.92.254"
+# Considering how often alternate root DNS server lists change or disappear,
+# we will have the ICANN list on hand as a backup.
+ipv4_alias["icann"]  = "198.41.0.4,"     
+ipv4_alias["icann"] += "192.228.79.201,"
+ipv4_alias["icann"] += "192.33.4.12,"
+ipv4_alias["icann"] += "128.8.10.90,"
+ipv4_alias["icann"] += "192.203.230.10,"
+ipv4_alias["icann"] += "192.5.5.241,"
+ipv4_alias["icann"] += "192.112.36.4,"
+ipv4_alias["icann"] += "128.63.2.53,"
+ipv4_alias["icann"] += "192.36.148.17,"
+ipv4_alias["icann"] += "192.58.128.30,"
+ipv4_alias["icann"] += "193.0.14.129,"
+ipv4_alias["icann"] += "198.32.64.12,"
+ipv4_alias["icann"] += "202.12.27.33"
+# Now, set the root servers; chance this to icann if you want to use the
+# icann servers instead.
+root_servers["."] = "opennic"
+
    + + +

    Having private host names

    +     + +One may wish to have private host names when running MaraDNS as a recursive +name server. These are names that are not attached to the root servers, +but will resolve on the recursive name server. For example, it might make +sense to have "router.office." resolve to the IP of a router in an +office. + +

    + +There are two ways to do this with MaraDNS: By using a custom +root server for only names that end in "office", or by having the +authoritative half of MaraDNS handle custom name resolutions. + +

    + + +

    Using authoritative records for private names

    + + +We can have local names by taking advantage of the fact that +MaraDNS +can act as both a recursive and authoritative name server on the same IP. +MaraDNS first looks up authoritative names before performing recursion. +For example, if www.google.com is defined in a MaraDNS zone +file, MaraDNS will use the value in the zone file instead of contacting +nameservers on the internet to get the IP for www.google.com. + +

    + +The procedure to do this is as follows: + +

      +
    • Have an authoritative and recursive DNS server share the same IP. Make + sure this DNS server is not accessible from the public internet. +
    • For this authoritative server, have zone files for the zones which one + wants to have non-public information. Recursive queries will be resolved + as usual (since the authoritative server is also a recursive server); + authoritative queries for the special zones will get the special data. +
    • The maradns man page has a section on + firewall configuration which + describes how to set up an IP filter to allow MaraDNS to send packets. + Basically, don't allow outside IPs to hit this combined server on port + 53 (UDP); instead allow UDP connections to ports 15000-19095. +
    + +Here is how the configuration may look: + +
    +ipv4_bind_addresses = "192.168.0.1"
+chroot_dir = "/etc/maradns"
+recursive_acl = "192.168.0.0/24"
+csv2 = {}
+csv2["office."] = "db.office"
+
    + +Replace 192.168.0.1 with the IP of the machine running the recursive MaraDNS; +replace 192.168.0.0/24 (This means "anything that begins with 192.168.0") +with the IP range allowed to access the recursive DNS server. + +

    + +The file "db.example.com." will be a csv2 zone file with records for the +bogus example.com domain, such as router.example.com. + +

    + +If you want to have some of these private names be CNAMES for hostnames +on the internet (e.g. "google.example.com. CNAME www.google.com."), please +read the dangling CNAME document. + +

    + +More information on having host names for an internal network is available +in the network section of the +authoritative document. +

    Private names with custom root servers

    -Deadwood can have custom root name servers +MaraDNS, starting with version 1.3.02, can have custom root name servers that only resolve names in a subtree of the DNS space. In other words, -we can tell Deadwood to have 192.168.0.7 resolve all names ending in +we can tell MaraDNS to have 192.168.0.7 resolve all names ending in office by having a line like this in one's mararc file: 
    @@ -210,22 +372,9 @@
 recursive_acl = "192.168.0.0/24"
 root_servers = {}
 root_servers["office."] = "192.168.0.7"
-root_servers["."] = "198.41.0.4,"     
-root_servers["."] += "192.228.79.201,"
-root_servers["."] += "192.33.4.12,"
-root_servers["."] += "128.8.10.90,"
-root_servers["."] += "192.203.230.10,"
-root_servers["."] += "192.5.5.241,"
-root_servers["."] += "192.112.36.4,"
-root_servers["."] += "128.63.2.53,"
-root_servers["."] += "192.36.148.17,"
-root_servers["."] += "192.58.128.30,"
-root_servers["."] += "193.0.14.129,"
-root_servers["."] += "199.7.83.42,"
-root_servers["."] += "202.12.27.33"
    -And the configuration on 192.168.0.7, the MaraDNS authoritative server: +And the configuration on 192.168.0.7, the authoritative server: 
     ipv4_bind_addresses = "192.168.0.7"
@@ -234,4 +383,54 @@
 csv2["office."] = "db.office"
    + +

    Customizing the resolution of some names

    +     + +One may wish to customize the resolution of certain names when using +MaraDNS as both an authoritative and recursive name server. For example, +if a high-profile domain is hijacked (such as what happened with +panix.com in January of 2005), it may be desirable to have the correct +name for the domain be temporarily locally set. This is also useful for +a list of blocked sites (so the user gets a friendly "this site is blocked" +instead of just being unable to connect to the site in question), and for +setups where some machines need special DNS resolution for names that +other machines do not need DNS resolution for. + +

    + +The procedure for doing this is almost identical to the procedure for +having private host names as described above. Here is an example +relevant mararc file: + +

    +ipv4_bind_addresses = "192.168.0.1"
+chroot_dir = "/etc/maradns"
+recursive_acl = "192.168.0.0/24"
+csv2 = {}
+csv2["example.com."] = "db.example.com"
+
    + +The only things that need to be changed in this mararc file are +the ipv4_bind_addresses and the recursive_acl +parameters. The csv2["example.com."] is not changed. + +

    + +Now, let us suppose we want to have the A records for "www.phishsite.foo" +and "phishsite.foo" resolve to an IP address that we control the web +site for. We would add the following records (lines) to the file +/etc/maradns/db.example.com + +

    +www.phishsite.foo. 192.168.0.2
+phishsite.foo. 192.168.0.2
+
    + +We can also add a star record: + +
    +*.phishsite.foo. 192.168.0.2
+
    + diff -Nru maradns-2.0.04/doc/en/tutorial/troubleshoot.html maradns-2.0.04+really1.4.09/doc/en/tutorial/troubleshoot.html --- maradns-2.0.04/doc/en/tutorial/troubleshoot.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/troubleshoot.html 2010-01-08 16:07:49.000000000 +0000 @@ -1,6 +1,6 @@ - + @@ -39,15 +39,14 @@ 
     ipv4_bind_addresses = "127.0.0.1"
 chroot_dir = "/etc/maradns"
-csv2 = {}
-csv2["example.com."] = "db.example.com"
+recursive_acl = "127.0.0.1/8"
    In the above mararc file, MaraDNS has the IP 127.0.0.1, would look for -zone files in the directory /etc/maradns, and reads the file -db.example.com to get the zone for example.com.

    +zone files in the directory /etc/maradns, and allows recursive +DNS queries on the loopback interface.

    OK, so let's look at some problems, as they appear on a CentOS 3.8 box with the above mararc file. @@ -62,7 +61,7 @@ 

    -$ askmara Awww.example.com.
+$ askmara Awww.google.com.
 # Querying the server with the IP 127.0.0.1
 # Hard Error: Unable to send UDP packet!
    @@ -83,7 +82,7 @@ $ su
    Password: type in your root password here
     $ ifconfig lo 127.0.0.1
-$ askmara Awww.example.com.
+$ askmara Awww.google.com.
 # Querying the server with the IP 127.0.0.1
 # Hard Error: Timeout
    @@ -107,6 +106,57 @@ command with the appropriate command for restarting a daemon/service for your operating system.

    +Now, lets look at some possible replies. + +

    Server failure

    + +
    +$ askmara Awww.google.com.
+# Querying the server with the IP 127.0.0.1
+# Remote server said: SERVER FAILURE
+# Question: Awww.google.com.
+# NS replies:
+# AR replies:
+
    + +This is the askmara output when MaraDNS is running correctly but is +unable to connect to DNS servers on the internet. This can be caused +when the machine running MaraDNS does not have an internet connection, +or when MaraDNS is being firewalled.

    + +So, we get the internet connection up and going. If you have a working +ethernet card and are on a network with internet access, this is as +simple as making a DHCP request for an IP: + +

    +$ dhclient
+Internet Systems Consortium DHCP Client V3.0.1
+Copyright 2004 Internet Systems Consortium.
+All rights reserved.
+For info, please visit http://www.isc.org/products/DHCP
+
+/sbin/dhclient-script: configuration for eth0 not found. Continuing
+with defaults.
+/sbin/dhclient-script: line 52: eth0: No existe el fichero o el directorio
+Listening on LPF/eth0/00:40:f4:17:ac:e9
+Sending on   LPF/eth0/00:40:f4:17:ac:e9
+Listening on LPF/lo/
+Sending on   LPF/lo/
+Sending on   Socket/fallback
+DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
+DHCPOFFER from 10.1.2.1
+DHCPREQUEST on eth0 to 255.255.255.255 port 67
+DHCPACK from 10.1.2.1
+/sbin/dhclient-script: configuration for eth0 not found. Continuing
+with defaults.
+/sbin/dhclient-script: line 52: eth0: No existe el fichero o el directorio
+bound to 10.1.2.3 -- renewal in 255 seconds.
+
    + +Note that if you are using something besides CentOS or Red Hat +Enterprise Linux, the command for getting a DHCP lease may not be +dhclient.

    + Now, the dhclient that CentOS 3.8 comes with is buggy, and breaks lo (the loopback interface which gives CentOS the 127.0.0.1 IP address). So, we have to fix lo again: diff -Nru maradns-2.0.04/doc/en/tutorial/tutorial.html maradns-2.0.04+really1.4.09/doc/en/tutorial/tutorial.html --- maradns-2.0.04/doc/en/tutorial/tutorial.html 2010-09-27 22:36:24.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/tutorial.html 2009-12-21 15:28:47.000000000 +0000 @@ -1,6 +1,6 @@ - + MaraDNS tutorial diff -Nru maradns-2.0.04/doc/en/tutorial/update.html maradns-2.0.04+really1.4.09/doc/en/tutorial/update.html --- maradns-2.0.04/doc/en/tutorial/update.html 2010-09-28 02:20:04.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/update.html 2009-12-21 15:28:47.000000000 +0000 @@ -1,6 +1,6 @@ - + Updating MaraDNS @@ -17,7 +17,6 @@

  • Updating from 1.2.03 to a later 1.2 release
  • Updating from 1.2.12 to a 1.3 release
  • Updating from 1.3 to a 1.4 release -
  • Updatring from MaraDNS 1.4 to MaraDNS 2.0 This document is divided in to two parts; anyone upgrading from a @@ -356,67 +355,4 @@ name "*.example.com." (with a literal star in the domain name), which is usually not what one wants. - -

    Updatring from MaraDNS 1.4 to MaraDNS 2.0

    - -MaraDNS 2.0 is MaraDNS 1.4 with all recursive support removed from the -maradns daemon and done with the separate daemon Deadwood. -Because of this: - -
      - -
    • MaraDNS can no longer serve both authoritative and recursive records on - the same IP. - -
    • While Deadwood uses a compatible rc file format, there are enough - differences between a mararc file (MaraDNS' configuration file) and - a dwood3rc file (Deadwood's configuration file) that a conversion - has to be done by hand. - -
    - -The most important thing to keep in mind when converting a mararc file to -a dwood3rc file is that Deadwood does not support the following mararc -parameters: - -
      -
    • csv1 -
    • csv2 -
    • ipv4_alias -
    • admin_acl -
    • bind_star_handling -
    • csv2_default_zonefile -
    • csv2_synthip_list -
    • csv2_tilde_handling -
    • debug_msg_level -
    • default_rrany_set -
    • dos_protection_level -
    • hide_disclaimer -
    • long_packet_ipv4 -
    • ipv6_bind_address (bind_address supports one or more ipv6 addresses if - Deadwood is compiled with IPv6 support) -
    • max_chain -
    • max_mem -
    • max_total -
    • min_ttl -
    • min_ttl_cname -
    • min_visible_ttl -
    • notthere_ip (If you want to make money with NX redirects, let's talk money) -
    • recurse_delegation -
    • reject_ptr (but Deadwood does support reject_aaaa) -
    • remote_admin -
    • retry_cycles (use num_retries instead) -
    • spammers -
    • synth_soa_origin -
    • synth_soa_serial -
    • tcp_convert_acl -
    • tcp_convert_server -
    • timestamp_type (We assume the logger makes a timestamp for us) -
    • verbose_query (verbose_level will do this at a level of 100 or more) -
    • zone_transfer_acl -
    - -Also, Deadwood handles "verbose_level" differently; to get fully verbose -messages, "verbose_level" has to be 200 (as opposed to MaraDNS' 10). - diff -Nru maradns-2.0.04/doc/en/tutorial/win_service.html maradns-2.0.04+really1.4.09/doc/en/tutorial/win_service.html --- maradns-2.0.04/doc/en/tutorial/win_service.html 2010-09-27 22:36:25.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/tutorial/win_service.html 2010-01-08 16:07:49.000000000 +0000 @@ -1,6 +1,6 @@ - + Running MaraDNS as a Windows NT/2000/XP service @@ -18,20 +18,6 @@

    -Most users of MaraDNS in Windows will probably only being using the -MaraDNS suite to recursively resolve records in MaraDNS. The maradns.exe -program does not recursively resolve records; that is done by deadwood.exe, -which has full support for being a Windows service and does not need -to use srvany to be a service. - -

    - -The only people who would want to run MaraDNS 2.0 as a service is anyone -who is in the somewhat unusual position of using MaraDNS on Windows -to authoritatively resolve records. - -

    - It is possible to run the native 32bit-Windows port of MaraDNS as a service that starts up automatically when Windows is started and runs in the background. This document gives step by step instructions on @@ -163,7 +149,7 @@ (the commands are "c:" followed by "cd c:\maradns"). Next, type in the following command:

    -askmara 1:www.example.com. +askmara 1:www.microsoft.com.
    The output should look something like this: 
    @@ -175,9 +161,6 @@
 # AR replies:
    -Please replace "example.com" above with any domain that MaraDNS is resolving. -

    - If not, verify that you have a working internet connection. If you do, make sure MaraDNS is running by seeing if it is listed as "maradns.exe" in the task manager (Ctrl + Alt + Del) under the "Processes" tab. Note: If you can't see diff -Nru maradns-2.0.04/doc/en/webpage/advocacy.embed maradns-2.0.04+really1.4.09/doc/en/webpage/advocacy.embed --- maradns-2.0.04/doc/en/webpage/advocacy.embed 2011-08-05 11:59:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/webpage/advocacy.embed 2010-07-31 07:17:06.000000000 +0000 @@ -1,4 +1,3 @@ -

    MaraDNS Advocacy

    This article discusses the advantages and disadvantages of using MaraDNS, @@ -28,30 +27,29 @@ MaraDNS has the following advantages:
      -
    • Secure. MaraDNS has a strong security history. -For example, MaraDNS has always randomized, using -a secure random number generator, the Query ID and source port of DNS queries; -and -was never vulnerable to the "new" cache poisoning attack. +
    • Secure. MaraDNS has a security history as good as or better than any +other DNS server.
    • Supported. -MaraDNS has a long history of being maintained and updated. -Actively developed since 2001, -MaraDNS continues to be supported: The most recent -release was done on February 5, 2011. Deadwood, the recursive code that is -part of MaraDNS 2.0, is stable code. -
    • Easy to use. A basic recursive configuration needs only a +MaraDNS has a long history of being maintained and updated. MaraDNS was +originally created in 2001. MaraDNS 1.0 was released in 2002 +and MaraDNS 1.2 was released in December of 2005. MaraDNS has been +extensively tested, both with a SQA process and with over four years of +real-world use. MaraDNS continues to be fully supported: The most recent +release was done on July 31, 2010. +
    • Easy to use. A basic recursive configuration needs only a single three-line configuration file. A basic authoritative configuration needs only a four-line configuration file and a one-line zone file. -MaraDNS is fully documented, with both easy-to-follow tutorials and a +MaraDNS is fully documented, with both easy-to-follow tutorials and a complete and up-to-date reference manual. -
    • Small. MaraDNS is well suited for embedded applications -and other environments where the server must use the absolute minimum +
    • Small. MaraDNS is well suited for embedded applications +and other environments where the server must use the absolute minimum number of resources possible. +MaraDNS' binary is smaller than +that of any other currently maintained recursive DNS server.
    • Open Source. MaraDNS is fully open-source, The license is a two-clause BSD license that is almost -identical to the +identical to the FreeBSD license.
      • @@ -62,13 +60,25 @@ be for you. MaraDNS has the following, ummm, features:
        +
      • MaraDNS currently spawns a thread for every recursive request that + is not in the cache. In other words, MaraDNS needs a good thread + implementation in order to process a large number of recursive + requests. Make sure your operating system has a robust threading + library before using MaraDNS to process a large number of recursive + request.

        + + I do plan on fixing this, but it requires a complete rewrite of + the recursive code, which will take six months to a year to + implement.

      • In order to change any DNS records, MaraDNS needs to be restarted. This is because MaraDNS uses a model that pulls DNS records from memory - very quickly. + very quickly. This will not be addressed until I adress the issue + with recursive threads. -
      • MaraDNS support for BIND zone files uses a Python script to convert - zone files from BIND's format to MaraDNS' BIND-like format. +
      • MaraDNS has support for BIND zone files only in the beta-test + branch, using a Python script to convert zone files from BIND's format + to MaraDNS' BIND-like format.
      Many, many DNS server projects have come and gone over the years; to diff -Nru maradns-2.0.04/doc/en/webpage/advocacy.html maradns-2.0.04+really1.4.09/doc/en/webpage/advocacy.html --- maradns-2.0.04/doc/en/webpage/advocacy.html 2011-08-05 11:59:50.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/webpage/advocacy.html 2010-07-31 07:17:12.000000000 +0000 @@ -41,11 +41,11 @@ - - - -
      -
      -
      - - - - -
      -MaraDNS -
      -
      -A security-aware DNS server -
      -      		       -
      - - Erre con erre cigarro
      - Erre con erre barril
      - Rápido ruedan los carros
      - En el ferrocarril
       -
      -
      - -
      - - -
      -
      -
      -
      -

      MaraDNS products

      -Sponsorship is what made continued MaraDNS development possible. +Sponsorship is what makes continued MaraDNS development possible.

      -For a while, I accepted sponsorship for people who helped compensate me -for the hard work I did developing MaraDNS. I no longer need donations -to help with MaraDNS development +Do you want private email support? Would you like to see a feature +added to MaraDNS? Do you have a need for specialized C programming +or Linux/UNIX scripting? +

      + +I offer, for very reasonable prices, a number of services, including: +

        +
      • Private MaraDNS email support. +
      • MaraDNS customization. +
      • C, Perl, Python, and other programming services. +
      + +If you are interested in paying me, please contact me diff -Nru maradns-2.0.04/doc/en/webpage/products.html maradns-2.0.04+really1.4.09/doc/en/webpage/products.html --- maradns-2.0.04/doc/en/webpage/products.html 2011-08-05 11:59:50.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/webpage/products.html 2009-12-21 15:28:48.000000000 +0000 @@ -41,11 +41,11 @@ - - - -
      -
      -
      - - - - -
      -MaraDNS -
      -
      -A security-aware DNS server -
      -      		       -
      - - Erre con erre cigarro
      - Erre con erre barril
      - Rápido ruedan los carros
      - En el ferrocarril
       -
      -
      - -
      - - -
      -
      -
      -

      MaraDNS products

      -Sponsorship is what made continued MaraDNS development possible. +Sponsorship is what makes continued MaraDNS development possible. + +

      + +Do you want private email support? Would you like to see a feature +added to MaraDNS? Do you have a need for specialized C programming +or Linux/UNIX scripting?

      -For a while, I accepted sponsorship for people who helped compensate me -for the hard work I did developing MaraDNS. I no longer need donations -to help with MaraDNS development +I offer, for very reasonable prices, a number of services, including: +

        +
      • Private MaraDNS email support. +
      • MaraDNS customization. +
      • C, Perl, Python, and other programming services. +
      +If you are interested in paying me, please contact me
      diff -Nru maradns-2.0.04/doc/en/webpage/search.embed maradns-2.0.04+really1.4.09/doc/en/webpage/search.embed --- maradns-2.0.04/doc/en/webpage/search.embed 2011-08-05 11:59:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/webpage/search.embed 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -

      Search MaraDNS documentation

      - -If you wish to search this site, please enter what you -are looking for in the following box.

      - - -

      Loading
      - - - - diff -Nru maradns-2.0.04/doc/en/webpage/search.html maradns-2.0.04+really1.4.09/doc/en/webpage/search.html --- maradns-2.0.04/doc/en/webpage/search.html 2011-08-05 11:59:50.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/webpage/search.html 1970-01-01 00:00:00.000000000 +0000 @@ -1,100 +0,0 @@ - -MaraDNS - a security-aware DNS server - - - - - - - - - -
      -
      -
      - - - - -
      -MaraDNS -
      -
      -A security-aware DNS server -
      -      		       -
      - - Erre con erre cigarro
      - Erre con erre barril
      - Rápido ruedan los carros
      - En el ferrocarril
       -
      -
      - -
      - - -
      -
      -
      -
      - -
      -
      - - - -
      -
      - - -

      Search MaraDNS documentation

      - -If you wish to search this site, please enter what you -are looking for in the following box.

      - - -

      Loading
      - - - - -
      -
      -
      -
      -
      - - diff -Nru maradns-2.0.04/doc/en/webpage/security.embed maradns-2.0.04+really1.4.09/doc/en/webpage/security.embed --- maradns-2.0.04/doc/en/webpage/security.embed 2011-08-05 11:59:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/webpage/security.embed 2010-02-02 17:12:44.000000000 +0000 @@ -2,14 +2,9 @@ For people who just want to quickly get current with MaraDNS' security history should jump to the history section. Note -that MaraDNS last reported security problem was on or before -February 5, 2011 +that MaraDNS last reported security problem was on February 2, 2010

      -

      -For people with a security bug to report: Contact me - -

      MaraDNS should be a secure DNS server. +MaraDNS should be a secure DNS server.

      @@ -349,25 +344,4 @@ Impact: Denial of service. -

    • -An array of integers was allocated in bytes instead of sizeof(int) units. -The resulted in a buffer being too small, allowing it to be overwritten. -Since the data placed in the overwritten array can not be remotely controlled -(it is a list of increasing integers), there is no way to increase privileges -exploiting this bug. - -

      - -This bug was fixed in MaraDNS 1.3.07.11, MaraDNS 1.4.06, and MaraDNS 2.0.02, -released on or before February 5, 2011. This bug also impacts MaraDNS 1.0 -and MaraDNS 1.2; since these versions of MaraDNS have passed their end of -life, they have not been updated. - -

      - -More information is at this blog -entry. - -

      • - diff -Nru maradns-2.0.04/doc/en/webpage/security.html maradns-2.0.04+really1.4.09/doc/en/webpage/security.html --- maradns-2.0.04/doc/en/webpage/security.html 2011-08-05 11:59:50.000000000 +0000 +++ maradns-2.0.04+really1.4.09/doc/en/webpage/security.html 2010-02-02 17:12:53.000000000 +0000 @@ -41,11 +41,11 @@ -+ -+ - --I would like to thank everyone who has helped with MaraDNS development --over the years. I now have a job with a living wage in the United States --and therefore no longer need to solicit donations for MaraDNS. -+
      -+
      -+
      -+ -+ -+ -+ -+
      -+MaraDNS -+
      -+
      -+A security-aware DNS server -+
      -+      		       -+
      -+ -+ Erre con erre cigarro
      -+ Erre con erre barril
      -+ Rápido ruedan los carros
      -+ En el ferrocarril
       -+
      -+
      -+ -+
      -+
      -+ Main -+ Download -+ Documentation -+ Blog -+ Changelog -+ -+
      -+ -+
      -+
      -+
      -+
      -+ -+

      MaraDNS products

      -+ -+Sponsorship is what made continued MaraDNS development possible. -+ -+

      -+ -+For a while, I accepted sponsorship for people who helped compensate me -+for the hard work I did developing MaraDNS. I no longer need donations -+to help with MaraDNS development - ---- maradns-2.0.02/doc/en/webpage/search.embed 2011-03-18 13:29:45.000000000 -0400 -+++ maradns-2.0.03/doc/en/webpage/search.embed 2011-03-18 13:06:32.000000000 -0400 -@@ -0,0 +1,19 @@ -+

      Search MaraDNS documentation

      -+ -+If you wish to search this site, please enter what you -+are looking for in the following box.

      -+ -+ -+

      Loading
      -+ -+ -+ -+ ---- maradns-2.0.02/doc/en/webpage/Makefile 2009-12-21 10:28:41.000000000 -0500 -+++ maradns-2.0.03/doc/en/webpage/Makefile 2011-03-18 13:06:32.000000000 -0400 -@@ -1,7 +1,7 @@ - all: changelog.html contact.html dns_software.html download.html \ - faq-1.0.html faq.html index.html license.html notes.html \ - sponsors.html security.html advocacy.html debian.html \ -- products.html -+ products.html search.html - - changelog.html: changelog.embed maradns-1.2-top.html maradns-1.2-bottom.html - ./make.page changelog.embed -@@ -41,6 +41,10 @@ - security.html: security.embed maradns-1.2-top.html maradns-1.2-bottom.html - ./make.page security.embed - -+# Added 2011.03.18: Make it easier for users to search the docs -+search.html: security.embed maradns-1.2-top.html maradns-1.2-bottom.html -+ ./make.page search.embed -+ - advocacy.html: advocacy.embed maradns-1.2-top.html maradns-1.2-bottom.html - ./make.page advocacy.embed - ---- maradns-2.0.02/doc/en/webpage/security.embed 2010-02-02 12:12:44.000000000 -0500 -+++ maradns-2.0.03/doc/en/webpage/security.embed 2011-03-18 13:30:39.000000000 -0400 -@@ -2,9 +2,14 @@ - - For people who just want to quickly get current with MaraDNS' security - history should jump to the history section. Note --that MaraDNS last reported security problem was on February 2, 2010

      -+that MaraDNS last reported security problem was on or before -+February 5, 2011 - --MaraDNS should be a secure DNS server. -+

      -+For people with a security bug to report: Contact me -+ -+

      MaraDNS should be a secure DNS server. - -

      - -@@ -344,4 +349,25 @@ - - Impact: Denial of service. - -+

    • -+An array of integers was allocated in bytes instead of sizeof(int) units. -+The resulted in a buffer being too small, allowing it to be overwritten. -+Since the data placed in the overwritten array can not be remotely controlled -+(it is a list of increasing integers), there is no way to increase privileges -+exploiting this bug. -+ -+

      -+ -+This bug was fixed in MaraDNS 1.3.07.11, MaraDNS 1.4.06, and MaraDNS 2.0.02, -+released on or before February 5, 2011. This bug also impacts MaraDNS 1.0 -+and MaraDNS 1.2; since these versions of MaraDNS have passed their end of -+life, they have not been updated. -+ -+

      -+ -+More information is at this blog -+entry. -+ -+

      • -+ - diff -Nru maradns-2.0.04/update/2.0.04/2.0.03-to-2.0.04 maradns-2.0.04+really1.4.09/update/2.0.04/2.0.03-to-2.0.04 --- maradns-2.0.04/update/2.0.04/2.0.03-to-2.0.04 2011-11-12 08:25:45.000000000 +0000 +++ maradns-2.0.04+really1.4.09/update/2.0.04/2.0.03-to-2.0.04 1970-01-01 00:00:00.000000000 +0000 @@ -1,223 +0,0 @@ -#!/bin/sh -e - -# This script updates MaraDNS 2.0 - -# To run this script, make sure that this script is in the directory -# containing the tarball for the version of MaraDNS you wish to update, and -# all of the patches are in a directory entitled 'patches'. - -# For example, to update MaraDNS 1.4.02 to 1.4.03, make sure -# maradns-1.4.02.tar.bz2 is in the same directory as this script, and -# that the directory containing this script has a directory called -# "patches/" which has all of the maradns-1.4.02*.patch files. - -CURRENT=${0%%-*} -CURRENT=${CURRENT##*/} -NEXT=${0##*-} - -# The revision number; in the case of having multiple snapshots a day, -# the revision number can be incremented so as to minimize confusion -# This is only done when more than one snapshop is uploaded to the -# maradns.org server in a given day. -REVISION=.1 - -# Make a clean CURRENT install, which we rename NEXT -rm -fr maradns-$CURRENT 2> /dev/null -rm -fr maradns-$NEXT 2> /dev/null -echo extracting tarball -tar xjf maradns-$CURRENT.tar.bz2 -if [ $? != 0 ] ; then - echo run this from the correct directory - exit 1 -fi -rm -fr maradns-$NEXT* -mv maradns-$CURRENT maradns-$NEXT -cd maradns-$NEXT - -# The patches - -mkdir update/$NEXT -if [ "$1" != "new" ] ; then - cp ../patches/maradns-$CURRENT* update/$NEXT - #cp ../patches/maradns-* update/$NEXT - #echo -fi - -# This is one of the few places where we will need to change anything -# in this script from version to version - -echo applying patches - -if [ "$1" != "new" ] ; then - - # Update download link (this is always done) - patch -p1 < update/$NEXT/maradns-$CURRENT-download.patch - - # Patch: Update changelog - patch -p1 < update/$NEXT/maradns-$CURRENT-changelog.patch - -fi - -# Update RPM spec file (We now have a script make the .spec file) -rm -f build/maradns-$CURRENT.spec -tools/misc/make.maradns.spec $NEXT > build/maradns-$NEXT.spec - -# Regenerate Deadwood's random prime number -rm -fr deadwood-3.0.03 -tar xvjf ../deadwood-3.0.05.tar.bz2 -echo Making new random prime -cd deadwood-3.0.05/src -cc -o foo RandomPrime.c -./foo > DwRandPrime.h -rm foo -cd ../.. - -# Release-specific fixes and changes go here - -# Update Deadwood to 3.0.0X (if needed) -#rm -fr deadwood-3.0.02 -#tar xjf ../deadwood-3.0.03.tar.bz2 - -# Fix issue with transferring a zone with a lot of FQDN4/FQDN6 records -patch -p1 < update/$NEXT/maradns-2.0.03-angeld.patch - -# FIx issues with "/read" slash command -patch -p1 < update/$NEXT/maradns-2.0.03-karim_bug.patch - -# Anything below this line normally is not changed between MaraDNS versions - -# Make sure text changelog and FAQ are up-to-date -#cp doc/en/webpage/faq.embed doc/en/source/faq.embed -#cp doc/en/webpage/changelog.embed doc/en/source/changelog.embed - -# Convert tabs in code to spaces, since this is inconsistant in different -# programs -echo removing tabs from source files -if true ; then - for a in $( find . -type f -name \*.[ch] ) ; do - col -x < $a > foo - mv foo $a - done -fi - -echo updating documentation -# Update the documentation - -# Nicholas Bamber pointed out some of the documentation was not automagically -# updated; fixed for MaraDNS 2.0.04 -rm 0QuickStart -PATH=$PATH:$(pwd)/tools/ej -./tools/ej/ej2txt doc/en/source/quick_start.ej | awk ' - /\*/ {print ""} {print}' > 0QuickStart -cp doc/en/webpage/changelog.embed doc/en/source - -cd doc/en -make -cd man -make -cd ../examples -make -cd ../tutorial -make -cd ../text -make -cd ../webpage -#../../../tools/misc/make.download.embed > download.embed -make -# Go back to the maradns dir -cd ../../.. - -rm CHANGELOG -ln -s doc/en/changelog.txt CHANGELOG - -# Go one level higher than the toplevel directory to copy this script -# over -cd .. - -# Put this script in the "build" directory -cp $0 maradns-$NEXT/update/$NEXT - -if [ "$1" = "new" ] ; then - tar xjf maradns-$CURRENT.tar.bz2 - echo OK, both maradns-$CURRENT and maradns-$NEXT made\; you - echo now can start making patches. - exit 0 -fi - -if [ "$1" != "go" ] && [ "$1" != "snap" ] && [ "$1" != "work" ] ; then - echo OK, maradns-$NEXT built. Confirm this compiles and - echo perform basic regression before re-running this to make - echo the tarballs. Once you have tested this, rerun this - echo script as: \"$0 go\" or as \"$0 snap\" - echo to make a daily snapshot - exit 0 -fi - -if [ "$1" = "work" ] ; then - tar xjf maradns-$CURRENT.tar.bz2 - echo OK, both maradns-$CURRENT and maradns-$NEXT made\; you - echo now can make more patches as needed. - exit 0 -fi - -# Build the tarballs -echo making new tarballs - -if [ "$1" = "snap" ] ; then - SNAP=Q.$( date +%Y%m%d )$REVISION - rm -fr maradns-$SNAP - mv maradns-$NEXT maradns-$SNAP - tar cjf maradns-$SNAP.tar.bz2 maradns-$SNAP - exit 0 -else - SNAP=$NEXT - tar cjf maradns-$SNAP.tar.bz2 maradns-$SNAP - # CentOS 5 doesn't have "J" tar option - tar cf maradns-$SNAP.tar maradns-$SNAP - xz -9 maradns-$SNAP.tar - tar czf maradns-$SNAP.tar.gz maradns-$SNAP - - # All of the compression we actually use was originally written by - # Igor Pavlov for the 7-zip compression suite - echo shrinking .gz tarball - advdef -z -4 maradns-$SNAP.tar.gz -fi - -exit 0 # No exotic compression any more - -echo using exotic compression -tar cf maradns-$SNAP.tar maradns-$SNAP - -echo lzma compression \(this will take about 5 minutes\) -date -# To decompress: cat file.tar.lzma | lzma d -si -so | tar xvf - -# -d20 makes the file almost as small as -d22, but uses 1/4 of the memory -# (only a little over one meg needed for decompression) -lzma e maradns-$SNAP.tar maradns-$SNAP.tar.lzma -a2 -d20 -fb255 -date -echo - -# Clean up the uncompressed tarball -rm maradns-$SNAP.tar - -exit 0 - -# The other exotic compressors can't be run in a pipeline - -echo 7zip compression -date -7za a maradns-$SNAP.tar.7z maradns-$SNAP.tar -date -echo - -echo paq6 compression \(This will take 2\-3 minutes\) -date -paq6v2 -2 maradns-$SNAP.tar.pq6 maradns-$SNAP.tar -date -echo - -echo rzip compression -date -rzip maradns-$SNAP.tar -date -echo diff -Nru maradns-2.0.04/update/2.0.04/maradns-2.0.03-angeld.patch maradns-2.0.04+really1.4.09/update/2.0.04/maradns-2.0.03-angeld.patch --- maradns-2.0.04/update/2.0.04/maradns-2.0.03-angeld.patch 2011-11-12 08:25:41.000000000 +0000 +++ maradns-2.0.04+really1.4.09/update/2.0.04/maradns-2.0.03-angeld.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ ---- maradns-2.0.03/parse/Csv2_database.c 2011-08-05 06:59:48.000000000 -0500 -+++ maradns-2.0.04/parse/Csv2_database.c 2011-10-05 18:23:59.012736913 -0500 -@@ -1,4 +1,4 @@ --/* Copyright (c) 2004-2006 Sam Trenholme -+/* Copyright (c) 2004-2011 Sam Trenholme - * - * TERMS - * -@@ -840,10 +840,10 @@ - } - point = state->buffer; - -- /* We only allow 30 things in the buffer because it gets slower and -+ /* We only allow 64 things in the buffer because it gets slower and - * slower to add things to the end */ - if(state->buffer != new) { -- for(x = 0; x < 30 ; x++) { -+ for(x = 0; x < 64 ; x++) { - if(point->next == 0) { - break; - } diff -Nru maradns-2.0.04/update/2.0.04/maradns-2.0.03-changelog.patch maradns-2.0.04+really1.4.09/update/2.0.04/maradns-2.0.03-changelog.patch --- maradns-2.0.04/update/2.0.04/maradns-2.0.03-changelog.patch 2011-11-12 08:25:41.000000000 +0000 +++ maradns-2.0.04+really1.4.09/update/2.0.04/maradns-2.0.03-changelog.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,63 +0,0 @@ ---- maradns-2.0.03/doc/en/webpage/changelog.embed 2011-08-05 06:59:44.000000000 -0500 -+++ maradns-2.0.04/doc/en/webpage/changelog.embed 2011-11-12 02:20:01.574557012 -0600 -@@ -1,13 +1,57 @@ -

      MaraDNS changelog

      - -+

      maradns-2.0.04:

      -+This is a stable release of MaraDNS. -+
      -+
        -+
      • AngelD's issue with zone transfers when there are a lot of FQDN4 records -+ fixed. -+
      • Karim's issue with '/read' directive fixed -+
      -+(2011.11.12) -+
      -+ -+

      maradns-1.4.07:

      -+This is a legacy release of MaraDNS. All patches are backports -+of MaraDNS 2.0 bug fixes. -+
      -+
        -+
      • A typo fix for fetchzone -+
      • AXFR-over-UDP packets are now correctly marked "truncated" -+
      • It is now possible to have the '/' in hostnames -+
      • Fix for Debian bug #607739: Hostname shown when complaining about DDIP -+ issues -+
      • AngelD's issue with zone transfers when there are a lot of FQDN4 records -+ fixed. -+
      • Karim's issue with '/read' directive fixed -+
      -+(2011.11.11) -+
      -+ -

      maradns-2.0.03:

      --This is a stable branch of MaraDNS -+This is a stable release of MaraDNS. -
      -
        --
      • ANY queries that do not fit in 512 bytes are not properly truncated -+
      • Deadwood updated to Deadwood 3.0.03 -+
      • ANY queries that do not fit in 512 bytes are now properly truncated -
      • RFC2317 hostnames with slash characters ('/') are now supported -+
      • MaraDNS is now fully installed when 'make install' is invoked (at -+ least on CentOS 5) -+
      • DDIP MX problem records now show hostname -+
      • Correct handling of IXFR and AXFR requests sent over UDP (the UDP server -+ now always marks these as being truncated) -+
      • Documentation updates -+
      • Give information on how to RTFM (correct manpage pointed out) if a -+ csv2 file doesn't parse -+
      • Added support for --pid=/path/to/file to Duende (courtesy Yarin) -+
      • ipv6 fixes applied -+
      • Courtesy of Nicholas Bamber, Duende should now reap all -+ children (as long as they don't need a KILL/9 signal to exit) -+
      • Updates to the SQA regressions -+
      • MaraDNS 2.0 tarball is now xz compressed; MaraDNS 2.0 Windows binary is -+ now provided. -
      --(2011.??.??) -+(2011.08.05) -
      - -

      maradns-2.0.02:

      diff -Nru maradns-2.0.04/update/2.0.04/maradns-2.0.03-download.patch maradns-2.0.04+really1.4.09/update/2.0.04/maradns-2.0.03-download.patch --- maradns-2.0.04/update/2.0.04/maradns-2.0.03-download.patch 2011-11-12 08:25:41.000000000 +0000 +++ maradns-2.0.04+really1.4.09/update/2.0.04/maradns-2.0.03-download.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,143 +0,0 @@ ---- maradns-2.0.03/doc/en/webpage/download.embed 2011-08-05 06:59:44.000000000 -0500 -+++ maradns-2.0.04/doc/en/webpage/download.embed 2011-11-12 02:23:40.820913041 -0600 -@@ -4,62 +4,77 @@ - -

      Current stable release

      - --The current stable release of MaraDNS is MaraDNS 2.0.02, released --February 5, 2011. -+The current stable release of MaraDNS is MaraDNS 2.0.04, released -+November 12, 2011. This release has both the UNIX/Windows source code -+(in two different compression formats) as well as a Windows -+binary (the win32.zip file). - -

      - maradns-2.0.02.tar.bz2 -+href="download/2.0/2.0.04/maradns-2.0.04.tar.bz2">maradns-2.0.04.tar.bz2 - sig -+href="download/2.0/2.0.04/maradns-2.0.04.tar.bz2.asc">sig -+
      -+maradns-2.0.04.tar.xz -+sig -+
      -+maradns-2.0.04.tar.gz -+sig -+
      -+maradns-2-0-04-win32.zip -+sig - -

      Previous stable release

      - --

      This is the previous stable release of MaraDNS, MaraDNS 1.4.06, --released January 29, 2011. Unlike MaraDNS 2.0.02, a Windows --binary is included. This release is available --both at sourceforge.n --et --and on this page. -+

      This is the previous stable release of MaraDNS, MaraDNS 1.4.07, -+released November 11, 2011. - -

      - -
      - maradns-1.4.06.tar.bz2 -+href="download/1.4/1.4.07/maradns-1.4.07.tar.bz2">maradns-1.4.07.tar.bz2 - - sig -+href="download/1.4/1.4.07/maradns-1.4.07.tar.bz2.asc">sig - - info -
      - maradns-1.4.06.tar.gz -+href="download/1.4/1.4.07/maradns-1.4.07.tar.gz">maradns-1.4.07.tar.gz - - sig -+href="download/1.4/1.4.07/maradns-1.4.07.tar.gz.asc">sig - - info -
      - maradns-1-4-06-win32.zip -+href="download/1.4/1.4.07/maradns-1-4-07-win32.zip">maradns-1-4-07-win32.zip - - sig -+href="download/1.4/1.4.07/maradns-1-4-07-win32.zip.asc">sig - - info -
      - maradns-1-4-06-win32.7z -+href="download/1.4/1.4.07/maradns-1-4-07-win32.7z">maradns-1-4-07-win32.7z - - sig -+href="download/1.4/1.4.07/maradns-1-4-07-win32.7z.asc">sig - - info -
      -@@ -68,28 +83,27 @@ - -

      Deadwood

      - --Deadwood is the code that will soon become MaraDNS' next recursive --resolver; right now it is a recursive cache undergoing beta testing. --Deadwood, unlike MaraDNS, does not need threads to resolve queries, and --has features MaraDNS 1.x's recursive code doesn't have, such as --"resurrections" and the ability to read and write the cache to disk. -+Deadwood is MaraDNS 2.0's recursive resolver. Deadwood does not need -+threads to resolve queries, and has features MaraDNS 1.x's recursive -+code doesn't have, such as "resurrections" and the ability to read and -+write the cache to disk. - -
      - deadwood-3.0.02.tar.bz2 -+href="deadwood/stable/deadwood-3.0.05.tar.bz2">deadwood-3.0.05.tar.bz2 - - sig -+href="deadwood/stable/deadwood-3.0.05.tar.bz2.asc">sig - - info -
      - Deadwood-3-0-02-win32.zip -+href="deadwood/stable/Deadwood-3-0-05-win32.zip">Deadwood-3-0-05-win32.zip - - sig -+href="deadwood/stable/Deadwood-3-0-05-win32.zip.asc">sig - - info -
      diff -Nru maradns-2.0.04/update/2.0.04/maradns-2.0.03-karim_bug.patch maradns-2.0.04+really1.4.09/update/2.0.04/maradns-2.0.03-karim_bug.patch --- maradns-2.0.04/update/2.0.04/maradns-2.0.03-karim_bug.patch 2011-11-12 08:25:41.000000000 +0000 +++ maradns-2.0.04+really1.4.09/update/2.0.04/maradns-2.0.03-karim_bug.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,66 +0,0 @@ ---- maradns-2.0.03/parse/Csv2_parse.c 2011-08-05 06:59:48.000000000 -0500 -+++ maradns-2.0.04/parse/Csv2_parse.c 2011-10-09 06:31:06.243103043 -0500 -@@ -1404,8 +1404,8 @@ - return -1; - } - -- /* Process the slash commands (currently only '/origin' and -- * '/ttl') */ -+ /* Process the slash commands (/origin, /ttl, /opush, /opop, -+ * and /read) */ - if(csv2_justread(stream) == '/') { - int32 look, cmd; - slash_command = 1; -@@ -1587,6 +1587,7 @@ - js_dealloc(o); - } else if(cmd == 5 && look == 'd') { - js_string *filename; -+ int rc = 0, fc = 0; - look = csv2_read_unicode(stream); - if(!csv2_is_delimiter(look)) { - csv2_error(stream, -@@ -1594,6 +1595,15 @@ - return -1; - } - filename = csv2_get_filename(stream); -+ /* Hack: Ignore everything until the -+ * next ~ or \n */ -+ csv2_allow_tilde(stream); -+ for(rc = 0; rc < 10000; rc++) { -+ fc = csv2_readchar(stream); -+ if(fc == '~' || fc == '\n') { -+ break; -+ } -+ } - csv2_push_file(stream,filename); - js_destroy(filename); - } else { ---- maradns-2.0.03/parse/Csv2_read.c 2011-08-05 06:59:48.000000000 -0500 -+++ maradns-2.0.04/parse/Csv2_read.c 2011-10-09 06:33:58.901109161 -0500 -@@ -1,4 +1,4 @@ --/* Copyright (c) 2004-2006,2008 Sam Trenholme -+/* Copyright (c) 2004-2006,2008,2011 Sam Trenholme - * - * TERMS - * -@@ -163,7 +163,11 @@ - return out; - } - } -- } -+ } else if(file->mnum == 2) { /* Bogus '\n' hack */ -+ file->justread = '\n'; -+ file->mnum = 0; -+ return '\n'; -+ } - - /* If we are not inside a macro, we just read from the file */ - if(file->mnum == 0) { -@@ -350,6 +354,7 @@ - file->filename = nf; - file->reading = nfd; - file->stack_height++; -+ file->mnum = 2; /* '\n' hack */ - - return JS_SUCCESS; -