]>
Commit | Line | Data |
---|---|---|
b20e48dc | 1 | # Example simplified mararc file. |
2 | # This only shows a subset of MaraDNS' features needed to be an | |
3 | # authoritative and recursive name server. Look at | |
4 | # detailed/example_full_mararc for an example showing most of the features | |
5 | # that MaraDNS has. | |
6 | ||
7 | # Note that this example mararc file will not actually do anything | |
8 | # without modification. | |
9 | # Look in the doc/examples directory for a working example authoritative | |
10 | # nameserver, and a working recursive nameserver. | |
11 | ||
12 | # The various zones we support | |
13 | ||
14 | # We must initialize the csv1 hash, or MaraDNS will be unable to | |
15 | # load any zone files | |
16 | csv1 = {} | |
17 | ||
18 | # This is just to show the format of the file | |
19 | # Note the this is commented out. Any line that starts with a '#' is not | |
20 | # read by the parser. Remove the leading '# ' to enable any line that is | |
21 | # commented out | |
22 | # csv1["example.com."] = "db.example.com" | |
23 | # Naturally, we can have multiple zone files | |
24 | # csv1["example.org."] = "db.example.org" | |
25 | ||
26 | # The address this DNS server runs on. If you want to bind | |
27 | # to all addresses a given machine has, use "0.0.0.0". | |
28 | bind_address = "0.0.0.0" | |
29 | # The directory with all of the zone files | |
30 | chroot_dir = "/etc/maradns" | |
31 | # The numeric UID MaraDNS will run as | |
32 | maradns_uid = 58 | |
33 | # The maximum number of threads (or processes, with the zone server) | |
34 | # MaraDNS is allowed to run | |
35 | maxprocs = 10 | |
36 | ||
37 | # Most of the time, this can stay 3. However, when registering | |
38 | # a domain under .de, .au, and possibly other top-level-domains, this | |
39 | # needs to have a value of 15. | |
40 | default_rrany_set = 3 | |
41 | ||
42 | # The number of messages we log to stdout | |
43 | # 0: No messages except for fatal parsing errors | |
44 | # 1: Only startup messages logged (default) | |
45 | # 2: Error queries logged | |
46 | # 3: All queries logged (but not very verbosely right now) | |
47 | verbose_level = 1 | |
48 | ||
49 | # Initialize the IP aliases, which are used by the list of root name servers, | |
50 | # the ACL for zone transfers, and the ACL of who gets to perform recursive | |
51 | # queries | |
52 | ipv4_alias = {} | |
53 | ||
54 | # Other root servers are in the full example mararc file | |
55 | ||
56 | # Here is a ACL which restricts who is allowed to perform zone transfer from | |
57 | # the zoneserver program | |
58 | ||
59 | # VERY IMPORTANT: Do not put spaces in the zone_transfer_acl list | |
60 | # Good: zone_transfer_acl = "10.2.3.4,10.2.3.6" | |
61 | # Bad: zone_transfer_acl = "10.2.3.4, 10.2.3.6" | |
62 | ||
63 | # Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits in IP need to match) | |
64 | # and 10.100.100.100/255.255.255.224 (IP: 10.100.100.100, netmask | |
65 | # 255.255.255.224) are allowed to connect to the zone server | |
66 | # zone_transfer_acl = "10.1.1.1/24,10.100.100.100/255.255.255.224" | |
67 | ||
68 | # If you want to enable recursion on the loopback interface, uncomment | |
69 | # the relevent lines in the following section | |
70 | ||
71 | # Recursive ACL: Who is allowd to perform recursive queries. The format | |
72 | # is identical to that of "zone_transfer_acl", including ipv4_alias support | |
73 | ||
74 | # ipv4_alias["localhost"] = "127.0.0.0/8" | |
75 | # recursive_acl = "localhost" | |
76 | ||
77 | # Random seed file: The file form which we read 16 bytes from to get the | |
78 | # 128-bit random seed. This is ideally a file which is a good source | |
79 | # of random numbers, but can also be a fixed file if your OS does not have | |
80 | # a decent random number generator (make sure the contents of that file is | |
81 | # random and with 600 perms, owned by root, since we read the file *before* | |
82 | # dropping root privledges) | |
83 | ||
84 | # random_seed_file = "/dev/urandom" | |
85 | ||
86 | # The maximum number of elements we can have in the cache. If we have more | |
87 | # elements in the cache than this amount, the "custodian" kicks in to effect, | |
88 | # removing elements at random from the cache (8 elements removed per query) | |
89 | # until we are at the 99% level or so again. | |
90 | ||
91 | # maximum_cache_elements = 1024 | |
92 | ||
93 | # The root servers which we use when making recursive queries. | |
94 | ||
95 | # The following line must be uncommented to enable recursive queries | |
cb16af8d | 96 | root_servers = {} |
b20e48dc | 97 | |
98 | # Various sets of root name servers | |
99 | # Note: Netmasks can exist, but are ignored when specifying root name server | |
100 | ||
101 | # ICANN: the most common and most controversial root name server | |
102 | # http://www.icann.org | |
103 | ipv4_alias["icann"] = "198.41.0.4,128.9.0.107,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17,198.41.0.10,193.0.14.129,198.32.64.12,202.12.27.33" | |
104 | ||
105 | # OSRC: http://www.open-rsc.org/ | |
106 | ipv4_alias["osrc"] = "199.166.24.1,205.189.73.102,199.166.24.3,204.80.125.130,207.126.103.16,195.117.6.10,199.166.31.3,199.166.31.250,199.5.157.128,205.189.73.10,204.57.55.100,213.196.2.97" | |
107 | ||
108 | # You can choose which set of root servers to use. Current values (set above) | |
109 | # are: icann, and osrc | |
110 | # Other alternate registries are listed in the example_full_mararc file | |
cb16af8d | 111 | root_servers["."] = "osrc" |
b20e48dc | 112 | |
113 | # We can also blacklist known spam-friendly DNS servers, so that MaraDNS | |
114 | # refuses to query known spam-friendly DNS servers | |
115 | ||
116 | # As of August 12, 2001, azmalink.net is a known spam-friendly DNS | |
117 | # provider (see doc/detailed/spammers/azmalink.net for details). | |
118 | # Note that this is based on IPs, and azmalink.net constantly | |
119 | # changes IPs (as they constantly have to change ISPs) | |
120 | ipv4_alias["azmalink"] = "206.169.88.7/24" | |
121 | ||
122 | # As of September 20, 2001, hiddenonline.net is a known spam-friendly | |
123 | # DNS provider (see doc/detailed/spammers/hiddenonline for details). | |
124 | ipv4_alias["hiddenonline"] = "65.107.225.0/24" | |
125 | spammers = "azmalink,hiddenonline" | |
126 | ||
127 | # And that does it for the caching at this point | |
128 |