1MARARC(5)                      MaraDNS reference                     MARARC(5)
2
3
4

NAME

6       mararc - Format of the mararc zone file that MaraDNS uses
7

MARARC FILE FORMAT

9       Mararc files use a syntax that is a subset of Python 2.2.3 syntax. In
10       particular, Python 2.2.3 (and possibly other versions of Python) can
11       read a properly formatted mararc file without error.
12
13       Unlike Python, however, a mararc file can only use certain variable
14       names, and the variables can only be declared as described below.
15

COMMENTS

17       Comments (lines ignored by the MaraDNS parser) start with the '#'
18       character, like this:
19
20       # This is a comment
21
22       The MaraDNS parser also ignores lines which contain only white space.
23

OPERATORS

25       The MaraRC file supports two operators: = and +=
26
27       The = operator can be used to assign both numeric and string values
28
29       The += operator can only be used on string values, and concatenates the
30       value to the right of the += operator to the string specified to the
31       left of the += operator.
32
33       Examples:
34
35       ipv4_bind_addresses = "10.2.19.83"
36       ipv4_bind_addresses += ",10.2.66.74"
37       ipv4_bind_addresses += ",10.3.87.13"
38
39       ipv4_bind_addresses now has the value
40       "10.2.19.83,10.2.66.74,10.3.87.13"
41
42       ipv4_alias["icann"] = "198.41.0.4"
43       ipv4_alias["icann"] += ",192.228.79.201"
44       ipv4_alias["icann"] += ",192.33.4.12,128.8.10.90"
45
46

MARARC VARIABLES

48       Follows is a listing of variables that can be declared in the mararc
49       file.
50

DICTIONARY VARIABLE FORMAT

52       A dictionary variable is an array that can have multiple elements.
53       Unlike a traditional array, these arrays are indexed by strings instead
54       of numbers. These are analogous to associative arrays, or what Perl
55       somewhat inaccurately calls hashes.
56
57       The syntax of a dictionary variable is in the following form:
58
59       name["index"] = "value"
60
61       Where name is the name of the dictionary variable, index is the index
62       of the array, and value is the value stored at that index.
63
64       Every time we have a dictionary-type variable (such as csv2), we must
65       first initialize it using a line in the following form:
66
67       csv2 = {}
68
69       Here, csv2 is the name of the "dictionary" variable that we are
70       initializing.
71

DICTIONARY VARIABLES

73       Here is a listing of all "dictionary"-style variables that MaraDNS
74       uses:
75
76    csv2
77
78       The csv2 dictionary variable stores all of the zone names and file
79       names for the zone files that MaraDNS uses. Note that csv2 files are
80       read after MaraDNS is chrooted. Hence the filename is relative to the
81       chroot_dir.  Example:
82
83       csv2["example.net."] = "db.example.net"
84
85       See csv2(5) for a description of this file's format.
86
87       The dictionary index (zone name) can not have a * in it. If it does,
88       MaraDNS will terminate with an "Illegal zone name" error.
89
90    csv1
91
92       csv1: Used to indicate the filename to use for a given zone stored in
93       the legacy csv1 zone file format. This is primarily for compatibility
94       with people who have maradns-1.0 zone files.
95
96       csv1["zone"] = "filename"
97
98       csv1: A pipe-separated-file. See csv1(5).
99
100       zone: the zone that file in question is authoritative for
101
102       filename: the file with the CSV1 zone data
103
104       Note that csv1 files are read after MaraDNS is chrooted, and, hence the
105       filename is relative to the chroot_dir.
106
107       See the csv1(5) man page for more information on this file format.
108
109    ipv4_alias
110
111       ipv4_alias: Used to give nicknames or aliases for ip/netmask pairs for
112       ipv4 (standard 32-bit) IP addresses.
113
114       ipv4_alias["name"] = "ip1/netmask,ip2/netmask,etc"
115
116       name: The name of the alias in question
117
118       ip: The ip portion of an ip/netmask pair
119
120       netmask: the mask portion of an ip/netmask pair
121
122       ,: Used to separate ip/netmask pairs. Spaces may be placed before or
123       after this comma.
124
125       An ip is in dotted-decimal format, e.g. "10.1.2.3".
126
127       The netmask can be in one of two formats: A single number between 1 and
128       32, which indicates the number of leading "1" bits in the netmask, or a
129       4-digit dotted-decimal netmask.
130
131       The netmask is used to specify a range of IPs.
132
133    ipv4_alias examples
134
135       10.1.1.1/24 indicates that any ip from 10.1.1.0 to 10.1.1.255 will
136       match.
137
138       10.1.1.1/255.255.255.0 is identical to 10.1.1.1/24
139
140       10.2.3.4/16 indicates that any ip from 10.2.0.0 to 10.2.255.255 will
141       match.
142
143       10.2.3.4/255.255.0.0 is identical to 10.2.3.4/16
144
145       127.0.0.0/8 indicates that any ip with "127" as the first octet
146       (number) will match.
147
148       127.0.0.0/255.0.0.0 is identical to 127.0.0.0/8
149
150       The netmask is optional, and, if not present, indicates that only a
151       single IP will "match". e.g:
152
153       10.9.9.9/32, 10.9.9.9/255.255.255.255, and 10.9.9.9 are all
154       functionally identical, and indicate that only the ip 10.9.9.9 will
155       match.
156
157       The significance of "match" depends on what we use the ipv4 alias for.
158
159       ipv4 aliases can nest. E.g:
160
161       ipv4_alias["susan"] = "10.6.7.8/24"
162       ipv4_alias["office"] = "susan,10.9.9.9"
163
164       Where "susan" in the "office" alias matches the value of the ipv4_alias
165       susan.
166
167       Multiple levels of nesting are allowed. Self-referring nests will
168       result in an error.
169

NORMAL VARIABLE FORMAT

171       Normal variables. These are variables that can only take a single
172       value.
173
174       The syntax of a normal variable is in the form
175
176       name = "value"
177
178       Where name is the name of the normal variable, and value is the value
179       of the variable in question.
180

NORMAL VARIABLES

182       Here is a listing of normal variables that MaraDNS uses:
183
184    ipv4_bind_addresses
185
186       ipv4_bind_addresses: The IP addresses to give the MaraDNS server.
187
188       This accepts one or more ipv4 IPs in dotted-decimal (e.g. "127.0.0.1")
189       notation, and specifies what IP addresses the MaraDNS server will
190       listen on. Multiple bind addresses are separated with a comma, like
191       this: "10.1.2.3, 10.1.2.4, 127.0.0.1"
192
193    admin_acl
194
195       This is a list of ip/netmask pairs that are allowed to get certain
196       administrative information about MaraDNS, including:
197
198       * The version number of MaraDNS running
199
200       * The number of threads MaraDNS has
201
202       * MaraDNS' internal timestamp value
203
204       Note that this information is not available unless the mararc variable
205       debug_msg_level is sufficiently high.  See the information on
206       debug_msg_level below for details on this and on the TXT queries sent
207       to get the above information.
208
209    bind_address
210
211       bind_address: The IP address to give the MaraDNS server.
212
213       This accepts a single IP in dotted-decimal (e.g. "127.0.0.1") notation,
214       and specifies what IP address the MaraDNS server will listen on. Note
215       that ipv4_bind_addresses has the same functionality.  This name is
216       included so that old MaraDNS configuration files will continue to work
217       with new MaraDNS releases.
218
219    bind_star_handling
220
221       In the case where there is both a star record for a given name and
222       recordtype, a non-star record with the same name but a different
223       recordtype, and no record for the given name and recordtype, MaraDNS
224       will usually return the star record. BIND, on the other hand, will
225       return a "not there" reply.  In other words:
226
227       * If a non-A record for foo.example.com exists
228
229       * An A record for *.example.com exists
230
231       * No A record for foo.example.com exists
232
233       * And the user asks for the A record for foo.example.com
234
235       * MaraDNS will usually return the A record attached to *.example.com
236
237       * BIND, on the other hand, returns a "not there" for foo.example.com
238
239       If the BIND behavior is desired, set bind_star_handling to 1.
240       Otherwise, set this to 0. In MaraDNS 1.3, this has a default value of
241       1.
242
243       In addition, if there is a star record that could match any given
244       record type, when bind_star_handling is 1, it makes sure that MaraDNS
245       does not incorrectly return a NXDOMAIN (RFC 4074 section 4.2).
246
247       Also, if bind_star_handling has a value of 2, MaraDNS will handle the
248       following case exactly as per section 4.3.3 of RFC1034:
249
250       * If a record for foo.example.com exists
251
252       * An A record for *.example.com exists
253
254       * And the user asks for the A record for bar.foo.example.com
255
256       * MaraDNS will usually return the A record attached to *.example.com
257
258       * RFC1034 section 4.3.3 says one should return a NXDOMAIN.
259
260       MaraDNS will exit with a fatal error if bind_star_handling has any
261       value besides 0, 1, or 2.
262
263    chroot_dir
264
265       chroot_dir: The directory MaraDNS chroots to
266
267       This accepts a single value: The full path to the directory to use as a
268       chroot jail.
269
270       Note that csv1 zone files are read after the chroot operation.  Hence,
271       the chroot jail needs to have any and all zone files that MaraDNS will
272       load.
273
274    csv2_default_zonefile
275
276       This is a special zone file that allows there to be stars at the end of
277       hostnames. This file is similar to a normal csv2 zone file, but has the
278       following features and limitations:
279
280       * Stars are allowed at the end of hostnames
281
282       * A SOA record is mandatory
283
284       * NS records are mandatory
285
286       * Neither CNAME, FQDN4, nor FQDN6 records are permitted in the zone
287         file
288
289       * Delegation NS records are not permitted in the zone file
290
291       * Default zonefiles may not be transferred via zone transfer
292
293       * Both recursion and default zonefiles may not be enabled at the same
294         time
295
296    csv2_synthip_list
297
298       Sometimes the IP list of nameservers will be different than the
299       nameservers one is bound to. This allows the synthetic nameserver list
300       to have different IPs.
301
302       Note that this may act in an unexpected manner if routable and non-
303       routable (localhost and RFC1918) addresses are combined; in particular,
304       a list with both routable and non-routable addresses will discard the
305       non-routable IP addresses, and a list with rfc1918 and localhost
306       addresses will discard the localhost addresses.
307
308    csv2_tilde_handling
309
310       How the csv2 zone file parser handles tildes (the ~ character) in csv2
311       zone files. This is a numeric record, with a possible value between 0
312       and 3 (four possible values). The way the csv2 parser acts at different
313       csv2_tilde_handling levels:
314
315       * 0) The csv2 parser behaves the same as it does in old MaraDNS
316         releases: The tilde has no special significance to the parser.
317
318       * 1) A tilde is not allowed anywhere in a csv2 zone file.
319
320       * 2) A tilde is only allowed between records in a csv2 zone file. If a
321         tilde is between the first record and the second record, a tilde is
322         required to be between all records. Otherwise, a tilde is not allowed
323         anywhere in a csv2 zone file. The first record can not be a TXT, WKS,
324         or LOC record.
325
326       * 3) A tilde is required to be between all records in a csv2 zone file.
327
328       The default value for csv2_tilde_handling is 2; this allows
329       compatibility with older zone files without tildes while allowing zone
330       files to be updated to use the tilde to separate resource records.
331
332    debug_msg_level
333
334       This is a number indicating what level of information about a running
335       MaraDNS process should be made public. When set to 0, no information
336       will be made public.
337
338       When set to one (the default), or higher, a Tversion.maradns. (TXT
339       query for "version.maradns.") query will return the version number of
340       MaraDNS.
341
342       When set to two or higher, a Tnumthreads.maradns.  (TXT query for
343       "numthreads.maradns.")  query will return the number of threads that
344       MaraDNS is currently running, and a Tcache-elements.maradns.  query
345       will return the number of elements in MaraDNS' cache.
346
347       If MaraDNS is compiled with debugging information on, a
348       Tmemusage.maradns. query will return the amount of memory MaraDNS has
349       allocated. Note that the overhead for tracking memory usage is
350       considerable and that compiling MaraDNS with "make debug" will greatly
351       slow down MaraDNS.  A debug build of MaraDNS is not recommended for
352       production use.
353
354       When set to three or higher, a Ttimestamp.maradns. query will return,
355       in seconds since the UNIX epoch, the timestamp for the system MaraDNS
356       is running on.
357
358
359    default_rrany_set
360
361       This variable used to determine what kind of resource records were
362       returned when an ANY query was sent. In MaraDNS, the data structures
363       have since been revised to return any resource record type when an ANY
364       query is sent; this variable does nothing, and is only here so that old
365       MaraDNS mararc files will continue to work.  The only accepted values
366       for this variable were 3 and 15.
367
368    dns_port
369
370       This is the port that MaraDNS listens on. This is usually 53 (the
371       default value), but certain unusual MaraDNS setups (such as when
372       resolving dangling CNAME records on but a single IP) may need to have a
373       different value for this.
374
375    dos_protection_level
376
377       If this is set to a non-zero value, certain features of MaraDNS will be
378       disabled in order to speed up MaraDNS' response time. This is designed
379       for situations when a MaraDNS server is receiving a large number of
380       queries, such as during a denial of service attack.
381
382       This is a numeric variable; its default value is zero, indicating that
383       all of MaraDNS' normal features are enabled. Higher numeric values
384       disable more features:
385
386       * A dos_protection_level between 1 and 78 (inclusive) disables getting
387         MaraDNS status information remotely.
388
389       * A dos_protection_level of 8 or above disables CNAME lookups.
390
391       * A dos_protection_level or 12 or above disables delegation NS records.
392
393       * A dos_protection_level of 14 or above disables ANY record processing.
394
395       * A dos_protection_level of 18 or above disables star record processing
396         at the beginning of hostnames (default zonefiles still work,
397         however).
398
399       * A dos_protection_level of 78 disables all authoritative processing,
400         including default zonefiles.
401
402       The default level of dos_protection_level is 0 when there are one or
403       more zonefiles; 78 when there are no zone files.
404
405    ipv6_bind_address
406
407       If MaraDNS is compiled with as an authoritative server, then this
408       variable will tell MaraDNS which ipv6 address for the UDP server to;
409       for this variable to be set, MaraDNS must be bound to at least one ipv4
410       address.
411
412    hide_disclaimer
413
414       If this is set to "YES", MaraDNS will not display the legal disclaimer
415       when starting up.
416
417    long_packet_ipv4
418
419       This is a list of IPs which we will send UDP packets longer than the
420       512 bytes RFC1035 permits if necessary. This is designed to allow
421       zoneserver, when used send regular DNS packets over TCP, to receive
422       packets with more data than can fit in a 512-byte DNS packet.
423
424       This variable only functions if MaraDNS is compiled as an authoritative
425       only server.
426
427    maradns_uid
428
429       maradns_uid: The numeric UID that MaraDNS will run as
430
431       This accepts a single numerical value: The UID to run MaraDNS as.
432
433       MaraDNS, as soon as possible drops root privileges, minimizing the
434       damage a potential attacker can cause should there be a security
435       problem with MaraDNS. This is the UID maradns becomes.
436
437       The default UID is 99.
438
439    maradns_gid
440
441       maradns_gid: The numeric GID that MaraDNS will run as.
442
443       This accepts a single numerical value: The GID to run MaraDNS as.
444
445       The default GID is 99.
446
447    max_ar_chain
448
449       max_ar_chain: The maximum number of records to display if a record in
450       the additional section (e.g., the IP of a NS server or the ip of a MX
451       exchange) has more than one value.
452
453       This is similar to max_chain, but applies to records in the
454       "additional" (or AR) section.
455
456       Due to limitations in the internal data structures that MaraDNS uses to
457       store RRs, if this has a value besides one, round robin rotates of
458       records are disabled.
459
460       The default value for this variable is 1.
461
462    max_chain
463
464       max_chain: The maximum number of records to display in a chain of
465       records.
466
467       With DNS, it is possible to have more than one RR for a given domain
468       label. For example, "example.com" can have, as the A record, a list of
469       multiple ip addresses.
470
471       This sets the maximum number of records MaraDNS will show for a single
472       RR.
473
474       MaraDNS normally round-robin rotates records. Hence, all records for a
475       given DNS label (e.g. "example.com.") will be visible, although not at
476       the same time if there are more records than the value allowed with
477       max_chain
478
479       The default value for this variable is 8.
480
481    max_tcp_procs
482
483       max_tcp_procs: The (optional) maximum number of processes the zone
484       server is allowed to run.
485
486       Sometimes, it is desirable to have a different number of maximum
487       allowed tcp processes than maximum allowed threads. If this variable is
488       not set, the maximum number of allowed tcp processes is "maxprocs".
489
490    max_total
491
492       max_total: The maximum number of records to show total for a given DNS
493       request.
494
495       This is the maximum total number of records that MaraDNS will make
496       available in a DNS reply.
497
498       The default value for this variable is 20.
499
500    max_mem
501
502       max_mem is the maximum amount of memory we allow MaraDNS to allocate,
503       in bytes.
504
505       The default value of this is to allocate 2 megabytes for MaraDNS'
506       general use, and in addition, to allocate 3072 bytes for each element
507       we can have in the cache or DNS record that we are authoritatively
508       serving.
509
510    min_visible_ttl
511
512       min_visible_ttl: The minimum value that we will will show as the TTL
513       (time to live) value for a resource record to other DNS servers and
514       stub resolvers.  In other words, this is the minimum value we will ask
515       other DNS server to cache (keep in their memory) a DNS resource record.
516
517       The value is in seconds. The default value for this is 30; the minimum
518       value this can have is 5.
519
520       As an aside, RFC1123 section 6.1.2.1 implies that zero-length TTL
521       records should be passed on with a TTL of zero. This, unfortunately,
522       breaks some stub resolvers (such as Mozilla's stub resolver).
523
524    remote_admin
525
526       remote_admin: Whether we allow verbose_level to be changed after
527       MaraDNS is started.
528
529       If remote_admin is set to 1, and admin_acl is set, any and all IPs
530       listed in admin_acl will be able to reset the value of verbose_level
531       from any value between 0 and 9 via a TXT query in the form of
532       5.verbose_level.maradns.  What this will do is set verbose_query to the
533       value in the first digit of the query.
534
535       This is useful when wishing to temporarily increase the verbose_level
536       to find out why a given host name is not resolving, then decreasing
537       verbose_level so as to minimize the size of MaraDNS' log.
538
539    synth_soa_origin
540
541       When a CSV2 zone file doesn't have a SOA record in it, MaraDNS
542       generates a SOA record on the fly. This variable determines the host
543       name for the "SOA origin" (which is called the MNAME in RFC1035); this
544       is the host name of the DNS server which has the "master copy" of a
545       given DNS zone's file.
546
547       This host name is in human-readable format without a trailing dot,
548       e.g.:
549
550       synth_soa_origin = "ns1.example.com"
551
552       If this is not set, a synthetic SOA record will use the name of the
553       zone for the SOA origin (MNAME) field.
554
555    synth_soa_serial
556
557       This determines whether we strictly follow RFC1912 section 2.2 with SOA
558       serial numbers. If this is set to 1 (the default value), we do not
559       strictly follow RFC1912 section 2.2 (the serial is a number, based on
560       the timestamp of the zone file, that is updated every six seconds), but
561       this makes it so that a serial number is guaranteed to be automatically
562       updated every time one edits a zone file.
563
564       If this is set to 2, the SOA serial number will be in YYYYMMDDHH
565       format, where YYYY is the 4-digit year, MM is the 2-digit month, DD is
566       the 2-digit day, and HH is the 2-digit hour of the time the zone file
567       was last updated (GMT; localtime doesn't work in a chroot()
568       environment). While this format is strictly RFC1912 compliant, the
569       disadvantage is that more than one edit to a zone file in an hour will
570       not update the serial number.
571
572       I strongly recommend, unless it is extremely important to have a DNS
573       zone that generates no warnings when tested at dnsreport.com, to have
574       this set to 1 (the default value). Having this set to 2 can result in
575       updated zone files not being seen by slave DNS servers.
576
577       Note that synth_soa_serial can only have a value of 1 on the native
578       Windows port.
579
580    tcp_convert_acl
581
582       This only applies to the zoneserver (general DNS-over-TCP) program.
583
584       This is a list of IPs which are allowed to connect to the zoneserver
585       and send normal TCP DNS requests. The zoneserver will convert TCP DNS
586       requests in to UDP DNS requests, and send the UDP request in question
587       to the server specified in tcp_convert_server.  Once it gets a reply
588       from the UDP DNS server, it will convert the reply in to a TCP request
589       and send the reply back to the original TCP client.
590
591       Whether the RD (recursion desired) flag is set or not when converting a
592       TCP DNS request in to a UDP DNS request is determined by whether the
593       TCP client is on the recursive_acl list. Since MaraDNS 2.0 does not
594       have recursion, the maradns daemon ignores the RD bit (Deadwood will
595       not process any queries without the RD bit set).
596
597    tcp_convert_server
598
599       This only applies to the zoneserver (general DNS-over-TCP) program.
600
601       This is the UDP server which we send a query to when converting DNS TCP
602       queries in to DNS UDP servers. Note that, while this value allows
603       multiple IPs, all values except the first one are presently ignored.
604
605    timestamp_type
606
607       timestamp_type: The type of timestamp to display. The main purpose of
608       this option is to suppress the output of timestamps. Since duende uses
609       syslog() to output data, and since syslog() adds its own timestamp,
610       this option should be set to 5 when maradns is invoked with the duende
611       tool.
612
613       This option also allows people who do not use the duende tool to view
614       human-readable timestamps. This option only allows timestamps in GMT,
615       due to issues with showing local times in a chroot() environment.
616
617       This can have the following values:
618
619       0   The string "Timestamp" followed by a UNIX timestamp
620
621       1   Just the bare UNIX timestamp
622
623       2   A GMT timestamp in the Spanish language
624
625       3   A (hopefully) local timestamp in the Spanish language
626
627       4   A timestamp using asctime(gmtime()); usually in the English
628           language
629
630       5   No timestamp whatsoever is shown (this is the best option when
631           maradns is invoked with the duende tool).
632
633       6   ISO GMT timestamp is shown
634
635       7   ISO local timestamp is shown
636
637       The default value for this variable is 5.
638
639    verbose_level
640
641       verbose_level: The number of messages we log to stdout
642
643       This can have five values:
644
645       0   No messages except for the legal disclaimer and fatal parsing
646           errors
647
648       1   Only startup messages logged (Default level)
649
650       2   Error queries logged
651
652       3   All queries logged
653
654       4   All actions adding and removing records from the cache logged
655
656       The default value for this variable is 1.
657
658    zone_transfer_acl
659
660       zone_transfer_acl: List of ips allowed to perform zone transfers with
661       the zone server
662
663       The format of this string is identical to the format of an ipv4_alias
664       entry.
665

EXAMPLE MARARC FILE

667       # Example mararc file (unabridged version)
668
669       # The various zones we support
670
671       # We must initialize the csv2 hash, or MaraDNS will be unable to
672       # load any csv2 zone files
673       csv2 = {}
674
675       # This is just to show the format of the file
676       #csv2["example.com."] = "db.example.com"
677
678       # The address this DNS server runs on.  If you want to bind
679       # to multiple addresses, separate them with a comma like this:
680       # "10.1.2.3,10.1.2.4,127.0.0.1"
681       ipv4_bind_addresses = "127.0.0.1"
682       # The directory with all of the zone files
683       chroot_dir = "/etc/maradns"
684       # The numeric UID MaraDNS will run as
685       maradns_uid = 99
686       # The (optional) numeric GID MaraDNS will run as
687       # maradns_gid = 99
688
689       # Normally, MaraDNS has some MaraDNS-specific features, such as DDIP
690       # synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org."
691       # with a TXT query returns the version of MaraDNS that a server is
692       # running), unique handling of multiple QDCOUNTs, etc.  Some people
693       # might not like these features, so I have added a switch that lets
694       # a sys admin disable all these features.  Just give "no_fingerprint"
695       # a value of one here, and MaraDNS should be more or less
696       # indistinguishable from a tinydns server.
697       no_fingerprint = 0
698
699       # These constants limit the number of records we will display, in order
700       # to help keep packets 512 bytes or smaller.  This, combined with round_robin
701       # record rotation, help to use DNS as a crude load-balancer.
702
703       # The maximum number of records to display in a chain of records (list
704       # of records) for a given host name
705       max_chain = 8
706       # The maximum number of records to display in a list of records in the
707       # additional section of a query.  If this is any value besides one,
708       # round robin rotation is disabled (due to limitations in the current
709       # data structure MaraDNS uses)
710       max_ar_chain = 1
711       # The maximum number of records to show total for a given question
712       max_total = 20
713
714       # The number of messages we log to stdout
715       # 0: No messages except for fatal parsing errors and the legal disclaimer
716       # 1: Only startup messages logged (default)
717       # 2: Error queries logged
718       # 3: All queries logged (but not very verbosely right now)
719       verbose_level = 1
720
721       # Here is a ACL which restricts who is allowed to perform zone transfer from
722       # the zoneserver program
723
724       # Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits in IP need to match)
725       # and 10.100.100.100/255.255.255.224 (IP: 10.100.100.100, netmask
726       # 255.255.255.224) are allowed to connect to the zone server
727       # NOTE: The "maradns" program does not serve zones.  Zones are served
728       # by the "zoneserver" program.
729       #zone_transfer_acl = "10.1.1.1/24, 10.100.100.100/255.255.255.224"
730
731
732
733

BUGS

735       If one should declare the same the same index twice with a dictionary
736       variable, MaraDNS will exit with a fatal error. This is because earlier
737       versions of MaraDNS acted in a different manner than Python 2.3.3. With
738       Python 2.3.3, the last declaration is used, while MaraDNS used to use
739       the first declaration.
740
742       THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR
743       IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
744       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
745       DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR
746       ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
747       DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
748       OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
749       HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
750       STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
751       IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
752       POSSIBILITY OF SUCH DAMAGE.
753
754
755
756
757MARADNS                          January 2002                        MARARC(5)
Impressum