OpenWrt Forum Archive

Topic: MaraDNS won't answer recursive queries

The content of this topic has been archived on 28 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
DCRoss
21 Aug 2007, 15:19

I'm having troubles with the official MaraDNS package and Kamikaze 7.06.  I followed the maradns.org documentation and the howto on the wiki and everything seems to have installed correctly and the server answers most queries, but it looks like it is rejecting queries with the recursive flag set.

I have fiddled with mararc and the recursive_acl setting but it doesn't seem to make a difference. Here is the /etc/mararc, stripped down as far as it can go.  It originally had a few local zones which worked just finealong with a few other setings, but I pulled them out to make sure that nothing was interfering.

chroot_dir="/etc/maradns"
bind_address="192.168.17.1"
random_seed_file="/dev/urandom"
recursive_acl="192.168.17.0/24"
root_servers={}
root_servers["."]="198.41.0.4,128.9.0.107"

And here is what happens when I try to query it from another system:

# nslookup google.ca
;; Got recursion not available from 192.168.17.1, trying next server
Server:         192.168.17.2
Address:        192.168.17.2#53

Non-authoritative answer:
Name:   google.ca
Address: 64.233.161.104

192.168.17.2 is a BIND server running on another host.  When 192.168.17.2 is down the query fails.  Sending the query directly to the server seems to work around this:

# nslookup google.ca 192.168.17.1
Server:         192.168.17.1
Address:        192.168.17.1#53

Non-authoritative answer:
Name:   google.ca
Address: 72.14.207.104

Is MaraDNS supposed to act this way?  I thought that the recursive_acl setting was supposed to allow recursive queries, but it doesn't seem to make any difference.  What am I doing wrong?

Post #2
lucindrea
4 Feb 2008, 00:04

try this ( may need to change the 127 part )
from docs

Using other recursive DNS servers
It is possible to have MaraDNS contact other recursive name servers, instead of contacting the actual 
root servers to process recursive queries by using the variable upstream_servers in the mararc file.

In other words, one can use one's, say, ISP's DNS servers to resolve the names, and have MaraDNS act as a cache for the ISP's DNS servers. 
Supposing that the ISP name servers have the IPs 10.66.77.88 and 10.99.11.22, the mararc file will look like this:

ipv4_bind_addresses = "127.0.0.1"
chroot_dir = "/etc/maradns"
recursive_acl = "127.0.0.1"
upstream_servers = {}
upstream_servers["."] = "10.66.77.88, 10.99.11.22"

also

The third line, recursive_acl, determines the range of IPs that can access the recursive DNS server.
 This is in IP/netmask format. For example, if one has an office which uses IPs in the form 192.168.1.1, 192.168.1.2, etc., and wishes to have
 only 192.168.1.any be allowed to make recursive queries:

(Last edited by lucindrea on 4 Feb 2008, 00:06)

The discussion might have continued from here.