Installing MaraDNS on CentOS

MaraDNS is a simple lightweight domain name service (DNS) including both an authority and a recursive DNS. In a few words DNS is used to translate domain names (for example, bornoe.org) into an IP address (for example, 127.0.0.1) bound to a specific server on the Internet. An authority DNS contains information about specific domains and which IP addresses they should translate into. For example, the authority DNS of bornoe.org is elsa.ns.cloudflare.com. This server knows the IP address of the server hosting bornoe.org. A recursive DNS is used to request the IP of a domain name from an authority DNS or the hostname of an IP. You can read more about the differences between authority and recursive DNS at Wikipedia.

In this guide I will go through a basic installation of MaraDNS on CentOS (MaraDNS can also run on other Linux flavours such as Debian) and have MaraDNS act as a primary (master) DNS.

Note on IPv6 support: MaraDNS does support IPv6, but needs to be compiled in a IPv6 mode. How to do this is not included in this quick quide.

Advantages:

  • Easy to install and configure.
  • Secure.
  • Fast.
  • Low memory intensive.
  • Free and open source.

Drawbacks:

  • Does not support instant transfer of zone records to secondary (slave) DNS. As MaraDNS does not support “notify”, changes to DNS zone records (depending on specific setup) will take a while to transfer to secondary DNS. This will most likely be the case if you are using a slave DNS hosted by a third party.
  • No existing graphical user interface. All configuration and changes must be made through a terminal making changes to the zone files a bit complicated. Changes in the zone file are done manually using a specific MaraDNS syntax. This can easily result in mistakes leading to miss configuration.
  • Cannot explicit be used as a secondary (slave) DNS. Through some work arounds it is possible to setup MaraDNS as a secondary DNS, but the primary (master) DNS must also be running MaraDNS. Especially if the primary DNS is running another DNS program, it will require quite some customization to get instant transfer of zone records.
  • Requires restart after modifications to any settings. Every time changes are made to any settings including modifications to NS records MaraDNS needs to be restarted. Generally this will be less of a problem to most users.

In conclusion MaraDNS is a great lightweight and secure DNS option great for people wanting to learn and experiment with DNS, or for professionals only requiring simple standard DNS. For non technical users it is a hassle to update zone files, and terminal access to the server running MaraDNS is required. This can be problematic if several users need to modify zone files. Due to the requirement of manual configuration it can also be a hassle to maintain a large amount of domains, especially if modifications are made on a common basis. MaraDNS is a great choice for a low end server or VPS due to low hardware requirements.

Installing and configuring MaraDNS

It’s relative easy to install and configure MaraDNS. By installing MaraDNS you also install the recursive DNS Deadwood, but you can decide if you want to use it or not. Often it’s easier just to use a publicly available recursive DNS or one provided by your ISP.

Step 0: Preparation

Terminal access, root privileges, and static IPv4 address.

You will need terminal access to the server and root privileges. Your server must also be assigned a static IPv4 address. Optionally you can also assign an IPv6 address in addition to the IPv4 address, but this requires additional configuration not covered in this guide.

Text editor

During configuration you will need a text editor. Use your favorite text editor or install one. A very simple editor is nano, if not preinstalled it can be installed with the command yum install nano.

GCC

To compile the MaraDNS source code you will need the compiler GCC installed on your system. If you do not have GCC installed, it is very simple to install by using the following command:

# yum install gcc

Disable other DNS software

In case your server is already running a DNS program you will need to disable or uninstall it before you install MaraDNS.

Optionally find a secondary DNS service

This step is optionally, but it is always recommended to have one or more secondary (slave) DNS for your domain. Some domain registrars will even require a minimum of two name servers. You can either host your own secondary DNS, or use a third party. There are several good paid and free options. HE.net DNS and BuddyNS are two stable providers offering free secondary DNS.

Adding a glue record at your domain registrar

This is optionally, but highly recommended. Glue records are added at your domain registrar. See documentation from your registrar or contact support to get information about how to add a glue record.

Step 1: Download MaraDNS

First thing is to download MaraDNS from the official repository (you can check http://maradns.samiam.org/download.html to see if a new version has been released, this posted has been updated to include version 2.0.14)

# wget http://maradns.samiam.org/download/2.0/2.0.14/maradns-2.0.14.tar.bz2 

Step 2: Unpacking, compiling, and installing MaraDNS files.

Next step is to get MaraDNS installed on your system. This is a fast procedure that only takes a couple of minutes.

Step 2.1: Unpacking MaraDNS.

# tar -jxvf maradns-2.0.14.tar.bz2

Step 2.2: Go to the directory containing the MaraDNS files.

# cd maradns-2.0.14

Step 2.3: Compiling MaraDNS.

# make

Step 2.4: Installing MaraDNS.

# make install

If you want MaraDNS to start automatically every time the server boots, use the following command. This is not mandatory.

# chkconfig maradns on

That’s it! MaraDNS is now installed on your server.

Step 3: Configuring MaraDNS files.

Now that MaraDNS is installed on your system some simple configuration is needed.

Step 3.1: Configuring the “mararc” file.

Open the MaraDNS config file /etc/mararc The file is relative self explanatory. Here a snippet of the default /etc/mararc file:

# The address this DNS server runs on. If you want to bind
# to multiple addresses, separate them with a comma like this:
# "10.1.2.3, 10.1.2.4, 127.0.0.1"
ipv4_bind_addresses = "127.0.0.1"
# The directory with all of the zone files
chroot_dir = "/etc/maradns"
# The following line (commented out) tells MaraDNS to look at the
# file db.example.net to get the zone for example.net
csv2["example.net."] = "db.example.net"
# Naturally, we can have multiple zone files
#csv2["example.com."] = "db.example.com"

Locate this line: ipv4_bind_addresses = "127.0.0.1"

Add the public IP (v4) of your sever to the IP list so the list will look like this: ipv4_bind_addresses = "127.0.0.1, <public server IP (v4)>"

Next you will need to add a list of zone files containing information about the domains that should be served by MaraDNS. One line for each zone reference. For example:

csv2["example.net."] = "db.example.net"
csv2["example.com."] = "db.example.com"
csv2["bornoe.org."] = "db.bornoe.org"

Every time you add or remove a domain from MaraDNS you will need to update /etc/mararc.

Step 3.2: Configuring zone files.

Each domain served by MaraDNS will need a separate zone file that by default should be saved into the directory /etc/maradns/

The names of the files should match those used in the file /etc/mararc so in this example you would need to create three files named db.example.netdb.example.com, and db.bornoe.org.

Here a simple example of what the zone file db.example.net could look like:

/origin example.net. ~
# SOA and NS records of the domain. In this example ns.example.net is the primary DNS and ns2-5.he.net are slave DNS.
% +14400 soa ns.example.net. [email protected] 2015072422 3600 3600 604800 14400 ~
% +14400 ns ns.example.net. ~ #This is the hostname assigned to your IP
% +14400 ns ns2.he.net. ~
% +14400 ns ns3.he.net. ~
% +14400 ns ns4.he.net. ~
% +14400 ns ns5.he.net. ~

# A record pointing example.net to the IP 127.0.0.1
% +14400 a 127.0.0.1 ~

# CNAME record pointing www.example.net to the IP of example.net
www.% +14400 cname % ~

# Another A record pointing ftp.example.net to the IP 127.0.0.2
ftp.% +14400 a 127.0.0.2 ~

# MX records for mail received @example.net
% +14400 mx 1 aspmx.l.google.com. ~
% +14400 mx 5 alt1.aspmx.l.google.com. ~
% +14400 mx 5 alt2.aspmx.l.google.com. ~
% +14400 mx 10 alt3.aspmx.l.google.com. ~
% +14400 mx 10 alt4.aspmx.l.google.com. ~

To make the file as simple as possible I have in the first line, /origin example.net. ~ specified example.net as the domain in question. This way I only need to type % instead of example.net.

It’s important to remember that all hostnames must end with a . (period), and all lines must end with a ~ (tilde). For example if you want to add a MX record:

example.net. (or as in the example above simply use % instead of example.net.) +14400 mx 1 mail.my-mail-host.com. ~

Assign a hostname to the IP address of the server running MaraDNS. In the example above this would be the hostname ns.example.net. For example:

ns.% +14400 a <IP of your server> ~

You only need to add this record to the domain used for the NS hostname.

To add comments to your zone files simply begin the line with a # (hashtag).

This is just a simple example to get you started. You can get more details about all options here.

Step 4: Start, stop, and restart MaraDNS.

To start MaraDNS:

# /etc/init.d/maradns start

To stop MaraDNS:

# /etc/init.d/maradns stop

To restart MaraDNS:

# /etc/init.d/maradns restart

Setting up DNS zone transfers and DNS query over TCP

In case you are using a slave DNS that requires TCP and to allow DNS query over TCP you will need to configure MaraDNS to allow this. You will need to run the build in server zoneserver along with MaraDNS.

Step 1: configuring zoneserver.

Open the file /etc/mararc

Add the following lines:

zone_transfer_acl = "0.0.0.0/0" 
#This allows all system to make requests to your DNS. Separate IP addresses with a comma if needed. 
#You can replace 0.0.0.0/0 with a specific IP of the DNS slave that will make requests. Allowing all systems to connect is generally a bad idea.

tcp_convert_acl = "0.0.0.0/0"

tcp_convert_server = "<IP (v4) address of your server. If you need to add more than one IP, simply separate with commas.>"
#For example, tcp_convert_server = "1.2.3.4" long_packet_ipv4 = "<IP (v4) address of your server. If you need to add more than one IP, simply separate with commas.>"
#For example, long_packet_ipv4 = "1.2.3.4"

Step 2: Start, stop, restart zoneserver.

To start zoneserver:

# /etc/init.d/maradns.zoneserver start

If you want zoneserver to start automatically every time the server boots, use the following command. This is not mandatory.

# chkconfig maradns.zoneserver on

The zoneserver is now configured and running.

To stop zoneserver:

# /etc/init.d/maradns.zoneserver stop

To restart zoneserver:

# /etc/init.d/maradns.zoneserver restart

Making changes to MaraDNS configuration and zone files.

You will need to restart MaraDNS and zoneserver every time you make changes to the MaraDNS configuration file mararc or add, modify, or remove a zone file.

As shown earlier this is easily done with the commands:

# /etc/init.d/maradns restart
# /etc/init.d/maradns.zoneserver restart

Every time you update a zone file you will need to update the SOA serial number as many slave DNS services only will download changes to the zone file when they notice a new SOA serial number. The example of a zone file above contains the line:

% +14400 soa ns.example.net. [email protected] 2015072422 3600 3600 604800 14400 ~

The first number, 2015072422, is the serial. Update this number by simply adding a new value, for example, + 1 to the current number or using todays date and hour.

Setting up Deadwood

Deadwood is the recursive DNS server of MaraDNS. As mentioned earlier you do not need to use Deadwood. You can also use a publicly available recursive DNS or one provided by your ISP. If you do not want to use Deadwood you can simply skip this section.

Step 1: configuring Deadwood.

Open the Deadwood config file /etc/dwood3rc

locate the line: bind_address="127.0.0.2"

Add the public IP (v4) of your sever to the IP list so the list will look like this: bind_addresses = "127.0.0.2, <public server IP (v4)>"

By default only localhost is allowed to connect to Deadwood. If you need other hosts to connect to Deadwood, you will need to locate the line: recursive_acl = "127.0.0.1/16", and add the IP’s of the hosts allowed to use Deadwood. Notice that recursive name servers can be abused for DDoS attacks, so make sure only to allow trusted hosts to connect if any at all. If you do allow external access then make sure to check that your configuration is safe. For example, use openresolver.com to check if your recursive DNS is open for potential abuse.

Step 2: Start, stop, restart Deadwood.

To start Deadwood:

# /etc/init.d/maradns.deadwood start

If you want Deadwood to start automatically every time the server boots, use the following command. This is not mandatory.

# chkconfig maradns.deadwood on

Deadwood is now configured and running.

To stop Deadwood:

# /etc/init.d/maradns.deadwood stop

To restart Deadwood:

# /etc/init.d/maradns.deadwood restart

Remember to restart Deadwood if you make any changes to the config file /etc/dwood3rc