[prev in list] [next in list] [prev in thread] [next in thread]
List: maradns-list
Subject: compression error MaraDNS 1.0.16
From: Doug Sampson <dougs () dawnsign ! com>
Date: 2003-07-24 16:53:51
[Download RAW message or body]
Am running an Linux Router Project (LRP) version of MaraDNS on a
floppy-based LRP system. Version is 1.0.16. MaraDNS freezes almost once a
day and I am forced to restart it. I am unable to track the freezes to any
single point of failure. Thus I must turn to outside help. The network
schematic is like this:
Internet <---> router (MaraDNS) <---> private network 192.168.1.x
192.168.1.254
^
|
|
v
DMZ
192.168.2.x
The name server is set to check the root servers.
Here are the contents of three files- mararc, db.dawnsign.com and
maradns.log:
MARADNS.LOG: ####################################################
Timestamp: 1058289327 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1058289327 Log: Socket opened on UDP port 53
Timestamp: 1058289327 Log: Root privledges dropped
Timestamp: 1058289327 Log: All RRs have been loaded
Timestamp: 1058371828 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1058371828 Log: Socket opened on UDP port 53
Timestamp: 1058371828 Log: Root privledges dropped
Timestamp: 1058371828 Log: All RRs have been loaded
Timestamp: 1058392207 Compression error:
\022\023\200\000\000\001\000\002\000\000\000\000\0014\003140\003155\00212\00
7in-addr\004arpa\000\000\014\000\001\0014\003140\003155\00212\007in-addr\004
arpa\000\000\005\000\001\000\002\243\000\000
\0014\0040/27\003140\003155\00212\007in-addr\004arpa\000\0014\0040/27\003140
\003155\00212\007in-addr\004arpa\000\000\014\000\001\000\002\243\000\000\007
NotFina
Timestamp: 1058458878 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1058458878 Log: Socket opened on UDP port 53
Timestamp: 1058458878 Log: Root privledges dropped
Timestamp: 1058458878 Log: All RRs have been loaded
Timestamp: 1058470046 Compression error:
\000\014\200\000\000\001\000\002\000\000\000\000\003147\003120\003108\00212\
007in-addr\004arpa\000\000\014\000\001\003147\003120\003108\00212\007in-addr
\004arpa\000\000\005\000\001\000\002\243\000\000$\003147\006144/28\003120\00
3108\00212\007in-addr\004arpa\000\003147\006144/28\003120\003108\00212\007in
-addr\004arpa\000\000\014\000\001\000\002\243\000\000\007NotFina
Timestamp: 1058536512 Compression error:
\000\006\200\000\000\001\000\002\000\000\000\000\003211\00248\003104\00212\0
07in-addr\004arpa\000\000\014\000\001\003211\00248\003104\00212\007in-addr\0
04arpa\000\000\005\000\001\000\002\243\000\000#\003211\006208/28\00248\00310
4\00212\007in-addr\004arpa\000\003211\006208/28\00248\003104\00212\007in-add
r\004arpa\000\000\014\000\001\000\002\243\000\000\007NotFina
Timestamp: 1058544943 Compression error:
\000\012\200\000\000\001\000\002\000\000\000\000\00253\003187\00221\00212\00
7in-addr\004arpa\000\000\014\000\001\00253\003187\00221\00212\007in-addr\004
arpa\000\000\005\000\001\000\001D8\000!\00253\00548/28\003187\00221\00212\00
7in-addr\004arpa\000\00253\00548/28\003187\00221\00212\007in-addr\004arpa\00
0\000\014\000\001\000\001D8\000\007NotFina
Timestamp: 1058546238 Compression error:
\000\013\200\000\000\001\000\002\000\000\000\000\003146\003120\003108\00212\
007in-addr\004arpa\000\000\014\000\001\003146\003120\003108\00212\007in-addr
\004arpa\000\000\005\000\001\000\002\243\000\000$\003146\006144/28\003120\00
3108\00212\007in-addr\004arpa\000\003146\006144/28\003120\003108\00212\007in
-addr\004arpa\000\000\014\000\001\000\002\243\000\000\007NotFina
Timestamp: 1058548759 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1058548759 Log: Socket opened on UDP port 53
Timestamp: 1058548759 Log: Root privledges dropped
Timestamp: 1058548759 Log: All RRs have been loaded
Timestamp: 1058648069 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1058648069 Log: Socket opened on UDP port 53
Timestamp: 1058648069 Log: Root privledges dropped
Timestamp: 1058648069 Log: All RRs have been loaded
Timestamp: 1058799314 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1058799314 Log: Socket opened on UDP port 53
Timestamp: 1058799314 Log: Root privledges dropped
Timestamp: 1058799314 Log: All RRs have been loaded
Timestamp: 1058805403 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1058805403 Log: Socket opened on UDP port 53
Timestamp: 1058805403 Log: Root privledges dropped
Timestamp: 1058805403 Log: All RRs have been loaded
Timestamp: 1058810410 Compression error:
\000\012\200\000\000\001\000\002\000\000\000\000\003211\00248\003104\00212\0
07in-addr\004arpa\000\000\014\000\001\003211\00248\003104\00212\007in-addr\0
04arpa\000\000\005\000\001\000\002\243\000\000#\003211\006208/28\00248\00310
4\00212\007in-addr\004arpa\000\003211\006208/28\00248\003104\00212\007in-add
r\004arpa\000\000\014\000\001\000\002\243\000\000\007NotFina
Timestamp: 1058923607 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1058923607 Log: Socket opened on UDP port 53
Timestamp: 1058923607 Log: Root privledges dropped
Timestamp: 1058923607 Log: All RRs have been loaded
Timestamp: 1059003929 Compression error:
\026\362\200\000\000\001\000\002\000\000\000\000\003175\00260\00294\00264\00
7in-addr\004arpa\000\000\014\000\001\003175\00260\00294\00264\007in-addr\004
arpa\000\000\005\000\001\000\000\250\300\000#\003175\007129-186\00260\00294\
00264\007in-addr\004arpa\000\003175\007129-186\00260\00294\00264\007in-addr\
004arpa\000\000\014\000\001\000\000\250\300\000\007NotFina
Timestamp: 1059020430 Compression error:
\027\005\200\000\000\001\000\002\000\000\000\000\00296\003193\00235\00266\00
7in-addr\004arpa\000\000\014\000\001\00296\003193\00235\00266\007in-addr\004
arpa\000\000\005\000\001\000\001Q\200\000
\00296\0040/24\003193\00235\00266\007in-addr\004arpa\000\00296\0040/24\00319
3\00235\00266\007in-addr\004arpa\000\000\014\000\001\000\001Q\200\000\000
Timestamp: 1059027502 Compression error:
\026\254\200\000\000\001\000\002\000\000\000\000\00229\003207\003253\00264\0
07in-addr\004arpa\000\000\014\000\001\00229\003207\003253\00264\007in-addr\0
04arpa\000\000\005\000\001\000\000\016\020\000!\00229\0040/24\003207\003253\
00264\007in-addr\004arpa\000\00229\0040/24\003207\003253\00264\007in-addr\00
4arpa\000\000\014\000\001\000\000\016\020\000\000
Timestamp: 1059028607 Compression error:
\027\026\200\000\000\001\000\002\000\000\000\000\0012\003146\003175\00263\00
7in-addr\004arpa\000\000\014\000\001\0012\003146\003175\00263\007in-addr\004
arpa\000\000\005\000\001\000\001Q\200\0001\00263\003175\003146\0012\004cust\
016awsconvergence\012sprintlink\003net\000\00263\003175\003146\0012\004cust\
016awsconvergence\012sprintlink\003net\000\000\014\000\001\000\001Q\200\000\
000
Timestamp: 1059037402 Compression error:
\026\266\200\000\000\001\000\002\000\000\000\000\003206\003250\00235\00266\0
07in-addr\004arpa\000\000\014\000\001\003206\003250\00235\00266\007in-addr\0
04arpa\000\000\005\000\001\000\000\016\020\000!\003206\0040/24\003250\00235\
00266\007in-addr\004arpa\000\003206\0040/24\003250\00235\00266\007in-addr\00
4arpa\000\000\014\000\001\000\000\016\020\000\000
Timestamp: 1059043385 Compression error:
\026\342\200\000\000\001\000\002\000\000\000\000\003206\003250\00235\00266\0
07in-addr\004arpa\000\000\014\000\001\003206\003250\00235\00266\007in-addr\0
04arpa\000\000\005\000\001\000\000\016\020\000!\003206\0040/24\003250\00235\
00266\007in-addr\004arpa\000\003206\0040/24\003250\00235\00266\007in-addr\00
4arpa\000\000\014\000\001\000\000\016\020\000\000
Timestamp: 1059043385 Compression error:
\027$\200\000\000\001\000\002\000\000\000\000\003206\003250\00235\00266\007i
n-addr\004arpa\000\000\014\000\001\003206\003250\00235\00266\007in-addr\004a
rpa\000\000\005\000\001\000\000\016\020\000!\003206\0040/24\003250\00235\002
66\007in-addr\004arpa\000\003206\0040/24\003250\00235\00266\007in-addr\004ar
pa\000\000\014\000\001\000\000\016\020\000\000
Timestamp: 1059043398 Compression error:
\026\274\200\000\000\001\000\002\000\000\000\000\003206\003250\00235\00266\0
07in-addr\004arpa\000\000\014\000\001\003206\003250\00235\00266\007in-addr\0
04arpa\000\000\005\000\001\000\000\016\020\000!\003206\0040/24\003250\00235\
00266\007in-addr\004arpa\000\003206\0040/24\003250\00235\00266\007in-addr\00
4arpa\000\000\014\000\001\000\000\016\020\000\000
Timestamp: 1059043400 Compression error:
\026\317\200\000\000\001\000\002\000\000\000\000\003206\003250\00235\00266\0
07in-addr\004arpa\000\000\014\000\001\003206\003250\00235\00266\007in-addr\0
04arpa\000\000\005\000\001\000\000\016\020\000!\003206\0040/24\003250\00235\
00266\007in-addr\004arpa\000\003206\0040/24\003250\00235\00266\007in-addr\00
4arpa\000\000\014\000\001\000\000\016\020\000\000
Timestamp: 1059056223 Log: Root directory changed
Log: Binding to address 192.168.1.254 192.168.2.254
Timestamp: 1059056223 Log: Socket opened on UDP port 53
Timestamp: 1059056223 Log: Root privledges dropped
Timestamp: 1059056223 Log: All RRs have been loaded
MARARC: ####################################################
# Example mararc file (unabridged version)
hide_disclaimer = "yes"
# The various zones we support
# We must initialize the csv1 hash, or MaraDNS will be unable to
# load any zone files
csv1 = {}
# This is just to show the format of the file
# csv1["example.com."] = "db.example.com"
csv1["dawnsign.com."] = "db.dawnsign.com"
# The address this DNS server runs on. If you want to bind
# to all addresses a given machine has, use "0.0.0.0".
bind_address = "192.168.1.254 192.168.2.254"
# The directory with all of the zone files
chroot_dir = "/etc/maradns"
# The numeric UID MaraDNS will run as
# Bering: use dnscache uid
maradns_uid = 1001
# The (optional) numeric GID MaraDNS will run as
maradns_gid = 100
# The maximum number of threads (or processes, with the zone server)
# MaraDNS is allowed to run
maxprocs = 96
# It is possible to specify a different maximum number of processes that
# the zone server can run. If this is not set, the maximum number of
# processes that the zone server can have defaults to the 'maxprocs' value
# above
# max_tcp_procs = 64
# Normally, MaraDNS has some MaraDNS-specific features, such as DDIP
# synthesizing, a special DNS query ("erre-con-erre-cigarro.maradns.org."
# with a TXT query returns the version of MaraDNS that a server is
# running), unique handling of multiple QDCOUNTs, etc. Some people
# might not like these features, so I have added a switch that lets
# a sys admin disable all these features. Just give "no_fingerprint"
# a value of one here, and MaraDNS should be more or less
# indistinguishable from a tinydns server.
no_fingerprint = 1
# Normally, MaraDNS only returns A and MX records when given a
# QTYPE=* (all RR types) query. Changing the value of default_rrany_set
# to 15 causes MaraDNS to also return the NS and SOA records, which
# some registars require. The default value of this is 3
default_rrany_set = 15
# These constants limit the number of records we will display, in order
# to help keep packets 512 bytes or smaller. This, combined with
round_robin
# record rotation, help to use DNS as a crude load-balancer.
# The maximum number of records to display in a chain of records (list
# of records) for a given host name
max_chain = 8
# The maximum number of records to display in a list of records in the
# additional section of a query. If this is any value besides one,
# round robin rotation is disabled (due to limitations in the current
# data structure MaraDNS uses)
max_ar_chain = 1
# The maximum number of records to show total for a given question
max_total = 20
# The number of messages we log to stdout
# 0: No messages except for fatal parsing errors and the legal disclaimer
# 1: Only startup messages logged (default)
# 2: Error queries logged
# 3: All queries logged (but not very verbosely right now)
verbose_level = 2
# Initialize the IP aliases, which are used by the list of root name
servers,
# the ACL for zone transfers, and the ACL of who gets to perform recursive
# queries
ipv4_alias = {}
# Various sets of root name servers
# Note: Netmasks can exist, but are ignored when specifying root name server
# ICANN: the most common and most controversial root name server
# http://www.icann.org
ipv4_alias["icann"] =
"198.41.0.4,128.9.0.107,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,1
92.112.36.4,128.63.2.53,192.36.148.17,192.58.128.30,193.0.14.129,198.32.64.1
2,202.12.27.33"
# OSRC: http://www.open-rsc.org/
ipv4_alias["osrc"] =
"199.166.24.1,205.189.73.102,199.166.24.3,207.126.103.16,195.117.6.10,205.18
9.73.10,204.57.55.100,213.196.2.97"
# AlterNIC: http://www.alternic.org/
ipv4_alias["alternic"] =
"160.79.129.192,24.6.78.12,160.79.133.70,65.15.8.202,216.162.42.240,195.224.
64.190,160.79.133.66,216.162.42.185"
# OpenNIC: http://www.opennic.unrated.net/
ipv4_alias["opennic"] =
"131.161.247.226,209.151.84.102,64.247.218.140,64.247.218.149,209.104.33.250
,209.104.63.249,209.151.84.103,199.175.137.211,207.6.128.246,65.243.92.254"
# Pacific Root: http://www.pacificroot.com/
# Disabled because Pacific Root no longer runs traditional style root
# servers
#ipv4_alias["pacificroot"] =
"204.107.129.2,208.179.42.162,12.28.140.20,204.107.129.10,212.115.192.151,20
2.76.159.5,209.54.94.3,167.160.132.2"
# IRSC: http://www.irsc.ah.net/
# This group was terminated January 2002
#ipv4_alias["irsc"] =
"203.21.205.2,203.21.205.3,212.234.36.20,212.234.36.19,207.180.91.9,198.199.
168.92,207.180.91.10"
# TINC: http://www.tinc-org.com/
# On 2002/11/15, the tinc domain was owned by a domain squatter
# The only working server on this list is 145.89.234.7
#ipv4_alias["tinc"] =
"64.6.65.10,208.128.113.35,212.172.21.254,207.112.147.14,145.89.234.7,209.13
3.38.16"
# Super Root: http://www.superroot.org/
# They no longer use a traditional list of root servers
#ipv4_alias["superroot"] =
"199.5.157.128,199.166.24.12,199.166.28.10,5.189.73.10,199.166.31.250,199.16
6.24.1,205.189.73.102,199.166.24.3,204.80.125.130,207.126.103.16,204.57.55.1
00"
# End of list of root name server lists
# Here is a ACL which restricts who is allowed to perform zone transfer from
# the zoneserver program
# VERY IMPORTANT: Do not put spaces in the zone_transfer_acl list
# Good: zone_transfer_acl = "office,home"
# Bad: zone_transfer_acl = "office, home"
# Simplest form: 10.1.1.1/24 (IP: 10.1.1.1, 24 left bits in IP need to
match)
# and 10.100.100.100/255.255.255.224 (IP: 10.100.100.100, netmask
# 255.255.255.224) are allowed to connect to the zone server
# NOTE: The "maradns" program does not serve zones. Zones are served
# by the "zoneserver" program.
# zone_transfer_acl = "10.1.1.1/24,10.100.100.100/255.255.255.224"
zone_transfer_acl = "192.168.1.1/24,192.168.2.1/24"
# More complex: We create two aliases: One called "office" and another
# called "home". We allow anyone in the office or at home to perform zone
# transfers
# ipv4_alias["office"] = "10.1.1.1/24"
# ipv4_alias["home"] = "10.100.100.100/255.255.255.224"
# zone_transfer_acl = "office,home"
# More complex then the last example. We have three employees,
# Susan, Becca, and Mia, whose computers we give zone transfer rights to.
# Susan and Becca are system administrators, and Mia is a developer.
# They are all part of the company. We give the entire company zone
# transfer access
# ipv4_alias["susan"] = "10.6.7.8/32" # Single IP allowed
# ipv4_alias["becca"] = "10.7.8.9" # also a single IP
# ipv4_alias["mia"] = "10.8.9.10/255.255.255.255" # Also a single IP
# ipv4_alias["sysadmins"] = "susan,becca"
# ipv4_alias["devel"] = "mia"
# ipv4_alias["company"] = "sysadmins,devel"
# This is equivalent to the above line
# ipv4_alias["company"] = "susan,becca,mia"
# zone_transfer_acl = "company"
# If you want to enable recursion on the loopback interface, uncomment
# the relevent lines in the following section
# Recursive ACL: Who is allowd to perform recursive queries. The format
# is identical to that of "zone_transfer_acl", including ipv4_alias support
ipv4_alias["localhost"] = "127.0.0.0/8,192.168.1.0/24"
recursive_acl = "localhost"
# Random seed file: The file from which we read 16 bytes from to get the
# 128-bit random Rijndael key. This is ideally a file which is a good
source
# of random numbers, but can also be a fixed file if your OS does not have
# a decent random number generator (make sure the contents of that file is
# random and with 600 perms, owned by root, since we read the file *before*
# dropping root privledges)
random_seed_file = "/dev/urandom"
# The maximum number of elements we can have in the cache. If we have more
# elements in the cache than this amount, the "custodian" kicks in to
effect,
# removing elements not recently accessed from the cache (8 elements removed
# per query) until we are at the 99% level or so again.
maximum_cache_elements = 1024
# It is possible to change the minimul "time to live" for entries in the
# cache; this is the minimum time that an entry will stay in the cache.
# Value is in seconds; default is 300 (5 minutes)
min_ttl = 300
# CNAME records generally take more effort to resolve in MaraDNS than
# non-CNAME records; it is a good idea to make this higher then min_ttl
# default value is to be the same as min_ttl
min_ttl_cname = 900
# The root servers which we use when making recursive queries.
# The following line must be uncommented to enable recursive queries
root_servers = {}
# You can choose which set of root servers to use. Current values (set
above)
# are: icann, osrc, alternic, opennic, pacificroot, irsc, tinc, and
# superroot. This line must also be uncommented to enable recursive
# queries.
root_servers["."] = "osrc,icann,alternic,opennic"
# You can tell MaraDNS to *not* query certain DNS servers when in recursive
# mode. This is mainly used to not allow spam-friendly domains to resolve,
# since spammers are starting to get in the habit of using spam-friendly
# DNS servers to resolve their domains, allowing them to hop from ISP to
# ISP. The format of this is the same as for zone_transfer_acl and
# recursive_acl
#
# For example, at the time of this document (August 12, 2001), azmalink.net
# is a known spam-friendly DNS provider (see
doc/detailed/spammers/azmalink.net
# for details.) Note that this is based on IPs, and azmalink.net constantly
# changes IPs (as they constantly have to change ISPs)
# 2002/10/12: Azmalink changed ISP again, this reflect their current ISP
ipv4_alias["azmalink"] = "12.164.194.0/24"
# As of September 20, 2001, hiddenonline.net is a known spam-friendly
# DNS provider (see doc/detailed/spammers/hiddenonline for details).
ipv4_alias["hiddenonline"] = "65.107.225.0/24"
spammers = "azmalink,hiddenonline"
# It is also possible to change the maximum number of times MaraDNS will
# follow a CNAME record or a NS record with a glue A record. The default
# value for this is ten.
max_glueless_level = 10
# In addition, one can change the maximum number of total queries that
# MaraDNS will perform to look up a host name. The default value is 32.
max_queries_total = 32
# In addition, one can change the amount of time that MaraDNS will wait
# for a DNS server to respond before giving up and trying the next DNS
# server on a list. Note that, the larger this value is, the slower
# MaraDNS will process recursive queries when a DNS server is not
# responding to DNS queries. The default value is two seconds.
timeout_seconds = 2
# And that does it for the caching at this point
DB.DAWNSIGN.COM: ####################################################
# Zone file for dawnsign.com (authoritative zone file)
# last changed by DSS - 6/17/03
# The SOA record must be first, followed by all authoritative NS
# records for this zone.
Sdawnsign.com.|86400|dawnsign.com.|admin@dawnsign.com.|19771108|7200|3600|60
4800|1800
Ndawnsign.com.|86400|ns1.dawnsign.com.
Ndawnsign.com.|86400|ns2.dawnsign.com.
# Some 'IN A' records
Adawnsign.com.|86400|207.158.59.34
Amercury.dawnsign.com.|86400|192.168.1.4
Ans1.dawnsign.com.|86400|192.168.1.254
Ans2.dawnsign.com.|86400|192.168.1.1
Amyrouter.%|86400|192.168.1.254
Aaltair.%|86400|192.168.1.1
Acorona.%|86400|192.168.1.5
Agemini.%|86400|192.168.1.6
Asalive.%|86400|192.168.1.15
Amail.%|86400|192.168.1.4
Asquid.%|86400|192.168.1.35
Akonica.%|86400|192.168.1.160
Awebmail.%|86400|192.168.1.2
Amailscanner.%|86400|192.168.2.3
# An 'IN MX' record
@dawnsign.com.|86400|10|mercury.dawnsign.com.
# An 'IN CNAME' record
Cwww.dawnsign.com.|86400|dawnsign.com.
# An 'IN TXT' record
#Tdawnsign.com.|86400|dawnsign.com: Buy products online at
http://www.dawnsign.com!
# An 'A' record showing the use of percent as a shortcut for the name
# of this zone (in this case, 'dawnsign.com.')
#Aftp.%|3600|10.7.8.9
# A 'TXT' record showing the use of the backslash which allows any
# octal code in the record
#Tpercent.%|7200|Get 50\045 off all \%items\% at dawnsign.com!
# A 'PTR' record which, while marked as unauthoritative, allows this
# program to work with nslookup when bound on IP 127.0.0.3
# NOTE: This record is not part of the dawnsign.com domain, and,
# therefore, can not be transferred with the getzone client
#P3.0.0.127.in-addr.arpa.|1234|nslookup.bug.workaround.
P1.0.0.127.in-addr.arpa.|1234|ns1.dawnsign.com.
####################################################
I have used tinyDNS successfully on this router in the past 2 years. I find
that MaraDNS resolves names much quicker than tinyDNS and would like to
continue to use MaraDNS if these freezes can be resolved. Can anyone
pinpoint any issues with the configuration files? I also want to apologize
for this lengthy mail.
Thanks in advance.
~Doug
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic