# Maradns and Deadwood as lan dns, recursion doesn't work



## Alarc'h (Sep 23, 2018)

Hi everyone,

I need an authoritative DNS server in my lan on dummy domains or subdomains of real domains. This allows me to test web applications in development.
The structure of my network is very classic:
Internet connection via a box of my ISP. It acts as a DHCP server and  DNS cache server behind my ISP's DNS.
Three development workstations under GNU/Linux and a test server under FreeBSD. The entire network is in subnet 192.168.1.0/24
I want my DNS server to be located on my FreeBSD server (under FreeBSD 11.1-RELEASE with ZFS).
My DNS server must resolve requests for domains of my internal network that are on the BSD server (192.168.1.12) and forward other recursive requests to my ISP's box.
To achiev this I installed (with pkg) the maradns server which seems much easier to configure than a heavyweight like BIND and largely sufficient for my needs.
For now, if I place my BSD DNS server in /etc/resolv.conf on one of my workstations, I can resolve local DNS requests, but the recursion does not work.
`dig` gives the following results, first for one of my dummy domains:

```
marc@Marc-ThinkPad-SL510 ~ $ dig www.yakati.bid
*
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.yakati.bid
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16827
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.yakati.bid.                        IN      A

;; ANSWER SECTION:
www.yakati.bid.         3600    IN      A       192.168.1.12

;; AUTHORITY SECTION:
yakati.bid.             86400   IN      NS      synth-ip-c0a8010c.yakati.bid.

;; ADDITIONAL SECTION:
synth-ip-c0a8010c.yakati.bid. 86400 IN  A       192.168.1.12

;; Query time: 0 msec
;; SERVER: 192.168.1.12#53(192.168.1.12)
;; WHEN: Sun Sep 23 12:07:58 CEST 2018
;; MSG SIZE  rcvd: 96
```
But when I'm looking for a real domain:

```
marc@Marc-ThinkPad-SL510 ~ $ dig orange.fr

; <<>> DiG 9.10.3-P4-Ubuntu <<>> orange.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 39958
;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; Query time: 0 msec
;; SERVER: 192.168.1.12#53(192.168.1.12)
;; WHEN: Sun Sep 23 12:07:52 CEST 2018
;; MSG SIZE  rcvd: 12
```
Recursion is not available, and in the logs I see :

```
Sep 23 12:04:51 FreeBSD-test-server /usr/local/sbin/maradns:  Log: All RRs have been loaded
Sep 23 12:04:51 FreeBSD-test-server /usr/local/sbin/maradns:  Log: Awaiting data on port 53
Sep 23 12:05:13 FreeBSD-test-server /usr/local/sbin/maradns:  Log: Message received, processing
Sep 23 12:05:13 FreeBSD-test-server /usr/local/sbin/maradns: Query from: 192.168.1.13 Awww.yakati.com.
Sep 23 12:05:13 FreeBSD-test-server /usr/local/sbin/maradns:  Log: Bad query received: <\%\001 \000\001\000\000\000\000\000\001\003www\006yakati\003com\000\000\001\000\001\000\000)\020\000\000\000\000\000\000\000
Sep 23 12:05:13 FreeBSD-test-server /usr/local/sbin/maradns: From IP: 192.168.1.13
Sep 23 12:05:13 FreeBSD-test-server /usr/local/sbin/maradns:  Log: I'm sorry Dave (recurse attempt)
Sep 23 12:05:18 FreeBSD-test-server /usr/local/sbin/maradns:  Log: Message received, processing
Sep 23 12:05:45 FreeBSD-test-server /usr/local/sbin/maradns: Query from: 192.168.1.13 Awww.yakati.bid.
Sep 23 12:05:45 FreeBSD-test-server /usr/local/sbin/maradns:  Log: Message received, processing
```
My maradns configuration files are written as follows (removing unnecessary comments) :

/usr/local/etc/maradns/mararc

```
csv2 = {}
csv2["test.alarch.pw."] = "db.test.alarch.pw"
csv2["yakati.bid."] = "db.yakati.bid"
ipv4_bind_addresses = "192.168.1.12"
chroot_dir = "/usr/local/etc/maradns"
maradns_uid = 53
no_fingerprint = 0
max_chain = 8
max_ar_chain = 1
max_total = 20
verbose_level = 3
```
/usr/local/etc/maradns/dwood3rc

```
bind_address="192.168.1.12" # IP we bind to
timeout_seconds = 4
chroot_dir = "/usr/local/etc/maradns" # Directory we run program from (not used in Win32)

# recursive servers
upstream_servers = {}
upstream_servers["."]="192.168.1.1" # Servers we connect to

# root servers for local domains
root_servers = {}
root_servers["bid."]="192.168.1.12"

recursive_acl = "192.168.1.0/24" # Who is allowed to use the cache
maxprocs = 2048 # Maximum number of pending requests
handle_overload = 1 # Send SERVER FAIL when overloaded
maradns_uid = 53 # UID Deadwood runs as
maradns_gid = 53 # GID Deadwood runs as
maximum_cache_elements = 60000
cache_file = "dw_cache"
resurrections = 1
verbose_level = 100
# For using Deadwood to resolve names on an internal network
filter_rfc1918 = 0
```

Where does this malfunction come from, is it an error in the configuration files or something deeper?
If someone knows maradns well, I am interested in any information that would put me on the right track.


----------

