How to install the fast and lightweight DNS Server MaraDNS on CentOS 7

MaraDNS is a small, free and lightweight Domain Name Server. It is an alternative open-source DNS server, which acts as a caching, recursive, or authoritative nameserver. It is remarkably easy to configure and available for Linux and Windows platform. It can be downloaded from here. You can read more about DNS, recursive DNS, Authoritative DNS here.

Below are some interesting characteristics of MarDNS:

  • Easy to install
  • Low memory usage (Uses approx 5MB of RAM)
  • Can acts as a Authoritative nameserver and Recursive nameserver.
  • Not to miss, the documentation on the MaraDNS website is very simple to understand.

Let us now get started with MaraDNS on CentOS 7. Below steps will guide you about installation and configuration of MaraDNS:

Installing MaraDNS

As of now, there aren't any RPMs available of MaraDNS for CentOS 7, so we will be installing and compiling it from source.

Install gcc:

sudo yum install gcc

Download the latest source archive from here. You can do it as:


Extract the contents of archive:

tar -xjf maradns-2.0.11.tar.bz2

Change to extracted MaraDNS directory, compile and install the programs:

cd maradns-2.0.11
sudo make
sudo make install

MaraDNS is now installed. The MaraDNS service is installed at /etc/init.d/maradns. You can simply start the service by:

sudo /etc/init.d/maradns start

To start the recursive demon, run:

sudo /etc/init.d/maradns.deadwood start

By default the authoritative nameserver listens on port and the recursive one on port

Let us make sure to start MaraDNS on boot up:

chkconfig maradns on

The recursive DNS server’s init script is required to be made compatible with chkconfig before you can have it run at startup. Add below content to the top of the file /etc/init.d/maradns.deadwood file:

# chkconfig: - 55 45
# description: MaraDNS is secure Domain Name Server (DNS)
# probe: true

Set it to run at boot up:

chkconfig maradns.deadwood on

Configuring MaraDNS as an Authoritative Nameserver

Authoritative DNS servers “know” the mapping of URL to IP for any given domain. They are the source of the information that the recursive DNS servers send to web clients like browsers(Chrome, Firefox). You can configure MaraDNS as an Authoritative nameserver as:

Edit the MaraDNS’ configuration file i.e. /etc/mararc:

ipv4_bind_addresses = ""
chroot_dir = "/etc/maradns"
csv2 = {} csv2[""] = ""

The first line tells MaraDNS to listen on IP- You can add more IPs to it, separated by comma. For eg.-, x.x.x.x

The second line chroot_dir is to mention the directory where all the zone files will be kept.

The third line initializes the csv2 hash with csv2 = {} command.

The fourth line mentions the zone file named for domain name

Here is the zone file named for domain name which is self explanatory:      +14400    soa [email protected] 2012010117 14400 3600 604800 14400 ~      +14400    ns ~      +14400    ns ~  +14400    a ~  +14400    a ~      +14400    a ~  +14400    a ~      +14400    mx     10 ~ +14400    a ~

You begin with the Start Of Authority (SOA) line. You then specify the authoritative nameservers and the other records. A record consists of the domain name, TTL (Time to live), record type and the value of the record.
Two things to note are that all domain names end with a period i.e. they must be fully qualified domain names and all records end with a tilde character (~). To know more, check out the documentation on the format of zone files.

To be more simple, lets just point to This is how you do it: ~

Restart the service as:

sudo /etc/init.d/maradns restart

Configuring MaraDNS as an Recursive Nameserver

When your web browser sends out a DNS query — assuming the browser doesn’t already have the mapping stored in its cache — it is sent to a recursive DNS server. It is also called as DNS forwarding. It by default listens on port- and you can add more IPs to it, separated by comma. For eg.-, x.x.x.x. You can configure MaraDNS as an Recursive nameserver by appending below lines to /etc/dwood3rc file :

upstream_servers = {}
upstream_servers["."] = "," # Forwarding requests to Google DNS Servers

Restart the service as:

sudo /etc/init.d/maradns.deadwood restart

You are done with setting up the MaraDNS server! :)

Tip- If you want your MaraDNS server to respond to external DNS queries, you would need to:

Add your machine's public IP to both the configuration files (/etc/mararc & /etc/dwood3rc) and modify them as:


ipv4_bind_addresses = ", x.x.x.x" #Replace x.x.x.x with your machine's public address.


bind_address=", x.x.x.x" #Replace x.x.x.x with your machine's public address.

recursive_acl = "" #To allow connections from anywhere.

You can these sample files from here. Do not forget to restart the services once again.

That's all!

Share this page:

6 Comment(s)

Add comment

Please register in our forum first to comment.


By: Ian

PLEASE, do NOT configure your recursive nameserver to listen on your public address! This is a massive attack vector allowing DNS amplification attacks (i.e DDoS).

If, for some reason, you do need to allow recursion from outside of your network, you MUST limit the allowed hosts to a set of well-known and trusted IPs. DO NOT "allow connecitons from anywhere" as the article gives as an example. Bad dog, Bad!


By: Maria

Ian, he was just giving an example. So that a new learner learns about the basics of it. Show some respect. If you have courage, write tutorials yourself.

By: Straygrey

Why is this labelled CentOS specific. Surely it would work with any Linux?

By: belfedia

Somes problems with debian jessie with make install (some error about man)

no /etc/init.d/maradns commands, but working  !

By: Rich

possibly anive question - I'm attempting to setup an unmanaged VPS for the first time and followed your (very clear) tutorial.I wanted to check I understood correctly, if I have several domains (eg hosted with an external registar, do I simply need to:* follow all of your steps* create a file for each domain, (just changing the domain inside from your example)* do the section of setting MaraDNS to respond to external DNS queries* don't do the recursive_acl part* go to registrar and change nameservers to the ones in the db file eg: ns1.XXX.comIs that right?Do the nameservers propogate out from this process? so approx how long until the NSs can be added to the domain?Thanks and once again, great tutorial (speaking a someone who never saw SSH, Vim or a VPS commandline until today)

By: rodrigorootrj

Hey, tks for tuto.

I have read all tutorial and try implement in my environment but not work. I'm use centos 7

and disable firewall, selinux natives. Tecnicaly this package work, when i checked with 'netstat' or 'ps' i see his,

but when i try test in localhost with telnet in 53 port the system deny, i try telnt

with localhost: telnet localhost 53 and not work. I have a workstation in my network but can't connect too.


I setup my host too, but not work. This domain is used from somebody, then my dns search another host, not me own.

I know DNS servers, but i not setup a long time ago.