How to install the fast and lightweight DNS Server MaraDNS on CentOS 7
MaraDNS is a small, free and lightweight Domain Name Server. It is an alternative open-source DNS server, which acts as a caching, recursive, or authoritative nameserver. It is remarkably easy to configure and available for Linux and Windows platform. It can be downloaded from here. You can read more about DNS, recursive DNS, Authoritative DNS here.
Below are some interesting characteristics of MarDNS:
- Easy to install
- Low memory usage (Uses approx 5MB of RAM)
- Can acts as a Authoritative nameserver and Recursive nameserver.
- Not to miss, the documentation on the MaraDNS website is very simple to understand.
Let us now get started with MaraDNS on CentOS 7. Below steps will guide you about installation and configuration of MaraDNS:
Installing MaraDNS
As of now, there aren't any RPMs available of MaraDNS for CentOS 7, so we will be installing and compiling it from source.
Install gcc:
sudo yum install gcc
Download the latest source archive from here. You can do it as:
wget http://maradns.samiam.org/download/2.0/2.0.11/maradns-2.0.11.tar.bz2
Extract the contents of archive:
tar -xjf maradns-2.0.11.tar.bz2
Change to extracted MaraDNS directory, compile and install the programs:
cd maradns-2.0.11
sudo make
sudo make install
MaraDNS is now installed. The MaraDNS service is installed at /etc/init.d/maradns. You can simply start the service by:
sudo /etc/init.d/maradns start
To start the recursive demon, run:
sudo /etc/init.d/maradns.deadwood start
By default the authoritative nameserver listens on port 127.0.0.1 and the recursive one on port 127.0.0.2.
Let us make sure to start MaraDNS on boot up:
chkconfig maradns on
The recursive DNS server’s init script is required to be made compatible with chkconfig before you can have it run at startup. Add below content to the top of the file /etc/init.d/maradns.deadwood file:
# chkconfig: - 55 45
# description: MaraDNS is secure Domain Name Server (DNS)
# probe: true
Set it to run at boot up:
chkconfig maradns.deadwood on
Configuring MaraDNS as an Authoritative Nameserver
Authoritative DNS servers “know” the mapping of URL to IP for any given domain. They are the source of the information that the recursive DNS servers send to web clients like browsers(Chrome, Firefox). You can configure MaraDNS as an Authoritative nameserver as:
Edit the MaraDNS’ configuration file i.e. /etc/mararc:
ipv4_bind_addresses = "127.0.0.1" chroot_dir = "/etc/maradns"
csv2 = {} csv2["example.net."] = "db.example.net"
The first line tells MaraDNS to listen on IP-127.0.0.1. You can add more IPs to it, separated by comma. For eg.- 127.0.0.1, x.x.x.x
The second line chroot_dir is to mention the directory where all the zone files will be kept.
The third line initializes the csv2 hash with csv2 = {} command.
The fourth line mentions the zone file named db.example.net for domain name example.net.
Here is the zone file named db.example.net for domain name example.net which is self explanatory:
example.net. +14400 soa ns1.example.net. [email protected]. 2012010117 14400 3600 604800 14400 ~ example.net. +14400 ns ns1.example.net. ~ example.net. +14400 ns ns2.example.net. ~ ns1.example.net. +14400 a 127.0.0.1 ~ ns2.example.net. +14400 a 127.0.0.1 ~ example.net. +14400 a 127.0.0.1 ~ www.example.net. +14400 a 127.0.0.1 ~ example.net. +14400 mx 10 mail.example.net. ~ mail.example.net. +14400 a 127.0.0.1 ~
You begin with the Start Of Authority (SOA) line. You then specify the authoritative nameservers and the other records. A record consists of the domain name, TTL (Time to live), record type and the value of the record.
Two things to note are that all domain names end with a period i.e. they must be fully qualified domain names and all records end with a tilde character (~). To know more, check out the documentation on the format of zone files.
To be more simple, lets just point example.net to 127.0.0.1. This is how you do it:
example.net. 127.0.0.1 ~
Restart the service as:
sudo /etc/init.d/maradns restart
Configuring MaraDNS as an Recursive Nameserver
When your web browser sends out a DNS query — assuming the browser doesn’t already have the mapping stored in its cache — it is sent to a recursive DNS server. It is also called as DNS forwarding. It by default listens on port- 127.0.0.2 and you can add more IPs to it, separated by comma. For eg.- 127.0.0.2, x.x.x.x. You can configure MaraDNS as an Recursive nameserver by appending below lines to /etc/dwood3rc file :
upstream_servers = {}
upstream_servers["."] = "8.8.8.8, 8.8.4.4" # Forwarding requests to Google DNS Servers
Restart the service as:
sudo /etc/init.d/maradns.deadwood restart
You are done with setting up the MaraDNS server! :)
Tip- If you want your MaraDNS server to respond to external DNS queries, you would need to:
Add your machine's public IP to both the configuration files (/etc/mararc & /etc/dwood3rc) and modify them as:
/etc/mararc:
ipv4_bind_addresses = "127.0.0.1, x.x.x.x" #Replace x.x.x.x with your machine's public address.
/etc/dwood3rc:
bind_address="127.0.0.2, x.x.x.x" #Replace x.x.x.x with your machine's public address.
recursive_acl = "0.0.0.0/0" #To allow connections from anywhere.
You can these sample files from here. Do not forget to restart the services once again.
That's all!