How to install the fast and lightweight DNS Server MaraDNS on CentOS 7

MaraDNS is a small, free and lightweight Domain Name Server. It is an alternative open-source DNS server, which acts as a caching, recursive, or authoritative nameserver. It is remarkably easy to configure and available for Linux and Windows platform. It can be downloaded from here. You can read more about DNS, recursive DNS, Authoritative DNS here.

Below are some interesting characteristics of MarDNS:

  • Easy to install
  • Low memory usage (Uses approx 5MB of RAM)
  • Can acts as a Authoritative nameserver and Recursive nameserver.
  • Not to miss, the documentation on the MaraDNS website is very simple to understand.

Let us now get started with MaraDNS on CentOS 7. Below steps will guide you about installation and configuration of MaraDNS:

Installing MaraDNS

As of now, there aren't any RPMs available of MaraDNS for CentOS 7, so we will be installing and compiling it from source.

Install gcc:

sudo yum install gcc

Download the latest source archive from here. You can do it as:

wget http://maradns.samiam.org/download/2.0/2.0.11/maradns-2.0.11.tar.bz2

Extract the contents of archive:

tar -xjf maradns-2.0.11.tar.bz2

Change to extracted MaraDNS directory, compile and install the programs:

cd maradns-2.0.11

sudo make

sudo make install

MaraDNS is now installed. The MaraDNS service is installed at /etc/init.d/maradns. You can simply start the service by:

sudo /etc/init.d/maradns start

To start the recursive demon, run:

sudo /etc/init.d/maradns.deadwood start

By default the authoritative nameserver listens on port 127.0.0.1 and the recursive one on port 127.0.0.2.

Let us make sure to start MaraDNS on boot up:

chkconfig maradns on


The recursive DNS server’s init script is required to be made compatible with chkconfig before you can have it run at startup. Add below content to the top of the file /etc/init.d/maradns.deadwood file:

# chkconfig: - 55 45
# description: MaraDNS is secure Domain Name Server (DNS)
# probe: true

Set it to run at boot up:

chkconfig maradns.deadwood on

Configuring MaraDNS as an Authoritative Nameserver

Authoritative DNS servers “know” the mapping of URL to IP for any given domain. They are the source of the information that the recursive DNS servers send to web clients like browsers(Chrome, Firefox). You can configure MaraDNS as an Authoritative nameserver as:

Edit the MaraDNS’ configuration file i.e. /etc/mararc:

ipv4_bind_addresses = "127.0.0.1"
chroot_dir = "/etc/maradns"
csv2 = {} csv2["example.net."] = "db.example.net"

The first line tells MaraDNS to listen on IP-127.0.0.1. You can add more IPs to it, separated by comma. For eg.- 127.0.0.1, x.x.x.x

The second line chroot_dir is to mention the directory where all the zone files will be kept.

The third line initializes the csv2 hash with csv2 = {} command.

The fourth line mentions the zone file named db.example.net for domain name example.net.

Here is the zone file named db.example.net for domain name example.net which is self explanatory:

example.net.      +14400    soa    ns1.example.net. [email protected] 2012010117 14400 3600 604800 14400 ~ 
example.net.      +14400    ns     ns1.example.net. ~ 
example.net.      +14400    ns     ns2.example.net. ~ 
ns1.example.net.  +14400    a      127.0.0.1 ~ 
ns2.example.net.  +14400    a      127.0.0.1 ~ 
example.net.      +14400    a      127.0.0.1 ~ 
www.example.net.  +14400    a      127.0.0.1 ~ 
example.net.      +14400    mx     10 mail.example.net. ~
mail.example.net. +14400    a      127.0.0.1 ~

You begin with the Start Of Authority (SOA) line. You then specify the authoritative nameservers and the other records. A record consists of the domain name, TTL (Time to live), record type and the value of the record.
Two things to note are that all domain names end with a period i.e. they must be fully qualified domain names and all records end with a tilde character (~). To know more, check out the documentation on the format of zone files.

To be more simple, lets just point example.net to 127.0.0.1. This is how you do it:

example.net.    127.0.0.1 ~

Restart the service as:

sudo /etc/init.d/maradns restart

Configuring MaraDNS as an Recursive Nameserver

When your web browser sends out a DNS query — assuming the browser doesn’t already have the mapping stored in its cache — it is sent to a recursive DNS server. It is also called as DNS forwarding. It by default listens on port- 127.0.0.2 and you can add more IPs to it, separated by comma. For eg.- 127.0.0.2, x.x.x.x. You can configure MaraDNS as an Recursive nameserver by appending below lines to /etc/dwood3rc file :

upstream_servers = {}
upstream_servers["."] = "8.8.8.8, 8.8.4.4" # Forwarding requests to Google DNS Servers

Restart the service as:

sudo /etc/init.d/maradns.deadwood restart

You are done with setting up the MaraDNS server! :)

Tip- If you want your MaraDNS server to respond to external DNS queries, you would need to:

Add your machine's public IP to both the configuration files (/etc/mararc & /etc/dwood3rc) and modify them as:

/etc/mararc:

ipv4_bind_addresses = "127.0.0.1, x.x.x.x" #Replace x.x.x.x with your machine's public address.

/etc/dwood3rc:

bind_address="127.0.0.2, x.x.x.x" #Replace x.x.x.x with your machine's public address.

recursive_acl = "0.0.0.0/0" #To allow connections from anywhere.

You can these sample files from here. Do not forget to restart the services once again.

That's all!

Share this page:

3 Comment(s)

Add comment

Comments

From: Ian

PLEASE, do NOT configure your recursive nameserver to listen on your public address! This is a massive attack vector allowing DNS amplification attacks (i.e DDoS).

If, for some reason, you do need to allow recursion from outside of your network, you MUST limit the allowed hosts to a set of well-known and trusted IPs. DO NOT "allow connecitons from anywhere" as the article gives as an example. Bad dog, Bad!

 

From: Maria

Ian, he was just giving an example. So that a new learner learns about the basics of it. Show some respect. If you have courage, write tutorials yourself.

From: Straygrey

Why is this labelled CentOS specific. Surely it would work with any Linux?