Provided by: maradns_1.0.35-1_i386 bug

NAME

       maradns - DNS server

SYNOPSIS

       maradns [ -v | -f mararc_file_location ]

TABLE OF CONTENTS

       This man page has the following sections:

           Name
           Synopsis
           Table of Contents
           Description
           Usage
           Firewall Configuration
           Frequently Asked Questions
           Bugs
           Unimplemented Features
           Legal Disclaimer
           Authors

DESCRIPTION

       maradns is a DNS server written with security, simplicity, and
       performance in mind.  maradns has two forms of arguments, both of which
       are optional.

       The first is the location of a mararc file which MaraDNS obtains all
       configuration information from.  The default location of this file is
       /etc/mararc.  This is specified in the form maradns -f
       mararc_file_location; mararc_file_location is the location of the
       mararc file.

       It is also possible to have MaraDNS display the version number and
       exit. This is specified by invoking maradns in the form maradns -v or
       maradns --version

USAGE

       If MaraDNS is functioning only as a recursive nameserver, just one file
       needs to be set up: The mararc file.

       In order for MaraDNS to function as an authoritative nameserver, two or
       more files need to be set up: the mararc file and one or more "csv1"
       zone files.

       The configuration formation of a csv1 zone file can be obtained from
       the csv1(5) manual page. The configuration format of the mararc file
       can be obtained from the mararc(5) manual page.

FIREWALL CONFIGURATION

       If MaraDNS is being used as an authoritative nameserver, allow UDP
       connections from all hosts on the internet to UDP port 53 for the IP
       that the authoritative nameserver uses.

       If MaraDNS is being used as a recursive nameserver, the firewall needs
       to allow the following packets to go to and from the IP the recursive
       nameserver uses:

       * Allow UDP connections from the MaraDNS-running server to any machine
         on the internet where the UDP destination port is 53

       * Allow UDP connections from any machine on the internet to the IP of
         the recursive server, where the source port from the remote server is
         53, and the destination port is between 15000 and 19095 (inclusive)

       * Allow UDP connections from IPs that use MaraDNS as a recursive DNS
         server to port 53 of the MaraDNS server

       MaraDNS uses a strong secure RNG for both the query (16 bits of
       entropy) and the source port of the query (12 bits of entropy). This
       makes spoofing replies to a MaraDNS server more difficult, since the
       attacker has only a one in 250 million chance that a given spoofed
       reply will be considered valid.

FREQUENTLY ASKED QUESTIONS

    INDEX

           1. How to I try out MaraDNS?  2. What license is MaraDNS released
           under?

           3. How do I get MaraDNS to bind to multiple IP addresses?

           4. How come BIND 9 can not process MaraDNS queries when MaraDNS is
           bound to multiple IP addresses?

           5. How do I report bugs in MaraDNS?

           6. Some of the postings to the mailing list do not talk about
           MaraDNS!

           7. How to I get off the mailing list?

           8. How do I set up reverse DNS on MaraDNS?

           9. I am on a slow network, and MaraDNS can not process recursive
           queries

           10. When I try to run MaraDNS, I get a Fatal error: Error running
           populate_main program or a Fatal error: init_cache() failed error
           message.

           11. I am trying to register a domain under the .au or the .de name
           space,and my registrar is not taking my domain name

           12. After I start MaraDNS, I can not see the process when I run
           netstat -na

           13. What string library does MaraDNS use?

           14. Why is MaraDNS public domain instead of BSD or GPL licensed?

           15. Why does MaraDNS use a multi-threaded model?

           16. I feel that XXX feature should be added to MaraDNS

           17. I feel that MaraDNS should use another documentation format

           18. Is there any process I need to follow to add a patch to
           MaraDNS?

           19. Can MaraDNS act as a primary nameserver?

           20. Can MaraDNS act as a secondary nameserver?

           21. What is the difference between an authoritative and a recursive
           DNS server?

           22. The getzone client isn´t allowing me to add certain hostnames
           to my zone

           23. I have having problems transferring zones from MaraDNS´ zone
           server to a BIND zone transfer client

           24. Is MaraDNS portable?

           25. How do I compile MaraDNS on OpenBSD?

           26. Can I use MaraDNS in Windows?

           27. MaraDNS freezes up after being used for a while

           28. What kind of Python integration does MaraDNS have

           29. Doesn´t "kvar" mean "four" in Esperanto?

           30. How do I make MaraDNS´ time stamps human-readable?

           31. How scalable is MaraDNS?

           32. I´m getting a warning about dangling CNAME entries

    ANSWERS

    1. How to I try out MaraDNS?

       Read the quick start guide, which is the file named 0QuickStart in the
       MaraDNS distribution.
    2. What license is MaraDNS released under?

       None, actually. MaraDNS is released to the public domain.

    3. How do I get MaraDNS to bind to multiple IP addresses?

       The current method is to run multiple copies of MaraDNS, each using its
       own mararc file.

       E.g:

           maradns -f /etc/mararc.1
           maradns -f /etc/mararc.2
           etc.

       If you just want to bind to all IP addresses your computer has, bind to
       the IP "0.0.0.0"; however this can cause problems. See the next
       question.

       I don´t think this will be too hard to correctly implement, since I
       already have code for specifying multiple IP addresses with the IP ACL
       code used by the zone server. Until then, I will add this workaround to
       the FAQ.

    4. How come BIND 9 can not process MaraDNS queries when MaraDNS is bound
    to multiple IP addresses?

       In certain cricumstances, when MaraDNS is bound to more than one IP
       address, the underlying OS will send the UDP reply with a different IP
       than the IP the UDP query was sent to. This will confuse BIND 9, since
       BIND 9´s method for listening for requests that BIND has sent out
       expects the reply to come from the same IP that the request was sent
       to.
    5. How do I report bugs in MaraDNS?

       Before reporting a bug that MaraDNS has, please read the relevant man
       pages. The man pages should be installed when one installs MaraDNS,
       and, in addition, are available in the doc/man directory of the MaraDNS
       source tarball. (It is also possible that you are reading the man page
       right now)

       Some MaraDNS man pages (namely, the man pages for maradns, askmara,
       zoneserver, and mararc) have a section, titled "BUGS", which list
       already known bugs which I feel are not important enough to fix before
       the 1.0 release of MaraDNS. Bug reports which mention one of these bugs
       will be cheerfully ignored (or given a polite "thanks for the report,
       in this man page the bug is already mentioned" message if I am in a
       particularly good mood).

       Subscribe to the mailing list by sending mail to list-
       subscribe@maradns.org with "subscribe" as the subject line, and
       describe the bug by sending email to list@maradns.org.

    6. Some of the postings to the mailing list do not talk about MaraDNS!

       In cases where I post something to the mailing list which does not
       directly talk about MaraDNS, the subject line will not have [MARA] in
       it, but will have some form of the word CHATTER in it.  This way,
       people who do not like this can set up mail filters to filter out
       anything that comes from this list and doesn´t have [MARA] in the
       subject line, or simply unsubscribe from the list and read the list
       from the archives; if one needs to report a bug, they can subscribe to
       the list again, post their bug, then unsubscribe after a week.

       Another option is to set up one´s Freshmeat preferences to be notified
       in email every time I update MaraDNS at Freshmeat. This will give one
       email notice of any critical bug fixes without needing to be subscribed
       to the mailing list.

       The web page http://www.maradns.org/ has a link to the mailing list
       archives.

    7. How to I get off the mailing list?

       Send an email to list-request@maradns.org with "unsubscribe" as the
       subject line.
    8. How do I set up reverse DNS on MaraDNS?

       By using PTR (pointer) records. For example, the PTR record which
       performs the reverse DNS lookup for the ip 1.2.3.4 looks like this in a
       CSV1 zone file:
           P4.3.2.1.in-addr.arpa.|86400|www.example.com.
       If you wish to have a PTR (reverse DNS lookup; getting a DNS name from
       a numeric IP) record work on the internet at large, it is not a simple
       matter of just adding a record like this to a MaraDNS zonefile. One
       also needs control of the appropriate in-addr.arpa. domain.  While it
       can make logical sense to contact the IP 10.11.12.13 when trying to get
       the reverse DNS lookup (fully qualified domain name) for a given IP,
       DNS servers don´t do this. DNS server, instead, contact the root DNS
       servers for a given in-addr.arpa name to get the reverse DNS lookup,
       just like they do with any other record type.

       When an internet service provider is given a block of IPs, they are
       also given control of the DNS zones which allow them to control reverse
       DNS lookups for those IPs. While it is possible to obtain a domain and
       run a DNS server without the knowledge or intervention of an ISP, being
       able to control reverse DNS loookups for those IPs requires ISP
       intervention.

    9. I am on a slow network, and MaraDNS can not process recursive queries

       MaraDNS, by default, only waits two seconds for a reply from a remote
       DNS server. This default can be increased by adding a line like this in
       the mararc file:

           timeout_seconds = 5

       Note that making this too high will slow MaraDNS down when DNS servers
       are down, which is, alas, all too common on today´s internet.

    10. When I try to run MaraDNS, I get a Fatal error: Error running
    populate_main program or a Fatal error: init_cache() failed error message.

       If a line in a mararc file is too long, you will see, before the "Fatal
       error: Error running populate_main program" message, a message showing
       you the line number which is too long and the filename with the
       offending line. While it is possible to increase this limit by changing
       the appropriate variable in the MaraDns.h file, the current limit is in
       line with the 512-byte limit that UDP DNS packets have; MaraDNS does
       not currently support DNS over TCP.  Otherwise, this error message
       should not be visible. If it appears, subscribe to the mailing list
       (see above), and describe your problem by sending email to
       list@maradns.org. Be sure to include the following information:

       * The contents of your /etc/mararc file

       * The contents of any files in /etc/maradns

       * The full output MaraDNS generates

    11. I am trying to register a domain under the .au or the .de name space,
    and my registrar is not taking my domain name

       Both the German registrar and the Australian registrars require a
       RR_ANY request to return NS and SOA records. MaraDNS can do this if you
       add the following line to your mararc file:

       default_rrany_set = 15

    12. After I start MaraDNS, I can not see the process when I run netstat
    -na

       Udp services do not have a prominent "LISTEN" when netstat is run.
       When MaraDNS is up, the relevant line in the netstat output looks like
       this: udp 0 0 127.0.0.4:53 0.0.0.0:*

       While on the topic of netstat, if you run netstat -nap as root, you can
       see the names of the processes which are providing internet services.

    13. What string library does MaraDNS use?

       MaraDNS uses her own string library, which is called the "js_string"
       library. Man pages for most of the functions in the js_string library
       are in the folder doc/man of the MaraDNS distribution

    14. Why is MaraDNS public domain instead of BSD or GPL licensed?

       The post-1.0.xx releases of MaraDNS are, in fact, under a simple BSD
       license (without any "obnoxious" advertising clause).

       I used a public domain (non-)license so that MaraDNS could be
       integrated with Python without trouble. While Python is, I believe,
       currently GPL compatible, Python was not GPL-compatible at the time I
       decided on a license for MaraDNS.

    15. Why does MaraDNS use a multi-threaded model?

       The multi-threaded model is, plain and simple, the simplest way to
       write a functioning recursive DNS server. There is a reason why
       MaraDNS, pdnsd, and BIND 9 all use the multi-threaded model.

    16. I feel that XXX feature should be added to MaraDNS

       Before sending mail to the list with a feature request, please read the
       UNIMPLEMENTED FEATURES section of the MaraDNS man page, which has a
       list of feature requests other people have already sent me. If you do
       not see your requested feature in this section of the man page, send an
       email to the mailing list so that I can add your feature request to the
       UNIMPLEMENTED FEATURES section of the MaraDNS man page.

       Feature requests which include a patch which implements the feature in
       question are may even be implemented by MaraDNS, as long as the patch
       comes with a declaration that the patch is public domain.

       Note that MaraDNS is currently "frozen". In other words, new features
       will not be added until after the 1.0 release.

    17. I feel that MaraDNS should use another documentation format

       The reason that MaraDNS uses its own documentation format is to satisfy
       both the needs of translators to have a unified document format and my
       own need to use a documentation format that is simple enough to be
       readily understood and which I can add features on an as needed basis.

       The documentation format is essentially simplified HTML with some
       special tags added to meet MaraDNS´ special needs.

       For people who prefer other formats of documentation, I am open to
       making filters which convert from MaraDNS´ own "EJ" documentation
       format to the format in question after MaraDNS 1.0 is released.

       Having a given program have its own documentation format is not without
       precedent; Perl uses its own "pod" documentation format.

    18. Is there any process I need to follow to add a patch to MaraDNS?

       Yes.

       Here is the procedure for making a proper patch:

       * Enter the directory that the file is in, for example
         maradns-0.9.20/server

       * Copy over the file that you wish to modify to another file name. For
         example: cp MaraDNS.c MaraDNS.c.orig

       * Edit the file in question, e.g: vi MaraDNS.c

       * After editing, do something like this:
         diff -u MaraDNS.c.orig MaraDNS.c > maradns.patch

       * Make sure the modified version compiles cleanly

       Send a patch to me in email, along with a statement that you place the
       contents of the patch in to the public domain. If I find that the patch
       works well, I will integrate it in to MaraDNS.

    19. Can MaraDNS act as a primary nameserver?

       Yes.

       The zoneserver program serves zones so that other DNS servers can be
       secondaries for zones which MaraDNS serves. This is a separate program
       from the maradns server, which processes both authoritative and
       recursive UDP DNS queries.

    20. Can MaraDNS act as a secondary nameserver?

       Yes.

       The ´getzone´ program obtains zone files from remote DNS servers,
       outputting the contents of the zone file in MaraDNS´ "csv1" zone file
       format. This program can be run from cron. If one desires more BIND-
       like functionality, getzone can be wrapped in a shell script that uses
       askmara to look at the SOA record to see if the serial number of the
       zone has changed.

       I feel that the traditional DNS design of having a single application
       both serve DNS records and handle the maintenance of zone files is not
       ideal; the best design is to have a number of simple applications
       working together.

    21. What is the difference between an authoritative and a recursive DNS
    server?

       A recursive DNS server is a DNS server that is able to contact other
       DNS servers in order to resolve a given domain name label. This is the
       kind of DNS server one points to in /etc/resolve.conf An authoritative
       DNS server is a DNS server that a recursive server contacts in order to
       find out the answer to a given DNS query.

    22. The getzone client isn´t allowing me to add certain hostnames to my
    zone

       For security reasons, MaraDNS´ getzone client does not add records
       which are not part of the zone in question. For example, if someone has
       a zone for example.com, and this record in the zone: P1.1.1.10.in-
       addr.arpa.|86400|dns.example.com.

       MaraDNS will not add the record, since the record is out-of-bailiwick.
       In other words, it is a host name that does not end in .example.com.

       There are two workarounds for this issue:

       * Create a zone file for 1.1.10.in-addr.arpa., and put the PTR records
         there.

       * Use rcp, rsync, or another method to copy over the zone files in
         question.

    23. I have having problems transferring zones from MaraDNS´ zone server to
    a BIND zone transfer client

       BIND is rather picky about what kind of data it will accept from a zone
       server. Make sure the following is true with your domain:

       * Make sure that the authoritative NS records are at the top of your
         zone, immediately after the SOA record

       * Make sure that your authoritative NS records are NS records for your
         zone

       * To work around a known bug in MaraDNS, make sure you have at least
         one non-NS record between the authoritative NS records for your zone
         and any delegation NS records that exist in the zone.

       Here is an example bad zone file:

       Sexample.com.|86400|example.com.|hostmaster@example.com.|1|86400|3600|6048000|86400
       Nbad.example.com.|86400|ns1.example.com.
       Nbad.example.com.|86400|ns2.example.com.
       Nsubdomain.example.com.|86400|ns.subdomain.example.com.
       Aexample.com.|12345|10.2.3.4

       Here is the same zone file, with corrections:

       Sexample.com.|86400|example.com.|hostmaster@example.com.|1|86400|3600|6048000|86400
       Nexample.com.|86400|ns1.example.com.
       Nexample.com.|86400|ns2.example.com.
       Aexample.com.|12345|10.2.3.4
       Nsubdomain.example.com.|86400|ns.subdomain.example.com.

    24. Is MaraDNS portable?

       While I intend to have MaraDNS be a portable DNS server which will
       compile on a variety of unices, right now all of MaraDNS´s work
       development is being done on Linux.  In terms of proprietary OSes, I
       know that SCO Open Server, SCO UNIXware and Solaris have issues running
       a UDP or TCP server in a chroot() environment. Word is that, with
       Solaris and UNIXware, placing /dev/tcp and /dev/udp in the chroot()
       jail will allow a server like MaraDNS to function.

    25. How do I compile MaraDNS on OpenBSD?

       There are two ways to do this:

       To use the native thread support add -pthread to the CFLAGS variable.

       To use the GNU pthread library, install the pth package and add
       -L/usr/local/lib/pth to the linker.

       (Florin Iucha provided this tip)

    26. Can I use MaraDNS in Windows?

       Yes.

       Provided, of course, that one has the Cygwin environment which emulates
       a UNIX environment in Windows.

       MaraDNS should now compile fine on Cygwin systems. If not, join the
       mailing list and let me know; I will correct this FAQ entry.

    27. MaraDNS freezes up after being used for a while

       If using your ISP´s name servers or some other name servers which are
       not, in fact, root name servers, please make sure that you are using
       the upstream_servers dictionary variable instead of the root_servers
       dictionary variable.  If you still see MaraDNS freeze up after making
       this correction, please send a bug report to the mailing list.

    28. What kind of Python integration does MaraDNS have

       The mararc file uses the same syntax that Python uses; in fact, Python
       can parse a properly formatted mararc file.  There is currently no
       other integration with Python.

    29. Doesn´t "kvar" mean "four" in Esperanto?

       Indeed, it does. However the use of "kvar" in the MaraDNS source code
       only coincidentally is an Esperanto word. "kvar" is short for "Kiwi
       variable"; a lot of the parsing code comes from the code used in the
       Kiwi spam filter project.
    30. How do I make MaraDNS´ time stamps human-readable?

       MaraDNS uses standard UNIX timestamps; which is the number of seconds
       since Midnight, January 1, 1970.  To make MaraDNS´ time stamps human
       readable, use this awk script:

       maradns -f /etc/maradns | awk ’
                 /Timestamp/{
                  gsub(/Timestamp: ([0-9]+)/,
                       strftime("%a, %d %b %Y %H:%M:%S",$2),$0)}
                 {print}’ >> logfile

       The MaraDNS startup script has the option to use this Awk script to
       convert the time stamp; read the script for details.

    31. How scalable is MaraDNS?

       MaraDNS is optimized for serving a small number of domains as quickly
       as possible. That said, MaraDNS is remarkably efficnent for serving a
       large number of domains, as long as the server MaraDNS is on has the
       memory to fit all of the domains, and as long as the startup time for
       loading a large number of domains can be worked around.  The "big-O" or
       "theta" growth rates for various MaraDNS functions are as follows,
       where N is the number of authoritative host names being served:

       Startup time                  N
       Memory usage                  N
       Processing incoming DNS requests   1

       As can be seen, MaraDNS will process 1 or 100000 domains in the same
       amount of time, once the domain names are loaded in to memory.

    I´m getting a warning about dangling CNAME entries

       Let us suppose we have a CNAME record without an A record in the local
       DNS server´s database, such as:

            Cgoogle.example.com.|86400|www.google.com.

       This record, which is a CNAME record for "google.example.com", points
       to "www.google.com". Some DNS servers will recursively look up
       www.google.com, and render the above record like this:

            Cgoogle.example.com.|86400|www.google.com.
            Awww.google.com.|900|66.102.7.104

       For security reasons, MaraDNS doesn´t do this. Instead, MaraDNS will
       simply output:

            Cgoogle.example.com.|86400|www.google.com.

       Some stub resolvers will be unable to resolve google.example.com as a
       consequence.

       If you want to remove these warnings, add the following to your mararc
       file:

            no_cname_warnings = 1

       Information about how to get MaraDNS to resolve dangling CNAME records
       is in the tutorial file dangling.html <!--

    32. How much memory does MaraDNS use?

       -->

BUGS

       The maximum allowed number of threads is 500; this is a hard limit
       because there may be problems with some pthreads implementations
       causing MaraDNS to hang if this number is higher.

       The system startup script included with MaraDNS assumes that the only
       MaraDNS processes running are started by the script; it stops all
       MaraDNS processes running on the server when asked to stop MaraDNS.

       When a resolver asks for an A record, and the A record is a CNAME which
       points to a list of IPs, MaraDNS´ recursive resolver only returns the
       first IP listed along with the CNAME.

       When a resolver asks for an A record, and the A record is a CNAME that
       points to another CNAME (and possibly a longer CNAME chain), while
       MaraDNS returns the correct IP (as long as the glueless level is not
       exceeded), MaraDNS will incorrectly state that the first CNAME in the
       chain directly points to the IP.

       If a NS record points to a list of IPs, and the NS record in quesiton
       is a "glueless" record (MaraDNS had to go back to the root servers to
       find out the IP of the machine in question), MaraDNS´ recursive
       resolver only uses the first listed IP as a name server.

       When MaraDNS´ recursive resolver recives a "host not there" reply,
       instead of using the SOA minimum of the "host not there" reply as the
       TTL (Look at RFC1034 §4.3.4), MaraDNS uses the TTL of the SOA reply.

       MaraDNS keeps referral NS records in the cache for one day instead of
       the TTL specified by the remote server.

       MaraDNS has very limited support for DNS data over TCP. In particular,
       MaraDNS only uses DNS-over-TCP for zone transfers, which is handled by
       the companion program zoneserver (see zoneserver(8) for usage
       information), and only allows authorized IPs to make zone transfer
       requests.

       MaraDNS handles the "any record" (255) request by only returning A and
       MX records (optionally: NS and SOA records), instead of sending all of
       the records assosciated with a given host name. The only places where I
       have seen the "any record" query used is by MTAs, and by the .au and
       .de registrars. In recursive mode, a request for "any record" is
       translated in to separate A and MX requests, which MaraDNS subsequently
       concatenates together.

       MaraDNS never returns a NXDOMAIN (nothing in the answer section, SOA in
       the authority section, result code of "name error" [3]). If a given
       domain node label does not exist for any RR, MaraDNS will still return
       a "no host" (nothing in the answer section, SOA in the authority
       section, 0 result code), implying that the host name exists for at
       least one RR type.

       MaraDNS does not use the zone file ("master file") format specified in
       chapter 5 of RFC1035.

       If a wildcard MX record exists in the form "*.example.com", and there
       is an A record for "www.example.com", but no MX record for
       "www.example.com", the correct behavior (based on RFC1034 §4.3.3) is
       to return "no host" (nothing in the answer section, SOA in the
       authority section, 0 result code) for a MX request to
       "www.example.com".  Instead, MaraDNS returns the MX record attached to
       "*.example.com".

       Star records (what RFC1034 calls "wildcards") can not be attached to NS
       records.

       MaraDNS´ recursive resolver does not perform TTL aging; while MaraDNS
       will expire a record TTL seconds after adding a record to her cache,
       the TTL that MaraDNS´ recursive resolver displays is always the TTL the
       authoritative server gave MaraDNS. This means that records will stay in
       the cache longer than the original domain name owner may desire if one
       is using upstream or downstream dns servers.

       MaraDNS recursive resolver treats any TTL shorter than min_ttl seconds
       (min_ttl_cname seconds when the record is a CNAME record) as if the TTL
       in question was min_ttl (or min_ttl_cname) seconds long when
       determining when to expire a record from MaraDNS´ cache.

       TTLs which are shorter than 20 seconds long are given a TTL of 20
       seconds; TTLs which are more than 63072000 (2 years) long are given a
       TTL of 2 years.

       MaraDNS´ recursive resolver´s method of deleting not recently accessed
       records from the cache when the cache starts to fill up can deleted
       records from the cache before they expire. Some people consider this
       undesirable behavior; I feel it is necessary behavior if one wishes to
       place a limit on the memory resources a DNS server may use.

       MaraDNS´ recursive resolver stops resolving when it finds an answer in
       the AR section. This is a problem in the case where a given host name
       and IP is registered with the root name servers, and the registered IP
       is out of date. When this happens, a server "closer" to the root server
       will give an out-of-date IP, even though the authoritative DNS servers
       for the host in question have the correct IP. Note that resolving this
       will result in increased DNS traffic.

       MaraDNS, like every other known DNS implementation, only supports a
       QDCOUNT of 0 or 1.

       MaraDNS does not send more than one DNS packet to a given DNS server
       when processing a DNS request; this is not a serious problem because
       most client implenetations send multiple DNS packets to a recurisve DNS
       server when processing a DNS request.

       MaraDNS spawns a new thread for every single recursive DNS request when
       the data in question is not in MaraDNS´ cache; this makes MaraDNS an
       excellent stress tester for pthread implementations.  Many pthread
       implementations can not handle this kind of load; symptoms include high
       memory usage and termination of the MaraDNS process.

       MaraDNS does not handle the case of a glueless in-bailiwick NS referral
       very gracefully; this usually causes the zone pointed to by the
       offending NS record to be unreachable by MaraDNS, even if other DNS
       servers for the domain have correct NS referrals.

UNIMPLEMENTED FEATURES

       These are features which are not implemented in the 1.0 release of
       MaraDNS:"

       MaraDNS does not become a daemon. One can use a shell with job control
       functionality to make MaraDNS a daemon process, e.g:

           nohup maradns > /dev/null &

       This will be addressed in the 1.2 release of MaraDNS.  MaraDNS does not
       use syslog or any other logging facility to log messages that MaraDNS
       generates.  Instead, the messages are logged to standard output. One
       can use a shell´s output redirection to log messages to a file, e.g:

           touch /var/log/maradns
           nohup maradns >> /var/log/maradns &

       This will be addressed in the 1.2 release of MaraDNS.  MaraDNS does not
       have support for a "default" zone, which would allow one to add zones
       without needing to change MaraDNS configuration files.

       This will be addressed in the 1.2 release of MaraDNS.

       MaraDNS does not support IPv6.

       This will be addressed in the 1.2 release of MaraDNS.

       MaraDNS has no signal handlers. Sending a HUP signal to MaraDNS
       terminates the MaraDNS process instead of telling MaraDNS to reload the
       configuration files.

       This will be addressed in the 1.2 release of MaraDNS.

       MaraDNS, in accordance with RFC1034 §4.3.3, only allows wildcards at
       the beginning of a host name. E.g. names with wildcards like
       "foo.*.example.com" or "www.*" will not work.

       This will be addressed in the 1.2 release of MaraDNS.

       MaraDNS does not have a "fully qualified host name" record, which would
       automagically create a PTR record from an A record.

       MaraDNS does not have SQL support.

       MaraDNS does not have a disk-based caching scheme for authoritative
       zones.

       MaraDNS´ UDP server only loads zone files while MaraDNS is first
       started.  UDP Zone information can only be updated by stopping MaraDNS,
       and restarting MaraDNS again. Note that TCP zone files are loaded from
       the filesystem at the time the client requests a zone.

       MaraDNS does not have support for allowing given host names to only
       resolve for a limited range of IPs querying the DNS server, or for host
       names to resolve differently, depending on the IP querying the host
       name.

       With the exception of the ability to decompress some RR types not
       present in RFC1035, MaraDNS does not support any DNS features which are
       not present in RFC1034 and RFC1035.

       MaraDNS does not have support for MRTG or any other SNMP-based logging
       mechanism. In fact, MaraDNS does not even use syslog().

LEGAL DISCLAIMER

       THIS SOFTWARE IS PROVIDED BY THE AUTHORS ´´AS IS´´ AND ANY EXPRESS OR
       IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
       DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR
       ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
       DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
       OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
       HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
       STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
       IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
       POSSIBILITY OF SUCH DAMAGE.

AUTHORS

       Sam Trenholme (http://www.samiam.org) is responsible for this man page.

       MaraDNS is written by me, Sam Trenholme, with a little help from my
       friends. Naturally, all errors in MaraDNS are my own (but read the
       disclaimer above).

       Here is a partial list of people who have provided assistance:

       Franky Van Liedekerke has provided much invaluable assistance. As just
       one example, he provided invaluable assistance in getting MaraDNS to
       compile on Solaris. In addition, he has provided much valuable SQA
       help.

       Thomas Seyrat has provided French translations of the MaraDNS
       documentation.

       Christian Kurz, who has provided invaluable bug reports, especially
       when I had to re-implement the core hashing algorithm.

       Remmy, who is providing both the web space and a mailing list for
       maradns.org.

       Phil Homewood, who provided invaluable assistance with finding and
       fixing bugs in the authoritative portion of the MaraDNS server. He
       helped me plug memory leaks, find uninitialized variables being used,
       and found a number of bugs I was unable to find.

       Albert Prats kindly provided Spanish translations for various text
       files.

       Shin Zukeran provided a patch to recursive.c which properly makes a
       normal null-terminated string from a js_string object, to send as an
       argument to open() so we can get the rijndael key for the PRNG.

       D Richard Felker III has provided invaluable bug reports. By looking at
       his bug reports, I have been able to hunt down and fix many problems
       that the recursive nameserver had, in addition to at least one problem
       with the authoritative nameserver.

       Ole Tange has also given me many valuable MaraDNS bug reports.

       Florin Iucha provided a tip in the FAQ for how to compile MaraDNS on
       OpenBSD.

       Roy Arends (one of the BIND developers, as it turns out) found a
       serious security problem with MaraDNS, where MaraDNS would answer
       answers, and pointed it out to me.

       Code used as the basis for the psudo-random-number generator was
       written by Vincent Rijmen, Antoon Bosselaers, and Paulo Barreto. I
       appreciate these programmers making the code public domain, which is
       the only license under which I can add code to MaraDNS under.

       I also appreciate the work of Dr. Brian Gladman and Fritz Schneider,
       who have both written independent implementations of AES from which I
       obtained test vectors. With the help of their hard work, I was able to
       discover a subtle security problem that previous releases of MaraDNS
       had.