MaraDNS与DeadWood一起配置为本地机器提供小型化DNS服务

因为工作测试需要，要在本机装一个环境，可以解析自己命名的域名，即域名->IP的映射服务。在网上找了下，都说是MaraDNS不错。也试了下，在本地配置是没有问题的。从官网上下载的是2-0-11.win32. 手机等测试设备指向内网的这个MaraDNS所在的机器IP做为手机上网的主DNS即可解析到自己命名的域名了。但，这时，你还想手机可以解析internet域名怎么办？官网上说MaraDNS不支持递归域名解析，要递归解析必须使用deakwood. 但是我测试了下DeadWood是可以递归域名解析，却不能配置成解析内网，所以要将MaraDNS与Deadwook一起配合用才可以。在网上找了很久，终于按如下的blog配置并测试成功：

原文：http://permalink.gmane.org/gmane.network.dns.maradns.general/2055

On 24 Aug 2011 at 10:42, Sam Trenholme wrote:
Hi,
thanks to Sebastiano and Sam.
I finally was able to set up the configuration for MaraDNS 2-0-3 and Deeawood 3.0.
I report the detials here for the benefit of MaraDNS users.
My problem was to be able to support on my intranet (which has its own DNS
servers that support both management of the intranet domain/subdomains and 
resolution for Internet domains) resolution for names belonging to the "example.org"
domain to IP addresses of machines on our intranet (these machines are not altered in
any way; so they still are part of the intranet domain. Our environment is Windows
based!).

I installed MaraDNS and Deadwood on my laptop (a Windows 7 Enterprise 64-bits)
following the instructions provided within the MaraDNS zip file.
I've not installed MaraDNS as a Windows service beacause I don't need a permanent
support for the "example.org" domain-2-IP resolution! Deadwood is, instead,
installed as a Windows service even if I changes its properties so that it doesn't start
automatically.

Having performed all the above instalaltion I've configured MaraDNS to bind on the
127.0.0.1 IP address, so that it cannot be directly accessed from other machines,
while Deadwood is bound to my laptop IP address (192.168.152.67 as indicated in
the config file below).

The MaraDNS config is the following:
    #
    # Bind MaraDNS to my laptop IP Address
    #
    # N.B.: this IP address has to be changed according to the IP address of the
    machine on which MaraDNS is running
    #
    ipv4_bind_addresses = "127.0.0.1"
    timestamp_type = 2
    random_seed_file = "secret.txt"

##
    # verbose_level: The number of messages we log to stdout. It can have five
    values:
    #   0     No messages except for the legal disclaimer and fatal parsing errors
    #   1     Only startup messages logged (Default level)
    #   2     Error queries logged
    #   3     All queries logged
    #   4     All actions adding and removing records from the cache logged
    #
    verbose_level = 1
    #
    #
    ## hide_disclaimer = "YES"
    #
    #
    # This section states where the data for the authoritative zone are held
    #
    csv2 = {}
    csv2["example.org."] = "db.example.org.txt"

as you can see I simply specify that MaraDNS has to manage the example.org
domain and be bound to the specified IP address.

The Deadwood config file instead is this one:
    #
    # This section instructs "Deadwood" to redirect DNS queries for non-
    authoritative zones to other DNS servers
    #
    # N.B.: the IP addresses in this section must be set according to the DNS
    configuration of your local Net
    #
    root_servers = {}
    root_servers["example.org."] = "127.0.0.1"
    root_servers["."] = "192.168.152.5,"
    root_servers["."] += "192.168.152.8,"
    root_servers["."] += "192.168.210.33"

#
    # Bind "Deadwood" to my laptop IP Address
    #
    # N.B.: this IP address has to be changed according to the IP address of the
    machine on which "Deadwood" is installed
    #
    bind_address="192.168.152.67"

#
    # Enable the provision of private IP addresses in DNS replies
    #
    filter_rfc1918=0
    #
    # The IPs allowed to connect and use the cache
    # N.B.: this value must be updated as requested
    recursive_acl = "192.168.152.0/24"

# The file containing a hard-to-guess secret
    random_seed_file = "secret.txt"

# This is the file Deadwood uses to read the cache to and from disk
    cache_file = "dw_cache_bin"

as you can see I've instructed Deadwood to redirect any example.org query to the
MaraDNS active on the 127.0.0.1 IP address and all other DNS queries to our
internal DNS servers (see root_servers["."] lines above).
Additionally I've instructed Deaddwood to bind to my laptop IP address and accept
DNS queries from all machines in our intranet.
All this is not sufficient if you don't specify the filter_rfc1918=0 line, instrcting
Deadwood to return IP private address in DNS replies. Indeed if you leave the
filter_rfc1918 default value (1), Deadwood will correctly pass example.org queries
to MaraDNS but will not return any IP address (if, as normal, you are using private
IP addresses for the example.org domain).

That' all. Thanks again to the people who provided hints to me.
Regards
   Domenico

> > My Deadwood configuration file is:
> >
> [snip]
> > bind_address="127.0.0.1, 192.168.88.3"
> > root_servers={}
> > root_servers["home.lan."]="192.168.88.4"
> > root_servers["."]="198.41.0.4,"
> [snip rest of ICANN root servers]
> > upstream_servers={}
> [Note: no other use of upstream_servers]
>
> Thanks for the report.  The issue here may be that combinations of
> root_servers and upstream_servers have some issues.  What may also
> work for Domenico is to use Deadwood 2.3 (which has really good
> upstream_servers support, but no root_servers support) instead of
> Deadwood 3.0.
>
> There appear to be two different bugs with Deadwood 3's upstream_servers:
>
> * upstream_servers has issues if one of the upstream servers gives us
> a SERVER FAIL
>
> * There may be problems in Deadwood configurations where both
> upstream_servers and root_servers are used.
>
> I will look in to these issues on September 5 (sooner if I can get
> sponsorship to fix these bugs).
>
> - Sam

同时在博客园中有一篇中文的博客不错，但他写的只适合MaraDNS解析内网，在这里也备注一下，以后忘记的时候可以参考下

http://www.cnblogs.com/scorpio0920/p/4480100.html