MaraDNS is a lightweight alternative opensource DNS server for Linux. MaraDNS has some really interesting characteristics:

• Low memory usage – On an OpenVZ VPS ( CentOS 5.x host node ) MaraDNS uses about 5MB of RAM as opposed to 90-100MB for the venerable BIND.
• Separation of recursive nameserver and authoritative nameserver – If you only need an authoritative nameserver for your domain names you can skip starting up the recursive nameserver service.
• Ease of installation – MaraDNS is easier to install than other alternative nameservers like tinydns.
• Excellent documentation – The documentation on the MaraDNS site is quite good at explaining things in simple language.

So let’s take a look at how we can get started with MaraDNS on CentOS Linux.

Installing MaraDNS

At the time of writing there aren’t any widely available RPM packages for MaraDNS. In fact I can’t find any RPM packages in the default CentOS repositories for any of the alternative DNS servers. So we’ll have to compile MaraDNS from source.

The first step is to SSH in as root and install the gcc package:

yum install gcc

Then download the latest MaraDNS source files and unpack the archive:

wget http://maradns.org/download/2.0/2.0.04/maradns-2.0.04.tar.bz2
tar -xjf maradns-2.0.04.tar.bz2

Change into the MaraDNS directory, compile and install the programs:

cd maradns-2.0.04
make
make install

MaraDNS installs its own service in the /etc/init.d directory so getting the authoritative nameserver started is as simple as

service maradns start

If you’ve got named running then be sure to bring it down first or MaraDNS will fail to start.

To start the recursive daemon do a

service maradns.deadwood start

By default the authoritative nameserver listens on 127.0.0.1 and the recursive one on 127.0.0.2.

Also be sure to make MaraDNS start on boot up:

chkconfig maradns on
chkconfig named off # if you were using named.

The recursive DNS server’s init script needs to be made compatible with chkconfig before you can have it run at startup. Add this to the top of the file /etc/init.d/maradns.deadwood

# chkconfig: - 55 45
# description: MaraDNS is secure Domain Name Server (DNS)
# probe: true

And then set it to run at boot up:

 
chkconfig maradns.deadwood on #only if you need recursive DNS

Configuring MaraDNS as an authoritative Nameserver

MaraDNS’ configuration file is in /etc/mararc and is quite simple to configure:

ipv4_bind_addresses  = "127.0.0.1"
chroot_dir           = "/etc/maradns"
csv2                 = {}
csv2["example.com."] = "example.com.zone"

The first line tells it which IPs to listen on. You can add multiple IPs by separating them with commas.

The chroot dir is where all the zone files will be kept. You “then initialize the csv2 hash” with the csv2 = {} command. Finally you list the various zone files one by one. In the above case the zone file for the domain name example.com. is /etc/maradns/example.com.zone.

The zone files themselves are pretty self-explanatory:

example.com.      +14400    soa    ns1.example.com. dns@example.com. 2012010117 14400 3600 604800 14400 ~ 
example.com.      +14400    ns     ns1.example.com. ~ 
example.com.      +14400    ns     ns2.example.com. ~ 
ns1.example.com.  +14400    a      127.0.0.1 ~ 
ns2.example.com.  +14400    a      127.0.0.1 ~ 
example.com.      +14400    a      127.0.0.1 ~ 
www.example.com.  +14400    a      127.0.0.1 ~ 
example.com.      +14400    mx     10 mail.example.com. ~
mail.example.com. +14400    a      127.0.0.1 ~

You begin with the Start Of Authority (SOA) line as you would in any BIND zone file. Then you specify the authoritative nameservers and the other records. A record consists of the domain name, TTL, record type and the value of the record. Two things to note are that all domain names end with a period i.e. they must be fully qualified domain names and all records end with a tilde character (~). Check out the full documentation on the format of zone files if you need to know more.

Converting from BIND to MaraDNS

MaraDNS comes with a tool called fetchzone that allows you to import zone files from an existing nameserver. It only works if you’ve allowed transfers in your BIND named.conf:

options {
 allow-transfer     {  
                            127.0.0.1;  
                    };
};

Reload or restart named and do a:

fetchzone example.com 127.0.0.3 > example.com

Replace 127.0.0.3 with your BIND IP address.

One problem with fetchzone is that it doesn’t deal with NS records properly. The way MaraDNS csv2 files work its important for a domain name’s authoritative nameserver records to be on the line right after the line with the SOA record. So you’ll need to edit the files created by fetchzone to make it show the NS records right after the SOA record.

Finally

All in all MaraDNS is an excellent alternative to BIND especially for use in low memory Virtual Private Servers. It’s also easier to install and use than competing options like tinydns.