This guide covers MaraDNS configuration for both authoritative and recursive DNS server setups. MaraDNS uses a unique configuration format that differs from traditional DNS servers.
| Installation Method | Configuration Path | Zone File Path |
|---|---|---|
| Source build | /etc/mararc |
/etc/mararc/ |
| Debian/Ubuntu package | /etc/maradns/mararc |
/etc/maradns/ |
| Fedora package | /etc/mararc |
/etc/mararc/ |
| Docker | /etc/maradns/mararc |
/etc/maradns/ |
MaraDNS uses a JavaScript-like syntax for its configuration file. Key points:
;)Here’s a minimal working configuration for an authoritative DNS server:
# Bind to all IPv4 addresses
ipv4_bind_addresses = "0.0.0.0"
# Optional: Bind to IPv6 address
# ipv6_bind_addresses = "::"
# Chroot directory for security
chroot_dir = "/etc/maradns"
# Directory containing zone files
csv2 = {}
csv2["example.com."] = "db.example.com"
| Option | Description | Example |
|---|---|---|
ipv4_bind_addresses |
IPv4 addresses to bind | "127.0.0.1, 192.168.1.10" |
ipv6_bind_addresses |
IPv6 addresses to bind | "::1" |
tcp_bind_addresses |
TCP listen addresses | "0.0.0.0" |
udp_bind_addresses |
UDP listen addresses | "0.0.0.0" |
| Option | Description | Example |
|---|---|---|
chroot_dir |
Chroot jail directory | "/etc/maradns" |
csv2_chroot_dir |
Chroot for CSV2 zone files | "/etc/maradns" |
maxprocs |
Maximum child processes | 30 |
| Option | Description | Example |
|---|---|---|
recursive_acl |
ACL for recursive queries | "127.0.0.1/32, 192.168.0.0/16" |
forward_only |
Forward all queries upstream | 1 (true) |
root_servers |
Root server hints | See example below |
⚠️ Note: MaraDNS does not support DNSSEC validation. Recursive queries work but without cryptographic verification.
ipv4_bind_addresses = "0.0.0.0"
chroot_dir = "/etc/maradns"
csv2 = {}
csv2["example.com."] = "db.example.com"
ipv4_bind_addresses = "0.0.0.0"
chroot_dir = "/etc/maradns"
csv2 = {}
csv2["example.com."] = "db.example.com"
csv2["example.org."] = "db.example.org"
csv2["mydomain.net."] = "db.mydomain.net"
For a caching recursive resolver (like for local network DNS):
ipv4_bind_addresses = "127.0.0.1"
chroot_dir = "/etc/maradns"
# Allow recursion from localhost and private networks only
recursive_acl = "127.0.0.1/32, 192.168.0.0/16, 10.0.0.0/8"
# Enable recursive mode
maradns_uid = 0
maradns_gid = 0
# Forward queries to upstream DNS servers
upstream_servers = {}
upstream_servers["."] = "8.8.8.8, 8.8.4.4"
🔒 Security Warning: Always restrict
recursive_aclto trusted networks. Open resolvers can be abused for DNS amplification attacks.
MaraDNS uses CSV2 format for zone files. Each line contains: comma-separated values.
Create /etc/maradns/db.example.com:
example.com.,NS,ns1.example.com.
example.com.,NS,ns2.example.com.
example.com.,MX,mail.example.com.
www.example.com.,A,192.168.1.100
mail.example.com.,A,192.168.1.101
ns1.example.com.,A,192.168.1.1
ns2.example.com.,A,192.168.1.2
ftp.example.com.,CNAME,www.example.com.
example.com.,TXT,"v=spf1 mx -all"
name,type,value.)# NS records
example.com.,NS,ns1.example.com.
example.com.,NS,ns2.example.com.
# MX records (lower number = higher priority)
example.com.,MX,10 mail.example.com.
example.com.,MX,20 mail-backup.example.com.
# A records
ns1.example.com.,A,192.168.1.1
ns2.example.com.,A,192.168.1.2
mail.example.com.,A,192.168.1.101
www.example.com.,A,192.168.1.100
mail-backup.example.com.,A,192.168.1.102
# CNAME records
ftp.example.com.,CNAME,www.example.com.
webmail.example.com.,CNAME,mail.example.com.
# TXT records
example.com.,TXT,"v=spf1 mx -all"
_dmarc.example.com.,TXT,"v=DMARC1; p=none"
# AAAA records (IPv6)
www.example.com.,AAAA,2001:db8::1
Before restarting the service, validate your configuration:
# Check configuration syntax (if available)
maradns_check -f /etc/mararc
# Test with verbose output
maradns -f /etc/mararc -v
# Query your server
dig @127.0.0.1 example.com
dig @127.0.0.1 www.example.com
# Test recursive resolution (if enabled)
dig @127.0.0.1 google.com
After modifying configuration or zone files:
# For package installations
sudo systemctl restart maradns
# For source installations
sudo maradns -f /etc/mararc -q
# Check service status
sudo systemctl status maradns
# View logs
sudo journalctl -u maradns -f
# Listen on local network
ipv4_bind_addresses = "192.168.1.10"
chroot_dir = "/etc/maradns"
# Local domain
csv2 = {}
csv2["home.lan."] = "db.home.lan"
# Allow recursion for local network only
recursive_acl = "192.168.1.0/24"
upstream_servers = {}
upstream_servers["."] = "1.1.1.1, 8.8.8.8"
Run multiple MaraDNS instances on different IP addresses with different zone files for internal vs external views.
ipv4_bind_addresses = "127.0.0.1"
recursive_acl = "127.0.0.1/32"
forward_only = 1
upstream_servers = {}
upstream_servers["."] = "192.168.1.1"
Server not responding:
systemctl status maradnsiptables -L -n or ufw statusNXDOMAIN errors:
csv2 entry matches zone filenameRecursive queries failing:
recursive_acl includes your IPupstream_servers configurationNeed configuration help? Our team provides consulting for:
Contact us or email office@linux-server-admin.com.