DISCLAIMER: USE AT YOUR OWN RISK. EVERY COMPUTER SYSTEM IS DIFFERENT, AND WHAT WORKED FOR ME MAY NOT WORK FOR YOU. RELEVANT PREREQUISITE KNOWLEDGE IS ASSUMED (BASIC UNIX SKILLS). SOFTWARE CAN CHANGE SIGNIFICANTLY BETWEEN VERSIONS. ALWAYS PROCEED WITH CAUTION, AND READ ALL AVAILABLE DOCUMENTATION.
Back to all guidesD. J. Bernstein is the author of djbdns, a set of domain name system tools. djbdns is a complete replacement to BIND, the "classic" DNS software. Unfortunately, BIND is notoriously resource-hungry, awfully insecure (plenty of root exploits over the years) and generally inefficient.
djbdns can provide the same functionality as BIND, but it has been carefully written with security and efficiency in mind. djbdns can do a lot of things, and typically internet service providers will use it to run their own nameservers for hosting multiple domains.
This guide focuses on a smaller-scale use: setting up a caching name server for a LAN. This requires only the dnscache part of djbdns. A DNS cache runs locally and provides the same service as your ISP's name servers: it resolves host names to IP addresses, and caches (temporarily stores) frequently used host names to speed up queries. There is very little configuration required for this purpose.
With a local DNS cache, all the hosts on your network can use "192.168.0.1" as their DNS server as opposed to "dns1.example.com". Why use a local DNS server as opposed to your ISP's? If your ISP's name servers are slow or unreliable, there can be a significant performance gain from running your own DNS server. Also, if every host on your LAN typically needs to resolve the same external hosts, your local server will cache (and speed up responses) much more efficiently than your ISP's server. Finally, djbdns will always pull all zone data from the authoritative nameservers; if you're concerned about DNS poisoning or question the accuracy of your ISP's DNS replies, the best you can do is run your own caching server.
I wrote this quick guide because I found the install process sufficiently weird to confuse me the first time (most Linux software I've installed is not like this). I'm using Slackware and I don't know how much the install process differs on other UNIX systems. This short guide describes everything you need to get a working caching-only DNS server running; to install djbdns in its entirety, use the original djbdns install instructions intead.
1. Install daemontoolsDownload the current version of daemontools from the daemontools install page and install it, like this:
mkdir -p /package chmod 1755 /package cd /package wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz tar zxvf daemontools-0.76.tar.gz cd admin/daemontools-0.76 package/install
The install script adds svscanboot to /etc/inittab so that svscan starts upon boot. Use "ps aux" to see if svscan is running now; if it isn't, use "/usr/local/bin/svscan /service &" to start it in the background.
2. Create the dnscache and dnslog users (arbitrary names and UIDs)Add two new accounts to /etc/passwd
dnscache:*:54321:54321:dnscache:/dev/null:/dev/null dnslog:*:54322:54322:dnslog:/dev/null:/dev/null3. Download and build djbdns
Download the current version of djbdns from the djbdns install page and build it, like this:
cd ~ wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz tar zxvf djbdns-1.05.tar.gz cd djbdns-1.05 make4. Install dnscache
Note that in the last step, everything in djbdns was built. However, we will only install the dnscache component:
mkdir /package/djbdns cp dnscache /package/djbdns ln -s /package/djbdns/dnscache /command/dnscache ln -s /command/dnscache /usr/local/bin/dnscache cp dnsroots.global /etc ./dnscache-conf dnscache dnslog /etc/dnscache 0.0.0.0 ln -s /etc/dnscache /service
After you issue that last command, the background daemon will notice the new service and automatically start it. dnscache should now be running (netstat -l should show a server listening on port 53, "domain").
5. Add your network to the permitted hosts listEach file in the directory "/etc/dnscache/root/ip" defines a host (or network) that is allowed to use the DNS caching server. Use "touch" to create allowed host names, like this:
cd /etc/dnscache/root/ip touch 192.168 touch 1.2.3.4 ...
192.168, in the example above, matches 192.168.*.*. Remember to create an entry that describes the current host as well. Then test your setup by attempting to do a host lookup through your new DNS server:
host www.google.com localhost6. Optional things to do
Directory /package Directory /command Symbolic links in /command Symbolic links in /usr/local/bin Directory /service Symbolic links in /service Entry 'svscanboot' in /etc/inittab User accounts dnscache, dnslog File /etc/dnsroots.global Directory /etc/dnscache