This little howto explains how you install & configure djbdns' dnscache on your FreeBSD system. Please note that this howto was
written for FreeBSD 5.2.1, but I cant think of anything that wouldnt be the exact same thing for 4.x
For general information on djbdns, visit the official site, but please note that the info contained therein is not 100% applicable to FreeBSD. The changes are very minimal, thou. If you read this page, just about anyone should be able to
figure out the differences.
How this works
When you surf the net, chat, or whatever your do, you most propably come across domain names, like www.google.com. In order to communicate with google.com, the
domain name has to be resolved into an ip address. This is what the dns protocol is for. Normally, about every time you need to know which domain name has which ip, you ask a domain name server (dns server) out
there on the internet. This consumes little bandwidth, but can delay your connections sometimes. dnscache saves this information on your local lan, and interacts with the dns servers out there, speeding up the
lookups. (The speedup actually is "not to have to lookup, because we already know". If dnscache needs to lookup the name, its not faster nor slower than any other computer doing that).
Installation
This one's a no-brainer: FreeBSD does everything for you. su cd /usr/ports/dns/djbdns/ make install AFAIK, there is no package avaiable at the time of writing. Please note that this also installs daemontools. We'll use it in the next step.
Cache Configuration
This section described everything you need to do to run local dns cache. The next section tells you how to use it.
check that your current system
for example by using dnsq a www.google.com 192.203.230.10
dnsq a www.google.com 192.48.79.30
If there are lots of names and numbers scrolling by, it works :) If not: check your internet & dns configuration, see the FreeBSD Handbook for more details. Note: If your shell says "command not found", nothing is wrong with your inet configuration. If your shell is tcsh, type rehash and try again.
Now, write down your ip. If the host you are setting up dnscache is on your local lan, write down the local ip address (normaly something like 10.x.x.x or 192.168.x.x). If your host only has an internet connection with a dynamically assigned ip, use 127.0.0.1 for all future references to your ip.
create new users
dnscache runs as a seperate users, for security purposes. Please note that it is intended to run as a user with as few priviliges as possible.
Please use useradd to add the users Gdnscache and Gdnslog. Chose empty passwords
and add them to group nogroup. Empty passwords mean that they cant login.
create dnscache directories
dnscache-conf Gdnscache Gdnslog /usr/local/etc/dnscache 10.0.0.1 replacing 10.0.0.1 with your ip. This directory contains configuration files that your can edit later and logs.
mkdir /var/service
ln -s /usr/local/etc/dnscache /var/service/dnscache svstat /var/service/dnscache
This tells svstat, which is part of daemontools, to monitor dnscache. It also starts dnscache at boottime. touch /usr/local/etc/dnscache/root/ip/10 This creates an empty file named "10". Replace
"10" with the first segment of your ip number. If your ip is 192.168.32.1, use "192", if your ip is 127.0.0.1, use "127". This number sets who can access your dnscache. If you set it to
"10", all client with ip 10.*.*.* can access the cache.
Set your own dns servers
If your isp has some dns servers on your own (he most definitely has), you can add them to /usr/local/etc/dnscache/root/servers/@ ,
on top of the file. This file contains which dns server get queried from dnscache.
Client Configuration
This section described how the clients using your dnscache should be configured. This normally should also be done on the computer running dnscache.
Insert the line nameserver 10.0.0.1 (replacing 10.0.0.1 with your ip, e.g. the ip of the host running dsncahe) in your /etc/resolv.conf, and delete or comment out all other nameserver entries. Test your configuration: dnsip www.fsf.org If it returns a number, everything seems right! That should be it.
Notes:
dialup and dns settings
If you're using ppp or something similar to dial to your isp, make sure ppp does not override your nameserver. Check /etc/ppp/ppp.conf and the corresponding man page for details.
nslookup doesnt work
yeah, nslookup is a biatch. use dnsip instead. Or dnsq a.
damaker@fillibach.de
|