Defcon-1-Logo

           [Home]    [FBSD Articles]    [Scripts Corner]    [Contribute]    [Search]    [FBSD Links]    [Files]

About Us

FreeBSD Articles
  *Hardware
  *Networking
  *Security
  *Software
  *X Windows


Files / Scripts
Newbies Corner
Tech. Talk
Tips and Tricks


FreeBSD Links

Articles in other
Languages :
  *French Articles
  *Spanish Articles

Want to Help ?
 
   Click Here

Email Users 5

Search:
 

 


FreeBSD Search:


 

 

Powered-By-Apache-Logo

Install & Configure djbdns' dnscache on your FreeBSD System

This little howto explains how you install & configure djbdns' dnscache on your FreeBSD system.
Please note that this howto was written for FreeBSD 5.2.1, but I cant think of anything that wouldnt be the exact same thing for 4.x

For general information on djbdns, visit the official site, but please note that the info contained therein is not 100% applicable to FreeBSD. The changes are very minimal, thou. If you read this page, just about anyone should be able to figure out the differences.

How this works

When you surf the net, chat, or whatever your do, you most propably come across domain names, like www.google.com. In order to communicate with google.com, the domain name has to be resolved into an ip address. This is what the dns protocol is for. Normally, about every time you need to know which domain name has which ip, you ask a domain name server (dns server) out there on the internet. This consumes little bandwidth, but can delay your connections sometimes. dnscache saves this information on your local lan, and interacts with the dns servers out there, speeding up the lookups. (The speedup actually is "not to have to lookup, because we already know". If dnscache needs to lookup the name, its not faster nor slower than any other computer doing that).

Installation

This one's a no-brainer: FreeBSD does everything for you.
su
cd /usr/ports/dns/djbdns/
make install

AFAIK, there is no package avaiable at the time of writing. Please note that this also installs daemontools. We'll use it in the next step.

Cache Configuration

This section described everything you need to do to run local dns cache. The next section tells you how to use it.

check that your current system

for example by using
dnsq a www.google.com 192.203.230.10
dnsq a www.google.com 192.48.79.30

If there are lots of names and numbers scrolling by, it works :)
If not: check your internet & dns configuration, see the FreeBSD Handbook for more details.
Note: If your shell says "command not found", nothing is wrong with your inet configuration. If your shell is tcsh, type
rehash and try again.

Now, write down your ip. If the host you are setting up dnscache is on your local lan, write down the local ip address (normaly something like 10.x.x.x or 192.168.x.x). If your host only has an internet connection with a dynamically assigned ip, use 127.0.0.1 for all future references to your ip.

create new users

dnscache runs as a seperate users, for security purposes. Please note that it is intended to run as a user with as few priviliges as possible.
Please use
useradd to add the users Gdnscache and Gdnslog. Chose empty passwords and add them to group nogroup. Empty passwords mean that they cant login.

create dnscache directories

dnscache-conf Gdnscache Gdnslog /usr/local/etc/dnscache 10.0.0.1
replacing 10.0.0.1 with your ip. This directory contains configuration files that your can edit later and logs.
mkdir /var/service
ln -s /usr/local/etc/dnscache /var/service/dnscache
svstat /var/service/dnscache

This tells svstat, which is part of daemontools, to monitor dnscache. It also starts dnscache at boottime.
touch /usr/local/etc/dnscache/root/ip/10
This creates an empty file named "10". Replace "10" with the first segment of your ip number. If your ip is 192.168.32.1, use "192", if your ip is 127.0.0.1, use "127". This number sets who can access your dnscache. If you set it to "10", all client with ip 10.*.*.* can access the cache.

Set your own dns servers

If your isp has some dns servers on your own (he most definitely has), you can add them to /usr/local/etc/dnscache/root/servers/@ , on top of the file. This file contains which dns server get queried from dnscache.

Client Configuration

This section described how the clients using your dnscache should be configured. This normally should also be done on the computer running dnscache.
Insert the line
nameserver 10.0.0.1 (replacing 10.0.0.1 with your ip, e.g. the ip of the host running dsncahe) in your /etc/resolv.conf, and delete or comment out all other nameserver entries.
Test your configuration:
dnsip www.fsf.org
If it returns a number, everything seems right! That should be it.

Notes:

dialup and dns settings

If you're using ppp or something similar to dial to your isp, make sure ppp does not override your nameserver. Check /etc/ppp/ppp.conf and the corresponding man page for details.

nslookup doesnt work

yeah, nslookup is a biatch. use dnsip instead. Or dnsq a.

damaker@fillibach.de

Email Us

ghostrdr@defcon1.org

This site cannot be duplicated without permission

© 1998 - 2010 Defcon1, www.defcon1.org. Copyrights for all materials on this web site are held by the individual authors, artists, photographers or creators. Materials may not be reproduced or otherwise distributed without permission of www.defcon1.org and the content's original author.