Re: caching-only name server

To: debian-user@lists.debian.org
Subject: Re: caching-only name server
From: George Karaolides <george@karaolides.com>
Date: Mon, 6 Aug 2001 11:26:13 +0300 (EEST)
Message-id: <[🔎] Pine.LNX.4.21.0108061038240.460-100000@deimos.internal.linustech.com.cy>
In-reply-to: <[🔎] 996876809.1419.6.camel@platypus>

On 3 Aug 2001, Santiago Canez wrote:

> Hi,
> 
> I want to install a caching-only nameserver on my system. 
> 
> apt-get install bind
> 

In my humble opinion, Daniel J. Bernstein's djbdns is a much better bet
than BIND, especially in your case.

djbdns is a suite of DNS tools that includes dnscache, a
ready-to-run caching-only nameserver which runs in a chrooted jail by
design.

Include the following in your /etc/apt/sources.list if you're using
potato:

# Gerrit Pape's Debian packages for daemontools, djbdns etc.
deb ftp://ftp.innominate.org/pub/pape/Debian potato unofficial innominate
deb-src ftp://ftp.innominate.org/pub/pape/Debian potato unofficial
innominate

Get djbdns and daemontools, which are used to run the djbdns tools instead
of the usual /etc/rc stuff.

There is also stuff for woody, if you need it.  There are links to
everything on http://www.djbdns.org.

After you've installed the Debian packages, configuration is a
cinch.  Read the documentation at the above URL, but configuration  
shouldn't be more than the following:

- Add a user under whose UID dnscache will run:

prompt# useradd -c Dnscache User -s /bin/false -d /var/dnscache dnscache

- Add a user under whose UID the logging for dnscache will run:

prompt# useradd -c Dnscache Logger -s /bin/false -d /var/dnscache dnslog

- Initiate the dnscache:

prompt# dnscache-conf dnscache dnslog /var/dnscache <ip-addr>

where <ip-addr> is the IP address you want dnscache to listen to requests
on.

- Start the dnscache using daemontools by making a link in the directory
monitored by the daemontools service-scan utility (/var/service):

prompt# ln -s /var/dnscache /var/service

Daemontools will start dnscache after five seconds and will make sure it
runs always, including (of course) after reboot.

- Configure the dnscache to accept requests from your networks by making
files named after the network addresses in /var/dnscache/root/ip:

For example, to allow access from all addresses on networks 192.168/16 and
10/8,

prompt# touch /var/dnscache/root/ip/192.168
prompt# touch /var/dnscache/root/ip/10

And there you have it, a caching dns server after only five
command lines or so, which uses but a tiny fraction of the resources BIND
uses and has none of the security problems...

To test your new cache, put the ip address in /etc/resolv.conf and check
forward resolution:

prompt# dnsip <fully-qualified-domain-name-you-want-an-ip-for>

Also check reverse resolultion:

prompt# dnsname <ip-address-you-want-a-name-for>

Happy resolving,

George Karaolides       8, Costakis Pantelides St.,
tel:   +35 79 68 08 86                   Strovolos, 
email: george@karaolides.com       Nicosia CY 2057,
web:   www.karaolides.com      Republic  of Cyprus

Reply to:

References:
- caching-only name server
  - From: Santiago Canez <scanez@u.arizona.edu>

Prev by Date: problems with installing X
Next by Date: Re: How to remove non-deb package software?
Previous by thread: Re: caching-only name server
Next by thread: nautilus soooooooo slow to load
Index(es):
- Date
- Thread