Re: caching-only name server
On 3 Aug 2001, Santiago Canez wrote:
> Hi,
>
> I want to install a caching-only nameserver on my system.
>
> apt-get install bind
>
In my humble opinion, Daniel J. Bernstein's djbdns is a much better bet
than BIND, especially in your case.
djbdns is a suite of DNS tools that includes dnscache, a
ready-to-run caching-only nameserver which runs in a chrooted jail by
design.
Include the following in your /etc/apt/sources.list if you're using
potato:
# Gerrit Pape's Debian packages for daemontools, djbdns etc.
deb ftp://ftp.innominate.org/pub/pape/Debian potato unofficial innominate
deb-src ftp://ftp.innominate.org/pub/pape/Debian potato unofficial
innominate
Get djbdns and daemontools, which are used to run the djbdns tools instead
of the usual /etc/rc stuff.
There is also stuff for woody, if you need it. There are links to
everything on http://www.djbdns.org.
After you've installed the Debian packages, configuration is a
cinch. Read the documentation at the above URL, but configuration
shouldn't be more than the following:
- Add a user under whose UID dnscache will run:
prompt# useradd -c Dnscache User -s /bin/false -d /var/dnscache dnscache
- Add a user under whose UID the logging for dnscache will run:
prompt# useradd -c Dnscache Logger -s /bin/false -d /var/dnscache dnslog
- Initiate the dnscache:
prompt# dnscache-conf dnscache dnslog /var/dnscache <ip-addr>
where <ip-addr> is the IP address you want dnscache to listen to requests
on.
- Start the dnscache using daemontools by making a link in the directory
monitored by the daemontools service-scan utility (/var/service):
prompt# ln -s /var/dnscache /var/service
Daemontools will start dnscache after five seconds and will make sure it
runs always, including (of course) after reboot.
- Configure the dnscache to accept requests from your networks by making
files named after the network addresses in /var/dnscache/root/ip:
For example, to allow access from all addresses on networks 192.168/16 and
10/8,
prompt# touch /var/dnscache/root/ip/192.168
prompt# touch /var/dnscache/root/ip/10
And there you have it, a caching dns server after only five
command lines or so, which uses but a tiny fraction of the resources BIND
uses and has none of the security problems...
To test your new cache, put the ip address in /etc/resolv.conf and check
forward resolution:
prompt# dnsip <fully-qualified-domain-name-you-want-an-ip-for>
Also check reverse resolultion:
prompt# dnsname <ip-address-you-want-a-name-for>
Happy resolving,
George Karaolides 8, Costakis Pantelides St.,
tel: +35 79 68 08 86 Strovolos,
email: george@karaolides.com Nicosia CY 2057,
web: www.karaolides.com Republic of Cyprus
Reply to: