Friday, September 7, 2007

Caching DNS server install howto

BIND DNS are nameservers responsible basically for resolving domain names or hostnames into their equivalent IP addresses. Websites or domain names have their own equivalent IP addresses that are usually managed and provided by the same website firms. If somebody is browsing a website from his browser, this website is being resolved, looked up and converted to its equivalent IP address by the DNS nameservers from your box or from your provider.

To achieve a faster resolving of domains, local dns cache or a caching nameserver can be created and installed right from your linux boxes. Once a domain has been cached, the next request for the same domain would be lookup and resolved locally and not from the provider anymore. Thus, this approach makes browsing more faster. resolves hostnames and websites relatively at a faster rate.

If you are using dialup connection from your linux box, or your desktop is a gateway from a number of hosts inside your area, or you just want to achieve a faster DNS resolving, you might as well consider creating a caching nameserver or caching DNS server locally from your box.

Here is an entry on how to create a Caching DNS server in Fedora.


The caching-nameserver package includes the configuration files which will make the ISC BIND named DNS name server act as a simple caching nameserver. A caching nameserver is a DNS Resolver, as defined in RFC 1035, section 7. ISC BIND named(8) provides a very efficient, flexible and robust resolver as well as a server of authoritative DNS data - many users use this package along with BIND to implement their primary system DNS resolver service. If you would like to set up a caching name server, you'll need to install bind, bind-libs, and bind-utils along with this package.



CACHING NAMESERVER INSTALLATION:
================================

The installation is quite easy. The DNS caching nameserver is available both from distro DVD or CD and from yum repo. To install caching nameserver from the internet using yum, you can simply issue the next command like so:

# yum -y install caching-nameserver

This command installs the caching only nameserver.


CACHING NAMESERVER SERVICE
==========================

To start your caching nameserver, simply issue

# service named start


# service named status



Caching nameserver uses default config file stored in /etc/named.caching-nameserver.conf by default. For chrooted caching nameserver, the config file is usually located in /var/named/chroot/etc/named.caching-nameserver.conf. Further configuration of this file is required to allow other host on using the caching DNS server.

Below is the default caching nameserver config file under F7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
options {
listen-on port 53 { 127.0.0.1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 83.229.64.3; 192.168.200.1; 192.168.200.0/24; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


You can alter this file if needed so.

Let us say, we want to grant DNS caching request to a host from your network with an IP 192.168.1.254, simply append it
from this line

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
allow-query { localhost; };
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

like so
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
allow-query { localhost; 192.168.1.254; };
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You can specify multiple hosts or group of IP address like so

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
allow-query { localhost; 192.168.1.254; 192.168.1/26; 192.168.2/27; 192.168.3/24; };
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

that allows everybody from your network that starts with an IP address 192.168.1.X .


To bind caching nameserver on multiple ethernet interface or IP address
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
listen-on port 53 { 127.0.0.1; 192.168.1.1; 192.168.2.1; 192.168.3.1; 192.168.4.1; };
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Just make sure these IP adresses do exist from your caching nameserver host.


Group access list can also be created from caching nameserver. This makes use of caching nameserver word ACL as shown below

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
acl my-networks { localhost; 192.168.1.254; 192.168.1/26; 192.168.2/27; 192.168.3/24; };
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

and referring to them from the line

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
allow-query { my-networks; };
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you wish to disable IPv6 caching nameserver, simply comment the line like so

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// listen-on-v6 port 53 { ::1; };
// query-source-v6 port 53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Additionally, from your caching nameserver, you may want to edit your /etc/resolv.conf and add your new caching nameserver IP address from there like so

# cat /etc/resolv.conf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nameserver 192.168.1.1
nameserver your-ISP-provider-DNS-IP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Optionally, you are allowed to use more than two nameserver IP address. You can also add the LIVE or public IP address of your caching nameserver as well.


DEFAULT VALUES
~~~~~~~~~~~~~~

The default caching nameserver has several default arguments, as shown below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
query-source address * port 53;
directory "/var/named";
statistics-file "named.stats";

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Legend:
* binds caching server on all current interface
port 53 binds caching server on port 53
directory define the default working folder
statistics-file define where all DNS statistics would be written to


CACHING NAMESERVER LOG FILE
~~~~~~~~~~~~~~~~~~~~~~~~~~~

To monitor DNS caching server, simply use tail

# tailf /var/log/messages


NAMESERVER SERVICE RESTART
~~~~~~~~~~~~~~~~~~~~~~~~~~

# service named restart

Remember to put them permanently, so caching nameserver starts up between reboot like so

# chkconfig --levels 35 named on


CACHING NAMESERVER TEST
~~~~~~~~~~~~~~~~~~~~~~~

To check if your caching nameserver is currently running

# service named status
# netstat -panut | grep named
# ss -l |
grep domain


From the caching nameserver, simply try to resolve a domain like so

# nslookup google.com localhost

should give your resolved hostnames of google.com using the local interface of your caching nameserver.


Alternatively, using another private IP address as shown with the above IP examples

# nslookup google.com 192.168.1.1


That is all for now.

0 comments:

Sign up for PayPal and start accepting credit card payments instantly.
ILoveTux - howtos and news | About | Contact | TOS | Policy