Setting up a Caching-Only DNS Server

While reading about DNS servers and BIND9, I came across the concept of Caching-Only DNS servers. I’m not going to go into great detail about how DNS works, but simply put, a Caching-Only DNS, well, caches DNS query results for the domain name being queried. The results are stored for a period of time known as the time-to-live, or TTL, which is specified on the name servers of the particular queried domain. Most computers and routers query the ISP’s DNS servers each time by default.

Preface:
To really get a good understanding of how DNS works, I’ve found the following quite helpful:
– DNS and BIND (you can pickup a used copy for fairly cheap, or even get the previous version for even less!)
– DNS & BIND Cookbook (supplement to the above; has many great examples and configurations for various DNS setups)
– Otherwise there are many good resources online; I’ve used StackOverflow to help guide me in the right direction and many other web pages for help and information.

What you are going to need:
– A Computer to host the Caching-Only DNS server (I’ll be deploying this in a VM as there is no need for a powerful computer to run a small DNS server)
– A Linux distribution (I’ll be using Ubuntu Server 8.04)
– Some basic Linux knowledge as well as networking knowledge

Step One, Chose your computer / Setup your VM:
Because there is no need to have an extremely powerful (or semi-powerful, for that matter) computer, I’ve chosen to deploy my server on a VM; If you chose to do this on a physical computer, the steps will still be extremely similar, if not identical, after this step.

We are going to need to access this computer directly from other machines and/or the router, so we are going to want to set a static IP for this computer; this can be done router and I won’t be covering it here. Also, when deploying in a VM, you are going to want to set the networking adapter to „Bridged Mode“; by default VirtualBox (and I believe VMWare) are set to „NAT“.

I’ve configured my VM with 256MB of RAM and 2GB of hard drive space (trust me, this will be plenty for a small network).

Step Two, Install Linux:
I’m not going to go into detail about how to install Ubuntu Server; but when installing you will have an option to pre-install software; chose „OpenSSH server“ by hitting the space key. You may notice that there is an option for „DNS Server“; I’ll be installing this manually after the server has rebooted.

Step Three, Install BIND9:
You are going to want to run all the commands as root; the easiest way to accomplish this is by running

 sudo su

Along with BIND9, I’ll be installing vim; the command below reflects this.

 apt-get -y install bind9 vim-full

The ‚-y‘ flag just speeds up the process and doesn’t prompt for your confirmation of everything to be installed.

Step Four, Configure BIND9:
Your going to want to change several of the configuration files. Your ’named.conf.options‘ file should look like below; the file should be located at „/etc/bind/named.conf.options“. Now edit this file in vim editor you installed earlier, or chose what ever editor your most comfortable with.

 vi /etc/bind/named.conf.options

Then, change the file so it looks like the following (changes/additions in bold):

 // Your local network and any IP address range you want to allow to query the DNS server
 acl internal { 192.168.2/24; };

 options {
         directory "/var/cache/bind";
 
         // Disable all zone transfer requests
         allow-transfer {"none";};
 
         // Closed DNS; permit only allowed IP addresses specified above to issue queries
         allow-query { internal; };
 
         // If there is a firewall between you and nameservers you want
         // to talk to, you might need to uncomment the query-source
         // directive below.  Previous versions of BIND always asked
         // questions using port 53, but BIND 8.1 and later use an unprivileged
         // port by default.
 
         // query-source address * port 53;
 
         // If your ISP provided one or more IP addresses for stable
         // nameservers, you probably want to use them as forwarders.
         // Uncomment the following block, and insert the addresses replacing
         // the all-0's placeholder.
 
         // forwarders {
         //      0.0.0.0;
         // };
 
         auth-nxdomain no;    # conform to RFC1035
         listen-on-v6 { any; };
 };

Now you need to edit the ’named.conf‘ file

 vi /etc/bind/named.conf

Then, change the file so it looks like the following (changes/additions in bold):

 // This is the primary configuration file for the BIND DNS server named.
 //
 // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
 // structure of BIND configuration files in Debian, *BEFORE* you customize
 // this configuration file.
 //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local
 
 include "/etc/bind/named.conf.options";
 
 // prime the server with knowledge of the root servers
 zone "." {
         type hint;
         file "/etc/bind/db.root";
 };
 
 // be authoritative for the localhost forward and reverse zones, and for
 // broadcast zones as per RFC 1912
 
 zone "localhost" {
         type master;
         file "/etc/bind/db.local";
         allow-update{none;};
 };
 
 zone "127.in-addr.arpa" {
         type master;
         file "/etc/bind/db.127";
         allow-update{none;};
 };
 
 zone "0.in-addr.arpa" {
         type master;
         file "/etc/bind/db.0";
 };
 
 zone "255.in-addr.arpa" {
         type master;
         file "/etc/bind/db.255";
 };
 
 include "/etc/bind/named.conf.local";

Now you are going to want to restart the BIND9 service; to do this:

 /etc/init.d/bind9 reload

If the service restarts with no problems, continue to the next step; otherwise, go back and check that you’ve typed everything correctly.

Step Five, Testing the DNS server:
To test the DNS server is working properly, you are going to want to use the ‚dig‘ command.

 dig example.com

You should get output that is similar to the following:

 ; <<>> DiG 9.4.2-P2.1  <<>> example.com
 ;; global options:  printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53000
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;example.com.                   IN      A
 
 ;; ANSWER SECTION:
 example.com.            109859  IN      A       192.0.43.10
 
 ;; Query time: 10 msec
 ;; SERVER: 192.168.2.1#53(192.168.2.1)
 ;; WHEN: Fri Jul 15 09:13:20 2011
 ;; MSG SIZE  rcvd: 45

Now, run the exact same ‚dig‘ command again should result in something similar to the following:

 ; <<>> DiG 9.4.2-P2.1  <<>> example.com
 ;; global options:  printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53000
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;example.com.                   IN      A
 
 ;; ANSWER SECTION:
 example.com.            109859  IN      A       192.0.43.10
 
 ;; Query time: 1 msec
 ;; SERVER: 192.168.2.1#53(192.168.2.1)
 ;; WHEN: Fri Jul 15 09:13:20 2011
 ;; MSG SIZE  rcvd: 45

You’ll notice the query time is much faster the second time around; that’s because the first time, the results were cached on the DNS server! Feel free to try this with several domains, they should all return similar speed-ups for query time!

Step Six, Configure Router and/or Computer to use your new DNS server:
Now that you have a working Caching-Only DNS Server, you are ready to setup your network to use as its main DNS server. It is best if you can configure your router to use this as the DNS; that way when a DHCP request is made, the router will tell the client to use your Caching-Only DNS Server for domain name queries. The settings to have your router use your Caching-Only DNS server are usually found under the LAN part of your routers configuration page. As there are many different brands of routers and the settings will vary between them, you will have to consult the documentation that came with your router; otherwise a quick Google search will usually do the trick!

You can also manually configure each computer on your network to use your Caching-Only DNS server; however this can take a while depending on how many computers you have on your network. I’m not going to cover the specifics on how to do this for each operating system, but the setting is usually under an advanced part of the network settings.

2 Kommentare

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.