Установка djbdns для FreeBSD

How this works

When you surf the net, chat, or whatever your do, you most propably come across domain names, like www.google.com. In order to communicate with google.com, the domain name has to be resolved into an ip address. This is what the dns protocol is for. Normally, about every time you need to know which domain name has which ip, you ask a domain name server (dns server) out there on the internet. This consumes little bandwidth, but can delay your connections sometimes. dnscache saves this information on your local lan, and interacts with the dns servers out there, speeding up the lookups. (The speedup actually is "not to have to lookup, because we already know". If dnscache needs to lookup the name, its not faster nor slower than any other computer doing that).

Installation

This one's a no-brainer: FreeBSD does everything for you.

su
cd /usr/ports/dns/djbdns/
make install

AFAIK, there is no package avaiable at the time of writing. Please note that this also installs daemontools. We'll use it in the next step.

Cache Configuration

This section described everything you need to do to run local dns cache. The next section tells you how to use it.

check that your current system

for example by using
dnsq a www.google.com 192.203.230.10
dnsq a www.google.com 192.48.79.30
If there are lots of names and numbers scrolling by, it works :)
If not: check your internet & dns configuration, see the FreeBSD Handbook for more details.
Note: If your shell says "command not found", nothing is wrong with your inet configuration. If your shell is tcsh, type rehash and try again.

Now, write down your ip. If the host you are setting up dnscache is on your local lan, write down the local ip address (normaly something like 10.x.x.x or 192.168.x.x). If your host only has an internet connection with a dynamically assigned ip, use 127.0.0.1 for all future references to your ip.

create new users

dnscache runs as a seperate users, for security purposes. Please note that it is intended to run as a user with as few priviliges as possible.
Please use useradd to add the users Gdnscache and Gdnslog. Chose empty passwords and add them to group nogroup. Empty passwords mean that they cant login.

create dnscache directories

dnscache-conf Gdnscache Gdnslog /usr/local/etc/dnscache 10.0.0.1
replacing 10.0.0.1 with your ip. This directory contains configuration files that your can edit later and logs.

mkdir /var/service
ln -s /usr/local/etc/dnscache /var/service/dnscache
svstat /var/service/dnscache

This tells svstat, which is part of daemontools, to monitor dnscache. It also starts dnscache at boottime.
touch /usr/local/etc/dnscache/root/ip/10
This creates an empty file named "10". Replace "10" with the first segment of your ip number. If your ip is 192.168.32.1, use "192", if your ip is 127.0.0.1, use "127". This number sets who can access your dnscache. If you set it to "10", all client with ip 10.*.*.* can access the cache.

Set your own dns servers

If your isp has some dns servers on your own (he most definitely has), you can add them to /usr/local/etc/dnscache/root/servers/@ , on top of the file. This file contains which dns server get queried from dnscache.

Client Configuration

This section described how the clients using your dnscache should be configured. This normally should also be done on the computer running dnscache.
Insert the line nameserver 10.0.0.1 (replacing 10.0.0.1 with your ip, e.g. the ip of the host running dsncahe) in your /etc/resolv.conf, and delete or comment out all other nameserver entries.
Test your configuration: dnsip www.fsf.org
If it returns a number, everything seems right! That should be it.

Яндекс.Метрика