Tabela de Conteúdos
3.1.2 DNS Cache
Objective
To install bind9, a local DNS cache.
A caching only name server will find the answer to name queries and remember the answer the next time you need it. This will shorten the waiting time the next time significantly.
Installation
root@server:~# aptitude install bind9 bind9-doc dnsutils
Configuration
To speed up and lighten the name resolution, we can use other DNS caches from outside servers as well. Usually ISPs provides DNS caches, but there are other DNS cache services available, claiming to be faster and safer, like:
- OpenDNS (http://www.opendns.com/)
- Google Public DNS (http://code.google.com/speed/public-dns/)
Also, for security, our DNS server will only answer queries coming from internal addresses.
The configuration is stored in the file /etc/bind/named.conf.options:
- /etc/bind/named.conf.options
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { // OpenDNS servers 208.67.222.222; 208.67.220.220; // ADSL router 192.168.1.1; }; // Security options listen-on port 53 { 127.0.0.1; 192.168.1.100; }; allow-query { 127.0.0.1; 192.168.1.0/24; }; allow-recursion { 127.0.0.1; 192.168.1.0/24; }; allow-transfer { none; }; auth-nxdomain no; # conform to RFC1035 // listen-on-v6 { any; }; };
Check for possible syntax errors:
root@server:~# named-checkconf
Update /etc/resolv.conf, so DNS queries will be performed locally:
- /etc/resolv.conf
nameserver 127.0.0.1
Also, /etc/nsswitch.conf, must look like this:
- /etc/nsswitch.conf
# [...] hosts: files dns # [...]
Restart the DNS service:
root@server:~# /etc/init.d/bind9 restart
Verification
Perform a forward lookup test:
root@server:~# nslookup www.debian.org Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: www.debian.org Address: 206.12.19.7 Name: www.debian.org Address: 128.31.0.51
A reverse lookup test:
root@server:~# nslookup 206.12.19.7 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: 7.19.12.206.in-addr.arpa name = bellini.debian.org. Authoritative answers can be found from: . nameserver = c.root-servers.net. . nameserver = d.root-servers.net. . nameserver = h.root-servers.net. . nameserver = a.root-servers.net. . nameserver = m.root-servers.net. . nameserver = g.root-servers.net. . nameserver = f.root-servers.net. . nameserver = k.root-servers.net. . nameserver = i.root-servers.net. . nameserver = b.root-servers.net. . nameserver = l.root-servers.net. . nameserver = e.root-servers.net. . nameserver = j.root-servers.net. a.root-servers.net internet address = 198.41.0.4 b.root-servers.net internet address = 192.228.79.201 c.root-servers.net internet address = 192.33.4.12 d.root-servers.net internet address = 128.8.10.90 e.root-servers.net internet address = 192.203.230.10 f.root-servers.net internet address = 192.5.5.241 g.root-servers.net internet address = 192.112.36.4 h.root-servers.net internet address = 128.63.2.53 i.root-servers.net internet address = 192.36.148.17 j.root-servers.net internet address = 192.58.128.30 k.root-servers.net internet address = 193.0.14.129 l.root-servers.net internet address = 199.7.83.42 m.root-servers.net internet address = 202.12.27.33
Client configuration
Windows
Open the Internet Protocol Version 4 (TCP/IPv4) Properties dialog of the network adapter and type the IP address of our DNS server as the Preferred DNS server:
Linux
On Linux systems, just edit the /etc/resolv.conf file and add the IP address of our DNS server as the nameserver:
- /etc/resolv.conf
# [...] nameserver 192.168.1.100 # [...]
Automatic client configuration
DNS server address can also be automatically assigned using the DHCP protocol. In order to do this, just add the domain-name-servers option to the DHCP server configuration file /etc/dhcp/dhcpd.conf:
- /etc/dhcp/dhcpd.conf
# [...] option domain-name-servers 192.168.1.100; # [...]
References
- ISC Bind (http://www.isc.org/sw/bind/)
- Wikipedia: Domain Name System (http://en.wikipedia.org/wiki/Domain_Name_System)
- Linux Home Networking: Quick HOWTO: Ch18 Configuring DNS (http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Configuring_DNS)
- DNS Howto, 3. A resolving, caching name server (http://langfeldt.net/DNS-HOWTO/BIND-9/DNS-HOWTO-3.html)
- Securing Debian Manual (http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-sec-bind)
- OpenDNS (http://www.opendns.com/)
- Google Public DNS (http://code.google.com/speed/public-dns/)