What can djbdns, (or any DNS Server/cacher) do for me?
*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What can djbdns, (or any DNS Server/cacher) do for me?
Hello everyone,
I'm not really wanting to start another battle over BIND vs DJBDNS so please vent those frustrations else where.
What I _would_ like to know is what can a DNS server or cacher (be it DJBDNS or BIND) do for me? My blurt:
I'm a Uni student wanting to eventually move into the field of network security. My home network is more complex than it needs to be and is going to get even more so as I'm doing this to learn how to build/configure/use the different types of machines. I have an OpenBSD router, FreeBSD fileserver, OpenBSD DNS server/cacher (eventually) and have visions of setting up / learning more of them. Possibly even a honey net in the very near future.
My Internet connection is a DSL connection. I do _not_ have a website or Intranet but would like to know what a DNS server or cacher can do for me - not to mention which one (server/cacher) I'd be using. I also do _not_ have a domain name although may possibly get one, especially if beneficial.
Basically my initial intention was to have a 'cacheing' system that would handle all the DNS requests by my workstations, do the lookups and store the answers. My understanding is that for this I need a cache rather than a server as a server is intended to 'serve' the addresses of the systems you have in an Intranet or for a site?
Any help would be greatly apprecitated. I'm currently working my way through both the Bernstein website to figure out what I want and also "Life with djbdns" - http://www.lifewithdjbdns.com
I think you pretty much said it all. The caching server will do name lookups and store the answers. I'm only familiar with djbdns, and I have no experience with BIND. But from what I know with djbdns, you can setup your dns cache so that its usable by other machines on your network. So instead of putting in your ISP's nameservers into /etc/resolv.conf, you can put in the IPs of your local nameserver and it will do the lookups for you.
djbdns also has "tinydns" which as you described is used for being an authority for a domain. You define the ip addresses, TTL's etc., with tinydns' config files and it can provide info for your domain records.
I have read lifewithdjbdns and I wasn't impressed. It looked like the author tried to do a good job, but I felt that it wasn't a very good tutorial for how to install it. What I ended up doing was finding several tutorials for installing it and blending them together into one that worked for me.
This pretty well covers the installation of dnscache, so I think you'll find it pretty complete for that purpose. But for tinydns, it's incomplete because I don't have any information on how to setup the config files. There are automated scripts that DJB includes that will allow you to setup the config files, but many people prefer to edit the config file manually.
Otherwise, I'm not really sure. I've googled a bit trying to help you, as I'm sure you've done also. But I can't seem to find anything of value to help with your problem.
I've resolved MY version of the problem and discovered that it's an issue with the doc you supplied me. The reason I had the error reported is because I followed the doc explicitly however the doc contradicts itself.
At the beginning of the setup three user accounts are created:
dnscache
tinydns
dnslog
The step at which I was having issues indicates I should enter this:
/usr/local/bin/dnscache-conf dnscache dns /etc/dnscache 192.168.0.50
which returned that dns was not a valid account.
When assessing the syntax of the dnscache-conf command I received this:
which to me would imply that the command I should have been running is:
/usr/local/bin/dnscache-conf dnscache dnslog /etc/dnscache 192.168.0.50 - NB that the dns account which caused issues is now dnslog, one of the accounts created earlier. That command ran without a problem. I did this over ssh from work and haven't returned yet. I'm anxious to see if this setup is now working.
Bah! You're absolutely right. Thanks for finding that. My document is not complete and needed a good audit. I wrote it for people like youself who are interested in using djbdns but needed a good howto. I apologize for the error. It was totally my mistake. I will correct it now. Thanks for finding that problem. Good luck with it and let me know if I can be of anymore help.
Please let it be known that what I wrote in my last message was not intended to be rude or anything of that nature. As I said I discovered the problem whilst at work and wrote the post straight after to avoid forgetting, thus I may have been a fraction short - unintentionally.
In terms of auditing the howto - that's the only problem I managed to find - other than the purple on black background was a tad difficult to read at times.
More importantly, my only additional question would be:
As I want this box to handle my lookups AND cache them, my understanding is that the DNS server should have a resolv file of:
nameserver 127.0.0.1
nameserver My.ISP.DNS.IP
and then all workstations beneath should have a resolv file of
nameserver My.DNS.Ip.Addr
Would that be correct? In which case, the DNS server would look to itself for the answer, if not found it would query my ISP's DNS?
Thanks for your support on this one DonBoy - all in all this thread is turning into a fairly comprehensive howto and explanation to DJBDNS.
Yeah, you're right. That way, you're querying your own dnscache first and then querying your ISP second. If youre own dns server happens to be too busy, it's got a backup. I think you're limited to only 3 nameservers in your resolv.conf. Any beyond that are ignored.
Thanks for the compliments. I hope that was my only error. Now all I need to do to make it more complete is explain the tinydns config file (under root/data). Most everyone else simple gives a little info on DJB's *-conf commands for adding records.
Furthermore, when using OpenBSD 3.6 what do I have to do to enable the workstations to use this box as their DNS server/lookup-er with ONE network card?
I'm a little confused. You tried to ping google.com, but what was the "reply" and "blah" parts? It almost seems like you're saying it worked the first time but failed the second time??
Also, you shouldn't use ping for something like this. Try using "host", "dnsip" or "dig" instead. Consult the man pages for each one to understand what arguments you can give it.
You can also do...
tail -f /etc/dnscache/log/main/current
and look at what the logs are saying about your dns request. It may yield some information that will help you understand what is the problem. Also, I would expect this to work fine since you've got your ISP's DNS servers listed as the backup, so there should be no reason why it doesn't work.
Also, are you trying to do this on a machine running dnscache? or is this being run on a machine that is querying your dnscache machine??
Well, I think your questions are already answered but I'll try and make myself clearer.
I'm doing this all directly from the DNS Server - (well... I've ssh'd into it, but close enough to being direct).
Now...
On MyDNS I tried to ping www.google.com - just to see if it could resolve the hostname/IP Address. The first time I did this my resolv.conf was as follows:
nameserver 127.0.0.1 # Enable MyDNS to query itself
nameserver My.ISP.DNS.IP # Enables MyDNS to query my isp if answer isn't cached.
lookup file blind
now... with the above resolv.conf I typed:
ping www.google.com and the ping reached the destination without any trouble:
$ ping www.google.com
PING www.google.akadns.net (216.239.57.99): 56 data bytes
64 bytes from 216.239.57.99: icmp_seq=0 ttl=240 time=197.413 ms
64 bytes from 216.239.57.99: icmp_seq=1 ttl=240 time=197.513 ms
64 bytes from 216.239.57.99: icmp_seq=2 ttl=240 time=194.660 ms
--- www.google.akadns.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 194.660/196.528/197.513/1.417 ms
Now, from here I wanted to test that my DNS server was actually caching and capable of using its own cache for the same request. To do this I removed my ISP's DNS Server from the resolv.conf:
resolv.conf
nameserver 127.0.0.1 # Enable MyDNS to query itself
#nameserver My.ISP.DNS.IP # Enable MyDNS to query ISP's DNS Server
lookup file blind
Then tried to ping www.google.com again - theoretically if the first ping had been cached then MyDNS shouldn't need my ISP's DNS Server to locate www.google.com - should it? Isn't that the point? - however, I got this:
I'm kinda tired at now so I'll try the dig etc tomorrow and let you know what happens, but I still feel the ping should work at least to determine this.
...for an explanation of what the log files are telling you, or post your log files here and maybe I can help you decipher them.
I think you're right... something isn't working. And to be fair, ping should work ok just as well as anything else. Ping is supposed to resolve domain names into ip's for the purpose of a ping, so it should work for what you're doing, but it's kind of like using the butt end of a screwdriver as a hammer -- there are better tools for the job.
I ping google again and still get the same response. So as per the logs it appears the service is starting, it just isn't doing anything. Perhaps djbdns isn't listening correctly? Again I ask what do I need to do with OpenBSD to enable ONE Network Card to both listen for requests and make requests when the answer isn't cached?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.