[SOLVED] How to create a caching dns server in centos
Hello all,
I would like to setup a caching dns server on my existing Linux server, ( Centos 6.3) in order to increase the speed of browsing websites for the rest of the network. Can please someone help me with that? Where should I start? Thank you in advance! Cheers, Leo |
I use dnsmasq for that purpose, here is a tutorial for CentOS: http://www.g-loaded.eu/2010/09/18/ca...using-dnsmasq/
|
Quote:
Did you see better results in your web browsing experience? Also on my windows system I have some local websites saved on /etc/hosts. ( also I should say that I am using a windows server with IIS for hosting my websites) Will this bother me towards the installation? Note: I am talking about the host file on a windows pc. Not a Linux. |
I use it together with Polipo (caching proxy server) to get better load times. I share a connection with rather low bandwidth with a bunch of other people and I can see significantly better load times, especially when the connection is under heavy load.
Regarding the Windows machine: I don't know. |
Quote:
Hello mate, I install the cache server and it seems to work fine! Thank you very much!! I have 2 questions although: 1) I set the cache-size=1000 (as the tutorial suggest), can you please explain me how exactly this works? I mean this is for 1000 websites, or for 1000 times i visit random webisites? Will i have to change this number in the future? 2)How can i be 100% sure that dns caching actually works? The tutorial doesn't say anything about changing something in clients pc. My topology right now is: Router --> Firewall --> Switch. On the switch it is connected the linux server ( with dns caching) and three client pc with Windows XP. Thank again, Leo Thanks again! |
I have set the cache-size to 10000, it is the number of DNS queries that is cached, you can't directly translate that to the number of websites. For example, if a website shows you pictures from different domains you will have multiple DNS queries on that site.
On your client, you have to configure them to use the server as nameserver, easily done with the network configuration dialog on Windows or /etc/resolv.conf on Linux systems. To test if the caching is actually working you can use the dig command. |
Quote:
;;Query time: 0 msec ;; SERVER 127.0.0.1#53 (127.0.0.1) Also i try ping bbc.com and it is not working..i get a unknown host.. So obviously the dns caching is not working... Leo |
It is working correctly.
On Windows, you don't have to change the default gateway, but the DNS server. |
Quote:
Also on the Windows PC i change the dns with the ip of the cached server (192.168.1.200) but i don't have internet connection! Any ideas please? i use this script: # # Configuration file for dnsmasq acting as a caching nameserver. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. # # Updated versions of this configuration file may be available at: # # http://www.g-loaded.eu/2010/09/18/ca...using-dnsmasq/ # # # Basic server configuration # listen-address=127.0.0.1 port=53 bind-interfaces user=dnsmasq group=dnsmasq pid-file=/var/run/dnsmasq.pid # # Logging # #log-facility=/var/log/dnsmasq.log #log-queries # # Name resolution options # domain-needed bogus-priv no-hosts dns-forward-max=150 cache-size=1000 #no-negcache neg-ttl=3600 resolv-file=/etc/resolv.dnsmasq no-poll log-facility=/var/log/dnsmasq.log Thank you! Leo edit: Any help? |
Quote:
Any help mate? Is my configuration file correct? Cheers, Leo |
Sorry, I missed your last post.
This is my configuration file: Code:
interface=br0 Code:
tobi@server ~ ☺ $ cat /etc/resolv.conf Code:
dig google.de Hope this may be helpful. |
Quote:
I am missing the /etc/resolv.dnsmasq file. When i run cat /etc/resolv.dnsmasq i got result " No such File or Directory". I remove and re-install the dnsmasq and still the resolv.dnsmasq is not there. Will i have to create it? I am using your configuration! ( Except the interface=br0 i use interface=etho ) Please help! |
If you use my configuration you have to use the resolv.dnsmasq file, otherwise dnsmasq does not know where to look up the addresses. Just create the file and put the content in. The first address in that file is a public Google server, the second address is an OpenDNS server. You can omit the third address, it is an address local to my network and not reachable from the outside.
|
I create the file and everything seems to work fine, but on my windows pc when i change the DNS server at the ip of the caching server ( 192.168.1.200) i don't have internet connection. Can you help me with that?
The caching server has the following configuration: ip: 192.168.1.200 mask: 255.255.255.0 gateway 192.168.1.1 primary DNS 127.0.0.1 secondary DNS 127.0.0.1 i can ping google.de and here are the results of the dig command: ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.e16_3.6 <<>> google.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47558 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.de. IN A ;; ANSWER SECTION: google.de. 212 IN A 173.194.67.94 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jan 7 16:25:39 2013 ;; MSG SIZE rcvd: 43 Also at the resolv.dnsmasq file i have make this configuration: nameserver 8.8.8.8 nameserver 208.67.222.222 |
Sorry for barging in this late in the thread.
Quote:
|
Quote:
Any idea about my problem? |
Quote:
Quote:
|
Quote:
I don't know much about Pdnsd, but after a short look at the documentation it seems to be not really difficult to setup and it may be much better for the OP's purpose than dnsmasq. |
The server i have install the caching server is 24x7 open, so there is not any problem.
Tobi can you help me with my last problem? Why my Windows pc, doesn't accept as DNS the ip of the caching dns server? |
If you have the config file like mine (except of course the interface-name) it should work, if you have your Windows system configured correctly (I use manual configuration on Windows, no DHCP).
|
The configuration of my windows pc is:
Ip 192.168.1.9 Subnet: 255.255.255.0 Gateway: 192.168.1.1 And when i use for dns the ip of the caching server ( 192.168.1.200 ) I don't have Internet connection on the windows pc. Although the caching pc, is having Internet connection. May I ask which Centos version you have? I have heard that 5.8 is more stable than the 6.3 I have. Also I am using your configurations files. Leo |
I am using Debian for this, not CentOS. I somehow don't like RPM distros.
But this shouldn't change anything for the configuration. May it be possible that you have an active firewall on the server that prevents your Windows machine from connecting to the server? |
On the Centos I have the ip tables active. Should I have to open port 53 on iptables?
I am thinking of re-setup the server with Centos 5.8, but I can't find anywhere the minimal version. |
Quote:
listen-address=127.0.0.1 This means that only the server itself can connect to it. You need to change that config to: listen-address=192.168.1.200 Then other machines on the LAN can connect to it. You'll also need to change the resolv.conf on the caching server to: nameserver 192.168.1.200 |
And what about dns on caching server? Right now I have 127.0.0.1. Should I change it?
You can check my configuration files on post #11 on the previous page of this thread ( my configuration is the same as tobi's) |
Quote:
nameserver 192.168.1.200 Don't forget to restart dnsmasq after changing the config. |
Should I change the dns from the system-config-network command as well?
So you are saying that I must change the 127.0.0.1 with 192.168.1.200, on the caching server and on the configuration files right? Note: the caching server has ip 192.168.1.200 |
Quote:
It is also OK to use 127.0.0.1 in the resolv.conf file, works fine here. Quote:
|
Just use a text editor. Edit the /etc/dnsmasq.conf file and set:
listen-address=192.168.1.200 And then restart dnsmasq. Then edit /etc/resolv.conf and set: nameserver 192.168.1.200 That's all. Test using 'dig' on the server and try to browse on a Windows machine. |
Maybe I didn't explain well the configuration of my network.
I have a caching Linux pc with ip 192.168.1.200, gateway 182.168.1.1 and dns 127.0.0.1 When I ping and use the dig command from the Linux pc, I get valid results. Now I want all the windows pc's, to has as dns the caching server in order to increase the browsing speed. The problem is that when I change the dns of the windows pc, and I enter the ip of the caching server (192.168.1.200) then I don't have Internet connection. I will try to open the port 53 on iptables. Then I will try replacing 127.0.0.1 with 192.168.1.200 on the caching server. Thank you guys for your help so far!! I will post the results tomorrow! |
Quote:
With listen-address = 127.0.0.1 Other machines on the LAN cannot connect. This is what LeoPap has in his config. To allow other LAN boxes to connect to dnsmasq, the options are (1) change the listen-address to the LAN IP, or (2) remove the listen-address line entirely -- in which case dnsmasq listens on ALL interfaces. Either approach is viable. I opted for the former. In retrospect it may have been simpler to have said, "put a # at the beginning on the 'listen-address' line and restart dnsmasq." |
Quote:
This is what the man-page of dnsmasq has to say about that: Quote:
|
I did not see any use of --interface in the config file originally posted by LeoPap, only --listen-address.
Rereading I see he copied your config, including the --interface option: Quote:
|
Quote:
|
Thank you guys sooo much!
Finally the problem solved!! The solutions was to open port 53 on iptables!! Thnako you very much for your help all this time. I really appreciate it! Cheers, Leo |
Hello guys,
After using the caching server for 2 days on my windows pc's, i have noticed that the speed of browsing didn't have a dramatically change...Maybe it is a bit better than it was previously but not what i was expected... Is there anything else i can do in order to get faster browsing? Also is there any way to see if the cache-size has been reduced?? Cheers, Leo |
Browsing of course only becomes faster for things that are cached, for example if you visit a site that you have visited before. And of course, as unSpawn stated already, you restarting the machine or dnsmasq will clear the cache, so that is a no-go. I use it to speed up my different machines (a machine has not look up DNS info that I have already visited on a different machine), especially when network load is high, and you really can see the difference. I can't say anything about performance on single machines that are used on home networks without other machines interfering.
If you often visit the same sites with somewhat static content it may help to use a caching proxy server, like Polipo (again, not really data here for that with single machines on single used home networks), that gave me a serious speed up, again especially when network load is high. |
I check the log file of dnsmasq and here are the results.
[root@localhost ~]# cat /var/log/dnsmasq.log Jan 3 09:10:09 dnsmasq[1601]: started, version 2.48 cachesize 1000 Jan 3 09:10:09 dnsmasq[1601]: compile time options: IPv6 GNU-getopt DBus no-I18 N DHCP TFTP Jan 3 09:10:09 dnsmasq[1601]: cleared cache Jan 3 09:10:09 dnsmasq[1601]: failed to read /etc/resolv.dnsmasq: No such file or directory Jan 3 09:21:47 dnsmasq[1601]: exiting on receipt of SIGTERM Jan 3 09:21:53 dnsmasq[1627]: started, version 2.48 cachesize 1000 Jan 3 09:21:53 dnsmasq[1627]: compile time options: IPv6 GNU-getopt DBus no-I18 N DHCP TFTP Jan 3 09:21:53 dnsmasq[1627]: cleared cache Jan 3 09:21:53 dnsmasq[1627]: failed to read /etc/resolv.dnsmasq: No such file or directory Jan 3 09:22:09 dnsmasq[1627]: exiting on receipt of SIGTERM Jan 3 09:22:09 dnsmasq[1653]: started, version 2.48 cachesize 1000 Jan 3 09:22:09 dnsmasq[1653]: compile time options: IPv6 GNU-getopt DBus no-I18 N DHCP TFTP Jan 3 09:22:09 dnsmasq[1653]: cleared cache Jan 3 09:22:09 dnsmasq[1653]: failed to read /etc/resolv.dnsmasq: No such file or directory Jan 4 12:34:21 dnsmasq[1653]: exiting on receipt of SIGTERM Jan 4 12:35:06 dnsmasq[1041]: started, version 2.48 cachesize 1000 Jan 4 12:35:06 dnsmasq[1041]: compile time options: IPv6 GNU-getopt DBus no-I18 N DHCP TFTP Jan 4 12:35:06 dnsmasq[1041]: cleared cache Jan 4 12:35:06 dnsmasq[1041]: failed to read /etc/resolv.dnsmasq: No such file or directory Jan 7 08:33:25 dnsmasq[1041]: exiting on receipt of SIGTERM [root@localhost ~]# cat /etc/resolv.dnsmasq nameserver 8.8.8.8 nameserver 208.67.222.222 i can see that the daemon can't read the resolv.dnsmasq. Maybe this has affect my browsing speed. But why? With the cat command i can see that the file exists!! |
Possibly a permission issue? I can't really say. But what I can see is that your dnsmasq is restarted at least once a day, which will clear the cache and render it more or less useless. It may be that this behavior is caused by the inability to read resolv.dnsmasq, but the real question is: When dnsmasq can't resolve DNS queries on your server because it can't access the file with the nameserver addresses, how can it possibly ever have worked?
|
Quote:
I really don't know.. I am too confused now! i have change the dns server at my windows pc ( i add the ip of the caching server ) and i had internet connection!! How can this be possible? When i install dnsmasq, i also type these commands: groupadd -r dnsmasq useradd -r -g dnsmasq dnsmasq How can i be sure that it is not a permission issue? Also if you see the log file stops at 7 of January..Why i don't have any data from 8 and 9 of January?? |
Good question. Do you get log entries when you manually restart dnsmasq?
|
Quote:
Also i reboot the server and still no entry on the log file... |
But you can use it from your client or doesn't it work? Also, do you still have the line about the log location in your config file?
|
The client ( Windows PC) has as dns the ip of the caching server and they had internet connection!!
Here is the configuration: [root@localhost ~]# cat /etc/dnsmasq.conf interface=eth0 listen-address=127.0.0.1 port=53 bind-interfaces user=dnsmasq group=dnsmasq pid-file=/var/run/dnsmasq.pid domain-needed bogus-priv dns-forward-max=150 cache-size=10000 neg-ttl=600 resolv-file=/etc/resolv.dnsmasq |
You are missing the line
Code:
log-facility=/var/log/dnsmasq.log |
Ok i add this line at the bottom of the dnsmasq.conf file and i set as dns server on my pc ( Windows pc ) the ip of the caching server.
Here are the results of the log file. [root@localhost ~]# cat /var/log/dnsmasq.log Jan 3 09:10:09 dnsmasq[1601]: started, version 2.48 cachesize 1000 Jan 3 09:10:09 dnsmasq[1601]: compile time options: IPv6 GNU-getopt DBus no-I18N DHCP TFTP Jan 3 09:10:09 dnsmasq[1601]: cleared cache Jan 3 09:10:09 dnsmasq[1601]: failed to read /etc/resolv.dnsmasq: No such file or directory Jan 3 09:21:47 dnsmasq[1601]: exiting on receipt of SIGTERM Jan 3 09:21:53 dnsmasq[1627]: started, version 2.48 cachesize 1000 Jan 3 09:21:53 dnsmasq[1627]: compile time options: IPv6 GNU-getopt DBus no-I18N DHCP TFTP Jan 3 09:21:53 dnsmasq[1627]: cleared cache Jan 3 09:21:53 dnsmasq[1627]: failed to read /etc/resolv.dnsmasq: No such file or directory Jan 3 09:22:09 dnsmasq[1627]: exiting on receipt of SIGTERM Jan 3 09:22:09 dnsmasq[1653]: started, version 2.48 cachesize 1000 Jan 3 09:22:09 dnsmasq[1653]: compile time options: IPv6 GNU-getopt DBus no-I18N DHCP TFTP Jan 3 09:22:09 dnsmasq[1653]: cleared cache Jan 3 09:22:09 dnsmasq[1653]: failed to read /etc/resolv.dnsmasq: No such file or directory Jan 4 12:34:21 dnsmasq[1653]: exiting on receipt of SIGTERM Jan 4 12:35:06 dnsmasq[1041]: started, version 2.48 cachesize 1000 Jan 4 12:35:06 dnsmasq[1041]: compile time options: IPv6 GNU-getopt DBus no-I18N DHCP TFTP Jan 4 12:35:06 dnsmasq[1041]: cleared cache Jan 4 12:35:06 dnsmasq[1041]: failed to read /etc/resolv.dnsmasq: No such file or directory Jan 7 08:33:25 dnsmasq[1041]: exiting on receipt of SIGTERM Jan 10 16:24:24 dnsmasq[1401]: started, version 2.48 cachesize 10000 Jan 10 16:24:24 dnsmasq[1401]: compile time options: IPv6 GNU-getopt DBus no-I18N DHCP TFTP Jan 10 16:24:24 dnsmasq[1401]: read /etc/hosts - 2 addresses Jan 10 16:24:24 dnsmasq[1401]: using nameserver 208.67.222.222#53 Jan 10 16:24:24 dnsmasq[1401]: using nameserver 8.8.8.8#53 Jan 10 16:24:28 dnsmasq[1401]: exiting on receipt of SIGTERM Jan 10 16:24:28 dnsmasq[1427]: started, version 2.48 cachesize 10000 Jan 10 16:24:28 dnsmasq[1427]: compile time options: IPv6 GNU-getopt DBus no-I18N DHCP TFTP Jan 10 16:24:28 dnsmasq[1427]: read /etc/hosts - 2 addresses Jan 10 16:24:28 dnsmasq[1427]: using nameserver 208.67.222.222#53 Jan 10 16:24:28 dnsmasq[1427]: using nameserver 8.8.8.8#53 It seems that it is working fine now. Right? |
Did you restart it manually at 16:24:28? Other than that it seems to work correctly.
|
With regard to the cache, you can get dnsmasq stats by sending the daemon the USR1 signal. dnsmasq then dumps some stats to the log file. Here's a little script that I made/use to make it easy:
Code:
#!/bin/bash Code:
[root@serv:~/scripts] ./dns-stats.sh The other lines are pretty much self-explanatory. |
Quote:
Sleddog: thank you mate, I will have it in mind! |
Good to hear. Now you may consider a caching proxy server to further speed up your surfing experience. ;)
Jokes aside, a caching proxy can be more difficult to handle and I would consider it only if you have more than one machine used by you for surfing (and if you also have times with a low-bandwidth access to the net). |
All times are GMT -5. The time now is 12:06 AM. |