junk food for the brain …
Configure a Caching-Only Name Server in a Chroot Environment for Fedora 11
Having a caching only name-server on your local Machine speeds up your browsing. Here’s how to set up a slightly more secure caching server using ISC Bind in Fedora 11.
- Install
bindandbind-chrootpackages# yum install bind bind-chroot
- Edit your
/etc/sysconfig/named file.# vim /etc/sysconfig/named
Add the following line:
ROOTDIR="/var/named/chroot"
- Edit your
/etc/named.conffile.# vim /etc/named.conf
- Change the following line:
listen-on port 53 { 127.0.0.1; };to
listen-on port 53 { any; };This allows the bind daemon to listen on all your network IPs, not just your loopback(127.0.0.1) address.
- Change this line:
allow-query { localhost; };to
allow-query { 192.168.0.0/24; };You now allow all the machines in your home LAN to use your DNS server.
- Make sure it starts at boot time.
# chkconfig named on
Restart your DNS server.
# service named restart
- Make sure its listening on the correct ports.
# netstat -ntupl | grep named
In my case, the DNS server IP is 192.168.0.10. So, as seen here, the line
udp 0 0 192.168.0.10:53 0.0.0.0:* 2851/namedshows it is listening correctly. - Then test your server from another machine in your network. Most probably another linux box or laptop.
# dig @192.168.0.10 google.com
The dig command, with the ‘@’ instructs it to get the IP address for google.com from your newly set up server. On my machine, it looked like this:-
[root@atreides ~]# dig @192.168.0.10 google.com ; < <>> DiG 9.6.1-RedHat-9.6.1-2.fc11 < <>> @192.168.0.10 google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6515 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 300 IN A 74.125.127.100 google.com. 300 IN A 74.125.45.100 google.com. 300 IN A 74.125.67.100 ;; AUTHORITY SECTION: google.com. 171853 IN NS ns3.google.com. google.com. 171853 IN NS ns1.google.com. google.com. 171853 IN NS ns2.google.com. google.com. 171853 IN NS ns4.google.com. ;; Query time: 82 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Sat Jul 18 20:14:59 2009 ;; MSG SIZE rcvd: 148
Note the
SERVER:line. that shows you the answer for the query came from my DNS server (192.168.0.10). - Finally, set up your
/etc/resolv.confaccordingly.On the server:
nameserver 127.0.0.1
And on all your other machines:
nameserver 192.168.0.10
July 19, 2009 - 8:01 pm
I normally use dnsmasq for the same purpose. This works well too.
July 20, 2009 - 12:13 am
I tried dnsmasq, but the performance was dismal. ended up sticking to bind. #streamyxsucks maybe?
July 20, 2009 - 12:52 am
aaa true… i normally stick to opendns but when the lines get sucky i’m forced to drop down to the damn streamyx dns servers
August 28, 2009 - 12:18 am
Thanks, that was easy to setup.
Does anyone know how to point to another caching name server (my ISP’s) rather than using the normal ones (root, or whatever they are called)?
September 4, 2009 - 2:07 am
Patrick,
Use the forwarders parameter to do that. In the named.conf file.