This is a how to setup/install/configure djbdns (daemontools, dnscache, & tinydns) on FreeBSD. I am currently running FreeBSD 8.1. Danial J. Bernstein is the Author of djbdns and qmail. A truly talented programmer. The information provided here is a culmination of my own work and experience and an incredibly fantastic article Ifound written by Wayne Marshell. CLICK HERE to read Wayne’s article. Read this article!
I N D E X
———–
1. INSTALLING DAEMONTOOLS
2. INSTALLING DJBDNS
3. CREATING USER/GROUP TO RUN DJBDNS UNDER
4. CONFIGURING A CACHE SERVER
5. LOCALHOST DNS CACHE SERVER
6. LOCAL NETWORK DNS CACHE SERVER
7. MODIFY DNS CACHE SIZE
8. CONFIGURING DNS CACHE W/ TINYDNS
9. LOADING UP TINYDNS WITH HOST INFO
10. DEALING WITH LOGS
11. DNS LOOKUP TOOLS
12. TINYDNS DATA RECORD TYPES
13. DAEMONTOOL CONTROL SCRIPT
14. RESOURCES
1. INSTALLING DAEMONTOOLS
——————————————
Install the daemontools software via ports
cd /usr/ports/sysutils/daemontools && make && make install
Copy and Edit the sample startup script the port provides in “/usr/local/share/examples/daemontools/ svscan.sh.sample”. Read the comments in the file! & chmod to 750
cp /usr/local/share/examples/daemontools/svscan.sh.sample
/usr/local/etc/rc.d/svscan.sh
Create this service spool directory now:
mkdir /var/service
To start up svscan without rebooting, go ahead and give the command:
/usr/local/etc/rc.d/svscan.sh start
When running the ps fax command it is normal to see the following PID:
readproctitle service errors: ……………………
2. INSTALLING DJBDNS
——————————-
First we need to build and install djbdns. The following command will install tinydns, dnscache & some other useful tools.
cd /usr/ports/net/djbdns && make && make install
3. CREATING USER/GROUP TO RUN DJBDNS UNDER
——————————————————————-
Change uid/gid numbers to anything you want.
pw groupadd nofiles -g 800
pw useradd dnslog -g nofiles -u 810 -d /nonexistent -s /sbin/nologin
pw useradd dnscache -g nofiles -u 811 -d /nonexistent -s /sbin/nologin
pw useradd tinydns -g nofiles -u 812 -d /nonexistent -s /sbin/nologin
4. CONFIGURING CACHE SERVER
——————————————-
There are mainly two way to setup a DNS cache server. If you are connected to directly to the internet and not connected to an internal network then the type of DNS cache server to setup would be a local/localhost DNS cache server. If you are setting up a DNS cache server for a network or a small home network then the type of DNS cache server to setup would be a what I call a local network DNS cache server. Which ever the situation is for you I have created a section for both scenerios. Section 5 and 6 cover each.
5. LOCALHOST DNS CACHE SERVER
———————————————–
dnscache-conf dnscache dnslog /etc/dnscache
ln -s /etc/dnscache /var/service
echo ‘nameserver 127.0.0.1′ >/etc/resolv.conf
6. LOCAL NETWORK DNS CACHE SERVER
——————————————————
dnscache-conf dnscache dnslog /etc/dnscache 192.168.0.1
touch /etc/dnscache/root/ip/192.168.0
ln -s /etc/dnscache /var/service
Now all client hosts on the network can be configured with an “/etc/resolv.conf” (or equivalent) entry of: nameserver 192.168.0.1
To test that everything is working you will need to use dig. At this point nslookup will fail/not work.
7. MODIFY DNS CACHE SIZE
————————————-
Change size to fit your memory requirement/limits.
echo 32000000 > /etc/dnscache/env/CACHESIZE
echo 34000000 > /etc/dnscache/env/DATALIMIT
svc -t /var/service/dnscache
8. CONFIGURING DNS CACHE W/ TINYDNS
——————————————————-
The configuration described here will build on the external DNS cache configuration running on host 192.168.0.1 described above. But we will now add tinydns to this system, using a private loopback address of 192.168.0.2. To make this IP address available for tinydns, edit “/etc/rc.conf” and add the following line: Change “lo0″ to your NIC name.
ifconfig_lo0_alias0=”inet 192.168.0.2 netmask 0xffffffff”
Reboot and type “netstat -rn” to make sure the new IP address is in the routing table. Then continue with the configuration of tinydns as follows:
tinydns-conf tinydns dnslog /etc/tinydns 192.168.0.2
ln -s /etc/tinydns /var/service
The first command, “tinydns-conf”, automates the setup of the tinydns run scripts for daemontools. Like “dnscache-conf”, the command has 4 arguments: the username the tinydns binary will run under (tinydns), the username of the logger (dnslog), the tinydns configuration and log directory (/etc/tinydns), and the IP address that tinydns will bind to (192.168.0.2).
Next, configure dnscache to direct lookup information for the local domain to this private tinydns server:
echo ’192.168.0.2′ > /etc/dnscache/root/servers/example.org
echo ’192.168.0.2′ > /etc/dnscache/root/servers/0.168.192.in-addr.arpa
The above step is the crucial magic, providing the “glue” that connects dnscache to our private tinydns. Now when dnscache gets a query for a local “example.org” address, it will request the information from the tinydns server running on the private loopback address of 192.168.0.2.
9. LOADING UP TINYDNS WITH HOST INFO
——————————————————-
cd /etc/tinydns/root
./add-ns example.org 192.168.0.2
./add-ns 0.168.192.in-addr.arpa 192.168.0.2
./add-host dagwood.example.org 192.168.0.3
./add-host blondie.example.org 192.168.0.4
./add-alias mailhub.example.org 192.168.0.4
./add-host dithers.example.org 192.168.0.5
./add-alias bastion.example.org 192.168.0.5
make
10. DEALING WITH LOGS
———————————
Monitor dnscache logs:
tail -f /etc/dnscache/log/main/current
To make the timestamps more meaningful, pipe the log through the “tai64nlocal” utility:
tail -f /etc/dnscache/log/main/current | tai64nlocal
Similarly, monitor the tinydns log with:
tail -f /etc/tinydns/log/main/current | tai64nlocal
Some administrators may prefer the consistency of keeping all logs in /var/log. To set up dnscache to log in /var/log/dnscache, for example, first make the directory:
mkdir /var/log/dnscache
chown dnslog:nofiles /var/log/dnscache
chmod 1755 /var/log/dnscache
Then change the /etc/dnscache/log/run script created by dnscache-conf to:
#!/bin/sh
exec setuidgid dnslog multilog t /var/log/dnscache
If svscan is already running, kill the service for the change in run script to take effect:
svc -k /var/service/dnscache/log
11. DNS LOOKUP TOOLS
——————————–
DNS lookup tools
Command Task Example
dnsip Prints IP Address dnsip fqdn
dnsip Print Mulitple IP Address dnsip fqdn fqdn fqdn
dnsipq Print fqdn and IP on a single line dnsipq fqdn
dnsname Reverse lookup for IP’s dnsname a.b.c.d
dnsmx Print MX record of fqdn dnsmx fqdn
dnstxt Print TXT record of fqdn dnstxt fqdn
Debugging tools (Must know what your doing!)
dnsqr t may be a name or number. Currently recognized names: any, a, ns, mx, ptr, txt, cname, soa, hinfo, rp, sig, key, aaaa, axfr. dnsqr t fqdn
dnstrace dnstrace searches for all DNS servers that can affect the resolution of records of type t under the domain name fqdn, starting from the root server r. You can list more than one root server. dnstrace t fqdn r
(dnstrace any www.aol.com a.root-servers.net > AOL & )
dnstracesort Read the output of dnstrace dnstracesort < AOL | less
12. TINYDNS DATA RECORD TYPES
———————————————-
Type
Create these
.
SOA, NS
&
NS, A
@
MX, A
=
PTR, A
+
A
‘
TXT
^
PTR
C
CNAME
Z
SOA
:
User-defined
13. DAEMONTOOL CONTROL SCRIPT
————————————————
Create a file named “dnsctl” that looks something like the following, put it in an executable path and chmod to, say, 750:
<== COPY EVERYTHING BELOW THIS LINE ==>
#!/bin/sh
# file /usr/local/bin/dnsctl
# daemontools control script for djbdns services
# wcm, 2002.08.26 – 2002.08.26
#
SERVICES=”/var/service/dnscache /var/service/dnscache/log
/var/service/tinydns /var/service/tinydns/log”
case “$1″ in
start)
echo “Starting djbdns services”
svc -u ${SERVICES}
;;
stop)
echo “Stopping djbdns services”
svc -d ${SERVICES}
;;
restart)
echo “Restarting djbdns services”
svc -t ${SERVICES}
;;
status)
svstat ${SERVICES}
;;
cdb)
echo “Updating tinydns data”
cd /var/service/tinydns/root; tinydns-data
;;
help)
cat << HELP
start — start up djbdns services
stop — stop djbdns services
restart — restart djbdns services
status — view current status of djbdns services
help — this screen
HELP
;;
*)
echo “Usage: $0 [start|stop|restart|status|help]“
exit 1
;;
esac
exit 0
### that’s all, folks!
<== COPY EVERYTHING ABOVE THIS LINE ==>