Clean djbDNS DNS Server On CentOS - dnscache And tinydns - A To Z

Want to support HowtoForge? Become a subscriber!
 
Submitted by shayne.alone (Contact Author) (Forums) on Mon, 2010-08-02 16:58. :: CentOS | djbdns | DNS

Clean djbDNS DNS Server On CentOS - dnscache And tinydns - A To Z

What is djbDNS? And why do we use djbDNS? There is a new point of view to serve the dns service - each of the dns server functionalities is a separate service, like authority, cache, forward and so on. The other difference is the daemon-tools which will rapidly restart services to prevent zombies.

 

Requirements:

CentOS 5.4 clean installation

Log in as root.

# yum update

# yum install gcc

# mkdir pkg

# cd pkg

The first step is to install the daemon-tools:

# cd ~/pkg

# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz

# gunzip daemontools-0.76.tar

# tar -xpf daemontools-0.76.tar

# rm -f daemontools-0.76.tar

# cd admin/daemontools-0.76

# vi src/conf-cc

Append the following line at the end of the gcc line:

-include /usr/include/errno.h

# ./package/install

One other package we need to prepare for djbdns to be functional is ucspi:

# cd ~/pkg

# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz

# gunzip ucspi-tcp-0.88.tar

# tar -xf ucspi-tcp-0.88.tar

# cd ucspi-tcp-0.88

# vi src/conf-cc

Append the following line at the end of the gcc line:

-include /usr/include/errno.h

# make

# make setup check

The next step is the document publication:

# cd ~/pkg

# wget http://cr.yp.to/djbdns/doc.tar.gz

Next we will unzip docs under /doc:

# gunzip < doc.tar.gz | (cd /; tar -xf -)

Use the following script to merge in system docs:

#!/bin/sh
for i in packages commands cfunctions fileformats
do
  sort -f /dev/null `find /doc/merge -name $i.html` > /doc/$i.new
  mv /doc/$i.new /doc/$i.html
done

Save script into a file: script.sh

# chmod +x script.sh

# ./script.sh

# cd ~/pkg

# wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz

# gunzip djbdns-1.05.tar

# tar -xf djbdns-1.05.tar

# cd djbdns-1.05

# vi src/conf-cc

Append the following line at the end of the gcc line:

-include /usr/include/errno.h

# make

# make setup check

All compiling gets done.

The next step is the dns server configuration.

 

DNSCACHE

Create two system user accounts:

# useradd -d /var/dnscache -s /bin/false dnscache

# useradd -d /var/dnscache -s /bin/false dnslog

Configure the cache:

# dnscache-conf dnscache dnslog /var/dnscache/dnscache <listen-IP>

Example: dnscache-conf dnscache dnslog /var/dnscache/dnscache 192.168.20.1

Allow the rest of your network to query dnscache:

# touch /var/dnscache/dnscache/root/ip/<Net-ID>

Example: touch /var/dnscache/dnscache/root/ip/192.168

Add dnscache to the list of services to be monitored by svscan:

# ln -sf /var/dnscache/dnscache /service/

If you like ms-windows... you can make a reboot to be sure that all the world is in place.

There is a point here that your are still not able to query from your cache server, because your clients are now able to be resolved in reverse mode.

As mentioned before it's one of the dns-cache security features to reverse-check clients. So in the next step we will work on tinydns to act for us.

 

DNSTINY

Once again, we need two system user accounts:

# useradd -d /var/dnscache -s /bin/false tinydns

# useradd -d /var/dnscache -s /bin/false tinylog

# tinydns-conf tinydns tinylog /var/dnscache/tinydns 127.0.0.1

Now it's time to add nodes into dns database:

# cd /var/dnscache/tinydns/root

# ./add-ns internal 192.168.20.1

# ./add-ns 20.168.192.in-addr.arpa 192.168.20.1

# ./add-mx internal 192.168.20.2

# ./add-host ns.internal 192.168.20.1

# ./add-host mail.internal 192.168.20.2

# ./add-alias unagi.internal 192.168.20.2

# make

These nodes with go to the database file /var/dnscache/tinydns/root/data that you are able to edit manually.

The last step is the dns service startup:

# ln -sf /var/dnscache/tinydns /service


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by bobgus (not registered) on Mon, 2011-11-28 06:05.

The shell 'csh' is pretty old. It may be the case that your system has a later shell, such as 'sh'.

 If 'which csh' shows that you do not have 'csh', then modify the file:

    /root/pkg/admin/daemontools/package/boot.rclocal

replace 'csh' with 'sh'

Submitted by Bob Gustafson (not registered) on Thu, 2011-05-26 00:52.

See correction:

# cd ucspi-tcp-0.88

# vi conf-cc

Submitted by Bob Gustafson (not registered) on Thu, 2011-05-26 00:50.

See Correction:

# cd djbdns-1.05

# vi conf-cc

Submitted by Anonymous (not registered) on Mon, 2012-02-13 14:03.

i got this warning.

 svc -u /service/dnscache
svc: warning: unable to control /service/dnscache: supervise not running

Submitted by Arif Mazlan (not registered) on Mon, 2012-06-18 18:57.
If u are on Centos 6..there are new "init" script replacement called upstart. you have to create config file in /etc/init/daemontools.conf

 # daemontools

start on runlevel [2345]

stop on runlevel [016]

 respawn

exec /command/svscanboot

to start the daemontools run below command

initctl start daemontools 

 link http://qmail.jms1.net/daemontools/upstart.shtm

Submitted by Chris @ Sift (not registered) on Thu, 2012-04-19 22:31.
make sure you have added the line to end of /etc/inittab

SV:123456:respawn:/command/svscanboot

save and run the command

init q 

this brings up supervise - also if you want to stop supervise anytime just edit /etc/inittab has out and run

init q again to turn off supervise.