Clean djbDNS DNS Server On CentOS - dnscache And tinydns - A To Z

What is djbDNS? And why do we use djbDNS? There is a new point of view to serve the dns service - each of the dns server functionalities is a separate service, like authority, cache, forward and so on. The other difference is the daemon-tools which will rapidly restart services to prevent zombies.

Requirements:

CentOS 5.4 clean installation

Log in as root.

# yum update

# yum install gcc

# mkdir pkg

# cd pkg

The first step is to install the daemon-tools:

# cd ~/pkg

# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz

# gunzip daemontools-0.76.tar

# tar -xpf daemontools-0.76.tar

# rm -f daemontools-0.76.tar

# cd admin/daemontools-0.76

# vi src/conf-cc

Append the following line at the end of the gcc line:

-include /usr/include/errno.h

# ./package/install

One other package we need to prepare for djbdns to be functional is ucspi:

# cd ~/pkg

# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz

# gunzip ucspi-tcp-0.88.tar

# tar -xf ucspi-tcp-0.88.tar

# cd ucspi-tcp-0.88

# vi src/conf-cc

Append the following line at the end of the gcc line:

-include /usr/include/errno.h

# make

# make setup check

The next step is the document publication:

# cd ~/pkg

# wget http://cr.yp.to/djbdns/doc.tar.gz

Next we will unzip docs under /doc:

# gunzip < doc.tar.gz | (cd /; tar -xf -)

Use the following script to merge in system docs:

#!/bin/sh
for i in packages commands cfunctions fileformats
do
  sort -f /dev/null `find /doc/merge -name $i.html` > /doc/$i.new
  mv /doc/$i.new /doc/$i.html
done

Save script into a file: script.sh

# chmod +x script.sh

# ./script.sh

# cd ~/pkg

# wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz

# gunzip djbdns-1.05.tar

# tar -xf djbdns-1.05.tar

# cd djbdns-1.05

# vi src/conf-cc

Append the following line at the end of the gcc line:

-include /usr/include/errno.h

# make

# make setup check

All compiling gets done.

The next step is the dns server configuration.

DNSCACHE

Create two system user accounts:

# useradd -d /var/dnscache -s /bin/false dnscache

# useradd -d /var/dnscache -s /bin/false dnslog

Configure the cache:

# dnscache-conf dnscache dnslog /var/dnscache/dnscache <listen-IP>

Example: dnscache-conf dnscache dnslog /var/dnscache/dnscache 192.168.20.1

Allow the rest of your network to query dnscache:

# touch /var/dnscache/dnscache/root/ip/<Net-ID>

Example: touch /var/dnscache/dnscache/root/ip/192.168

Add dnscache to the list of services to be monitored by svscan:

# ln -sf /var/dnscache/dnscache /service/

If you like ms-windows... you can make a reboot to be sure that all the world is in place.

There is a point here that your are still not able to query from your cache server, because your clients are now able to be resolved in reverse mode.

As mentioned before it's one of the dns-cache security features to reverse-check clients. So in the next step we will work on tinydns to act for us.

DNSTINY

Once again, we need two system user accounts:

# useradd -d /var/dnscache -s /bin/false tinydns

# useradd -d /var/dnscache -s /bin/false tinylog

# tinydns-conf tinydns tinylog /var/dnscache/tinydns 127.0.0.1

Now it's time to add nodes into dns database:

# cd /var/dnscache/tinydns/root

# ./add-ns internal 192.168.20.1

# ./add-ns 20.168.192.in-addr.arpa 192.168.20.1

# ./add-mx internal 192.168.20.2

# ./add-host ns.internal 192.168.20.1

# ./add-host mail.internal 192.168.20.2

# ./add-alias unagi.internal 192.168.20.2

# make

These nodes with go to the database file /var/dnscache/tinydns/root/data that you are able to edit manually.

The last step is the dns service startup:

# ln -sf /var/dnscache/tinydns /service