Running A MySQL-Based DNS Server: MyDNS - Page 3

3 Install dnscache

One very important thing to know about MyDNS is that it does not support external (recursive) DNS lookups, i.e. MyDNS will deliver answers only for domains that it is authoritative for! If you want to resolve other domains like, for example, www.google.com, you will have to install a DNS resolver like dnscache on your system, and it has to be installed on a separate IP address. To find out why the DNS server (MyDNS) and the DNS resolver (dnscache) are separated like that, have a look here: http://cr.yp.to/djbdns/separation.html

Normally, your ISP gives you IP addresses of name servers that you use for your internet connection at home or in your office so that your workstation can resolve names like www.google.com. The name server IP addresses are actually IP addresses of DNS resolvers like dnscache. Now if you want to give your customers your own name server IP addresses, you must set up a DNS resolver and give your customers the IP address of that DNS resolver.

Now, if you only have one IP address on your server, you could say, "Ok, I bind MyDNS to 127.0.0.1 and dnscache to my public IP address to get around this bottleneck.". Please read here to find out why this is a bad idea: http://www.fefe.de/djbdns/#sameip

If you do not want to install a DNS resolver on your system, you can skip this section.

Now lets say you have two public IP addresses, 1.2.3.4 and 1.2.3.5, and you want MyDNS to listen on 1.2.3.4 and dnscache to listen on 1.2.3.5.

Do the following steps to install dnscache:

groupadd dns
useradd -M -g dns -s /sbin/nologin -c DNS-Cache-User dnscache
useradd -M -g dns -s /sbin/nologin -c TinyDNS-User tinydns
useradd -M -g dns -s /sbin/nologin -c DNSlog-User dnslog

Create the dnscache init script:

cd /usr/local/sbin
wget http://www.servershak.com/dns/dnsctl
chmod 700 dnsctl
ln -s /usr/local/sbin/dnsctl /etc/init.d/dnsctl

Create the system startup links:

On Debian:

update-rc.d dnsctl defaults

On Fedora and RedHat:

chkconfig --levels 235 dnsctl on

Then we compile and install dnscache:

cd /usr/local/src
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
tar -zxvf ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
make
make setup check

mkdir -p /var/package
chmod 1755 /var/package
cd /var/package
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
gunzip daemontools-0.76.tar
tar -xpf daemontools-0.76.tar
rm daemontools-0.76.tar
cd /var/package/admin/daemontools-0.76
package/install

cd /usr/local/src
wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
tar -xvzf djbdns-1.05.tar.gz
cd djbdns-1.05
make
make setup check

dnscache-conf dnscache dnslog /etc/dnscache 1.2.3.5
ln -s /etc/dnscache /service
touch /etc/dnscache/root/ip/1.2.3

Now dnscache is listening on 1.2.3.5. Now we have to tell MyDNS that it should listen on 1.2.3.4 only. Therefore we have to change the listen directive in /etc/mydns.conf:

listen = 1.2.3.4

and restart MyDNS:

/etc/init.d/mydns restart

Now if you try to resolve domain names on 1.2.3.5, you should get an answer. E.g., to resolve www.google.com, you can run

dig @1.2.3.5 www.google.com

In the same way you should be able to resolve domains handled by MyDNS (e.g. www.somedomain.com), but this time you dig 1.2.3.4:

dig @1.2.3.4 www.somedomain.com

4 Getting The Zones And Records From The Primary To The Secondary DNS Server

If both the primary and the secondary DNS server use MyDNS, you have three possibilities to get the data from the primary to the secondary DNS server:

  1. The old-fashioned way: you can use zone transfers. Therefore, you must change allow-axfr = no to allow-axfr = yes in /etc/mydns.conf and restart MyDNS on the primary DNS server. In addition to that, you have to specify the secondary DNS server's IP address in the xfer column in the soa table for the zones that should be transferred. Plus, make sure the firewall on the primary DNS does not block port 53 (TCP and UDP).
  2. Both the primary and secondary DNS use the same MySQL database. There is one drawback with this solution: if the MySQL server fails, then both the primary and the secondary DNS will fail at the same time...
  3. The preferred solution: use MySQL database replication to transfer the data from the primary to the secondary DNS. Make sure the firewall on the primary DNS does not block the MySQL port (normally 3306).

I recommend that you use MySQL replication. I have written a very precise guide about how to set this up here: http://www.howtoforge.com/mysql_database_replication so I do not have to cover this topic here again.

Links

Share this page:

9 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-04-15 22:32:07


Article states:

MyDNS simply reads the records from the database, an

t does not have to be restarted/reloaded

when DNS records change or zones are created/edited/deleted! This is a major advantage.

Only old BIND deployments would run this way. BIND has supported dynamic updates for quite some time. Mine never goes down (well practically speaking). All of our changes to the BIND DATABASE are made dynamically.

I emphasize database, because BIND is a database... whether you want to look at that way or not. I'm not against a DNS sitting on top of a database of some other kind, but I certainly don't like tools where the data is replicated out of a sql database and into BIND... just speaking out loud. Again, serving up out of a sql database is fine... just want to point out that BIND has/is a database and you don't have to restart it to make record changes or additions (with a few exceptions.. but not 99% of what would be changed normally).

From: at: 2007-09-12 10:09:07

The occurs from an incompatability with PHP5. Easily resolved with either:


vi +2475 /var/www/admin.php *hit enter


*this will open admin.php at line 2475, now you need to edit each instance of $this to $_this


between line 2475 and 2485 


if you arn't familiar with vi, you may find it easier to use nano (please note that ^ represents the CTRL key on your keyboard, I am using it here as it is what you will see in the editor)


nano /var/www/admin.php *hit enter


^\ *hit enter


Search (to replace): $this *hit enter


Replace with: $_this *hit enter


Replace this instance?: A *hit enter


^x *hit enter 


Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?  Y *hit enter


File Name to Write: /var/www/admin.php *hit enter 


That's it, in the end that section should look like the following:




/**************************************************************************************************
   RR_TYPE_OPTIONS
   Returns a list of resource record types.
**************************************************************************************************/
function _rr_type_option($type, $_this) {
    return "<OPTION" . (!strcasecmp($type, $_this) ? " selected" : "") . ">$_this";
}
function rr_type_options($type)
{
   global $db_valid_types;

   reset($db_valid_types);
   $rv = '';
   foreach ($db_valid_types as $_this)
      $rv .= _rr_type_option($type, $_this);
   return $rv;
}
/*--- rr_type_options() -------------------------------------------------------------------------*/


 

From: Azuretek at: 2008-10-10 16:42:40

Just wanted to clarify, you do have to reload the bind configuration for record changes to take effect. The benefit of running MyDNS is that you can replicate changes and backup your data the same way you would do it for any other database driven application.


Reloading bind is usually accomplished by using "rndc" which is kind of like an API connector that can be used to control bind. Issuing the command "rndc reload" will apply your record updates.

From: Anonymous at: 2008-11-09 22:20:09

I would love to see how this could be used in conjuction with an existing server setup so that it would be a secondary only to what is already being used on that server. 


For example I have a VPS that I rent and I would like to be able to use MyDNS as a secondary resource so that current setup of LXAdmin would not be affected but I could still use this for certain domains or subdomains that I would like to be able to work as my own dynamic dns service on my own server.

From: Anonymous at: 2009-02-01 15:57:30

It goes to show how bad BIND's config file management really is--that--someone would write, from scratch, a DNS server using mysql to manage the records. Amazing.

From: sysAdmin at: 2010-07-20 19:33:04

I've Found a great DNS scanner that can locate any DNS server at your network (multi-subnet) it can also test if the DNS is answering anyones requests or not.
you can get it here: http://www.softpedia.com/get/Internet/Other-Internet-Related/DNS-Locator.shtml

From: at: 2008-01-03 14:21:28

If you have tried to wget from http://www.servershak.com/dns/dnsctl, you have not the right file. Mr Falko have posted the content here: /usr/local/sbin/dnsctl


If you are on linux, and are stumped, as I am, at "errno" error when compiling dnscache items, try read this: installing-dns-cache-with-djbdns

From: jamie at: 2008-12-04 20:27:11

Thanks to debian for hiding 'sarge' in favour of v4.1 Also the packages required to install sarge are no longer available from any of the mirrors. So... either download 13 CD's OR don't bother.


 I know what my favoured option is.


 Frankly I don't see why Bind for windows doesn't support using mysql by default. It's pathetic. Just like apache which also wants constant restarts to recognise new hosts...

From: Anonymous at: 2009-10-20 19:53:01

MyDNS 1.1.0 appears to support recursive lookups through the support of a second DNS server that can do recursive lookups.    This was a good thing to find as I was moving from BIND9 to MyDNS.


The /etc/mydns.conf has a variable [recursive] where I was able to enter the IP address.  This gave me what I needed to allow MyDNS to be a authoritative server while also providing a path for resolution for those who used the server as a name server on remote systems.