Title: djbdns_gentoo_setup_notes.txt Subject: Setup djbdns on gentoo Author: John Stile Reference:http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_DJBDNS BIG PICTURE: - ucspi runs any services litted in /services/ directory. - djbdns daemons that will be in /services/ tinydns - authoritative nameserver listens on udp 53 axfrdns - secondary nameserver listens on tcp 53 dnscache - resolving nameserver listens on udp/tcp 53 - only one daemon can listen on a a given ip-protocol-port combination at a time. You can add another ip to an interface to run both. i.e. eth0 192.168.0.1 tinydns(udp53) and axferdns (tcp53) eth0:1 192.168.0.2 dnscache(udp/tcp53) Need axfrdns if a single answers becomes greater than 512 bytes ( but it's not normal) If the axfrdns is not authoritative, it will not have an answer. --------------- INSTALL --------------- # run the package emerge djbdns /etc/init.d/svscan start rc-update add svscan default # NOTE: svscan is daemontools, which must be running to run the following setup items. # NOTE: Accounts named "tinydns," "dnscache," and "dnslog" should have been created. # Check to see users have been created egrep 'tiny|dnscache|dnslog' /etc/shadow # dnscache:!:12938:0:99999:7::: # dnslog:!:12938:0:99999:7::: # tinydns:!:12938:0:99999:7::: # Test base dnsip www.oreillynet.com # 208.201.239.37 208.201.239.36 ------------------------------------- DNSCache Setup - Recursive Nameserver ------------------------------------- # NOTE: Clients will use the dnscache server as their dns server. # i.e. /etc/resolf.conf # nameserver # NOTE: You'll probably want to have your ISP's DNS server IP's handy to set up forwarding. dnscache-setup # NOTE: dnscache-config syntax: dnscache-conf dnscache dnslog /etc/dnscache SERVER_IP # NOTE: /etc/resolv.conf saved to /etc/resolv.conf.orig # press enter # * Install location # Where do you want dnscache installed? /var # NOTE: Creates /var/dnscache # * Internal or external cache? # IP to bind cache to [127.0.0.1]> 192.168.0.106 # >>> Adding group nofiles ... # >>> Adding user dnscache ... # >>> Adding user dnslog ... # * Configure a forward for dnscache? # enter forward-to IP> 67.100.62.250 # enter forward-to IP [hit Enter to stop]> 64.105.172.26 # enter forward-to IP [hit Enter to stop]> 64.105.163.106 # enter forward-to IP [hit Enter to stop]> # * Configuring clients # NOTE: What IP's will we allow to connect # Enter IP> 192.168.0 # Enter IP (hit Enter to stop)> # * Start service # dnscache is ready for startup. # Do you want dnscache to be started and supervised by daemontools now? # This requires svscan (daemontools) to be running currently and monitoring /service !! # # press enter # # * Installation successfull # To allow clients on the 192.168.0.0/24 to use this dnscache server touch /service/dnscache/root/ip/192.168.60 # To allow locahost to use this dnscache server touch /service/dnscache/root/ip/127.0.0.1 # To allow any host to use this dnscache server # Tell dnscache to use 192.168.0.105 as authoritative for eng.stilen.com and 0.168.192.in-addr.arpa echo -e '192.168.0.105' > /etc/dnscache/root/servers/eng.stilen.com echo -e "192.168.0.105" > /service/dnscache/root/servers/0.168.192.in-addr.arpa # Tell dnscache to use 192.168.0.45 and 192.168.0.42 as authoritative for ms.stilen.com echo -e '192.168.0.45\n192.168.0.42' > /service/dnscache/root/servers/ms.stilen.com # Tell dnscache to use 67.100.62.250 as authoritative for stilen.com echo -e '67.100.62.250' > /service/dnscache/root/servers/stilen.com # Tell dnscache to use 67.100.62.250 as authoritative for stilen.com echo -e '67.100.62.250' > /service/dnscache/root/servers/stilen.com # Tell dnscache to use 67.100.62.250 as authoritative for 62.100.67.in-addr.arpa echo -e '67.100.62.250' > /service/dnscache/root/servers/62.100.67.in-addr.arpa # Start dnscache service ln -s /var/dnscache /service/ svc -t /service/dnscache # Check log file tail -f /service/dnscache/log/main/current # Check ports netstat -nap |grep ':53' tcp 0 0 192.168.0.106:53 0.0.0.0:* LISTEN 11112/dnscache udp 0 0 192.168.0.106:53 0.0.0.0:* 11112/dnscache # Check service status svstat /service/* /service/dnscache: up (pid 11112) 202 seconds # Test query agains dnscache server env DNSCACHEIP=192.168.0.106 dnsqr a www.yahoo.com 1 www.yahoo.com: 193 bytes, 1+9+0+0 records, response, noerror query: 1 www.yahoo.com answer: www.yahoo.com 298 CNAME www.yahoo.akadns.net answer: www.yahoo.akadns.net 60 A 66.94.230.39 answer: www.yahoo.akadns.net 60 A 66.94.230.35 answer: www.yahoo.akadns.net 60 A 66.94.230.37 answer: www.yahoo.akadns.net 60 A 66.94.230.38 answer: www.yahoo.akadns.net 60 A 66.94.230.47 answer: www.yahoo.akadns.net 60 A 66.94.230.44 answer: www.yahoo.akadns.net 60 A 66.94.230.36 answer: www.yahoo.akadns.net 60 A 66.94.230.48 # List of symbols from data file: # leadning . -> a nameserver # = -> both PTR and A reccord # + -> A record # & -> NS and A record # @ -> MX and A record # # -> Comments # Create data.cdb out of data file pushd /service/dnscache/ make popd # Restart the tinydns server svc -t /service/* # Test just a host name on domain env DNSCACHEIP=192.168.0.106 dnsqr a google.com # Other tools dnsqr, dnstrace, dnsip, tinydns-get, dnsipq, dnsmx, dnsname ------------------------------------------------- TinyDNS Server Setup - Authoritative Nameserver ------------------------------------------------- SERVER_IP='192.168.0.105' tinydns-setup tinydns-conf tinydns dnslog /var/tinydns $SERVER_IP # press enter # * Install location # Where do you want tinydns installed? # NOTE: Creates /var/tinydns # # [/var]> /var # # * Checking for tinydns and dnslog user accts ... # NOTE: Specify an address to which tinydns should bind. # IP to bind nameserver to> 192.168.0.105 # # * Setting up tinydns... # * Setting up axfrdns... # * Start service # # Do you want dnscache to be started and supervised by daemontools now?yes # # Press enter # # * Installation successfull # Create authoritative entery for domain and reverse record pushd /service/tinydns/root/ ./add-ns stilen.com 67.100.62.250 ./add-ns ./add-mx stilen.com 67.100.62.250 ./add-host mother.stilen.com 67.100.62.250 ./add-alias www.stilen.com 67.100.62.250 ./add-alias mail.stilen.com 67.100.62.250 popd # You could make a host for every ip in the subnet, to ensure some resolution. pushd /service/tinydns/root i=1 while [ $i -lt 255 ];do # format: host-001.eng.msli.com Forward_Host=`printf "%s%03d%s\n" "host-" "$i" ".eng.msli.com" ` # Create the record ./add-host $Forward_Host 192.168.60.$i let i=$i+1 done popd # Create data.cdb out of data file pushd /service/tinydns/root make popd # Restart the tinydns server svc -t /service/* # Test just a host name on domain eng.msli.com env DNSCACHEIP=192.168.0.106 dnsqr a www.stilen.com 1 www.stilen.com: 50 bytes, 1+1+0+0 records, response, noerror query: 1 www.stilen.com answer: www.stilen.com 86400 A 192.168.0.106 SUCCESS!!! Out dnscache server got record from tinydns. # Other tools dnsqr, dnstrace, dnsip, tinydns-get, dnsipq, dnsmx, dnsname ---------------------- Check Services ---------------------- genx jstile # ls -laF /service/ total 1 drwxr-xr-x 2 root root 176 Jun 5 00:46 ./ drwxr-xr-x 21 root root 712 Jun 4 23:49 ../ -rw-r--r-- 1 root root 0 Jun 4 23:49 .keep lrwxrwxrwx 1 root root 14 Jun 5 00:46 axfrdns -> ../var/axfrdns/ lrwxrwxrwx 1 root root 15 Jun 5 00:38 dnscache -> ../var/dnscache/ lrwxrwxrwx 1 root root 16 Jun 5 00:18 dnscachex -> ../var/dnscachex/ lrwxrwxrwx 1 root root 14 Jun 5 00:46 tinydns -> ../var/tinydns/ svstat /service/* /service/axfrdns: up (pid 6013) 0 seconds /service/dnscache: up (pid 5246) 1210 seconds /service/dnscachex: up (pid 5191) 2405 seconds /service/tinydns: up (pid 5283) 730 seconds lsof -i udp -n COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dnscache 5191 dnscache 3u IPv4 1741396 UDP 192.168.0.105:domain dnscache 5246 dnscache 0u IPv4 1822637 UDP 192.168.0.105:47700->64.105.163.106:domain dnscache 5246 dnscache 3u IPv4 1741546 UDP 127.0.0.1:domain tinydns 5283 tinydns 3u IPv4 1741700 UDP 192.168.0.105:domain lsof -i tcp -n COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dnscache 5191 dnscache 4u IPv4 1741397 TCP 192.168.0.105:domain (LISTEN) dnscache 5246 dnscache 4u IPv4 1741547 TCP 127.0.0.1:domain (LISTEN) ------------------------- Accept the Delegation ------------------------- SERVER_IP='192.168.0.105' cd /service/tinydns/root ./add-ns x.org $SERVER_IP make ------------------------ Check resolution ------------------------ emerge nmap nmap -sS localhost Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-06-05 01:14 UTC Interesting ports on localhost (127.0.0.1): (The 1662 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 53/tcp open domain emerge net-analyzer/netcat nc -zv localhost 53 localhost [127.0.0.1] 53 (domain): open -------------------------- Creating a zone -------------------------- reference: http://www.lifewithdjbdns.org/ see Example Configurations