Setting up djbdns on Centos 5.x
djbdns uses the dnscache program as a caching server. This typically listens to a port on the IP address of the computer hosting it, and is what that Client's /etc/resolv.conf points at.
Djbdns uses the tinydns program as an authority server that translates between names and IP addresses on the subnet. This typically listens to a port on 127.0.0.1 and typically, but not always, is queried only by the caching DNS (that's dnscache) on the same machine.
You can get dnscache to query tinydns by putting tinydns' IP address (127.0.0.1) as the contents of a file with a filename like domain_name.tld inside the dnscache/root/servers directory. When dnscache asks about a URL ending with domain_name.tld, it queries the IP address of domain_name.tld to find the IP address of the URL. There's a similar provision for reverse lookup on the subnet of the domain (in this case 192.168.100), where 127.0.0.1 is placed in a file called 100.168.192.in-addr.arpa.
In other words, the caching server (dnscache) and the authoritative server (tinydns) are completely distinct. They work quite well without each other, and they can be troubleshot independently of each other! That's a huge advantage when debugging.
'Introduction' copied from http://www.troubleshooters.com/linux/djbdns/index.htm
Contents[hide] |
Configuration
Credits : http://www.howtoforge.com/clean-djbdns-dns-server-on-centos-dnscache-and-tinydns-a-to-z
Installing daemon tools
[root@a ~]# hostname -f a.ns.shadow.com [root@a ~]# yum install gcc [root@a ~]# mkdir pkg [root@a ~]# cd pkg/ [root@a ~]# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz [root@a ~]# tar xzf daemontools-0.76.tar.gz [root@a ~]# cd admin/daemontools-0.76/ [root@a daemontools-0.76]# nano src/conf-cc -w
Append the following line at the end of the gcc line:
-include /usr/include/errno.h
[root@a daemontools-0.76]# ./package/install
Installing ucspi
[root@a daemontools-0.76]# cd - /root/pkg [root@a pkg]# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz [root@a pkg]# tar xzf ucspi-tcp-0.88.tar.gz [root@a pkg]# cd ucspi-tcp-0.88 [root@a ucspi-tcp-0.88]# nano -w conf-cc
Append the following line at the end of the gcc line:
-include /usr/include/errno.h
[root@a ucspi-tcp-0.88]# make [root@a ucspi-tcp-0.88]# make setup check ./install ./instcheck
Installing djbdns
[root@a ucspi-tcp-0.88]# cd - /root/pkg [root@a pkg]# wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz [root@a pkg]# tar xzf djbdns-1.05.tar.gz [root@a pkg]# cd djbdns-1.05 [root@a djbdns-1.05]# nano -w conf-cc
Append the following line at the end of the gcc line:
-include /usr/include/errno.h
[root@a djbdns-1.05]# make [root@a djbdns-1.05]# make setup check ./install ./instcheck
Create system users to run dnscache
[root@a djbdns-1.05]# useradd -d /var/dnscache -s /bin/false dnscache [root@a djbdns-1.05]# useradd -d /var/dnscache -s /bin/false dnslog useradd: warning: the home directory already exists. Not copying any file from skel directory into it.
Configure the cache:
[root@a djbdns-1.05]# dnscache-conf dnscache dnslog /var/dnscache/dnscache 192.168.122.240
Allow the rest of your network to query dnscache
[root@a djbdns-1.05]# touch /var/dnscache/dnscache/root/ip/192.168.122
Add dnscache to the list of services to be monitored by svscan:
[root@a djbdns-1.05]# ln -sf /var/dnscache/dnscache /service/
Create system users to run tinyDNS
[root@a djbdns-1.05]# useradd -d /var/dnscache -s /bin/false tinydns useradd: warning: the home directory already exists. Not copying any file from skel directory into it. [root@a djbdns-1.05]# useradd -d /var/dnscache -s /bin/false tinylog useradd: warning: the home directory already exists. Not copying any file from skel directory into it.
Setting up zone records
[root@a djbdns-1.05]# tinydns-conf tinydns tinylog /var/dnscache/tinydns 127.0.0.1 [root@a djbdns-1.05]# cd /var/dnscache/tinydns/root [root@a root]# [root@a root]# ./add-ns shadow.com 192.168.122.240 [root@a root]# ./add-ns 122.168.192.in-addr.arpa 192.168.122.240 [root@a root]# ./add-host ns.shadow.com 192.168.122.240 [root@a root]# ./add-host web.shadow.com 192.168.122.77 [root@a root]# ./add-host nas.shadow.com 192.168.122.122 [root@a root]# [root@a root]# cat data .shadow.com:192.168.122.240:a:259200 .122.168.192.in-addr.arpa:192.168.122.240:a:259200 =ns.shadow.com:192.168.122.240:86400 =web.shadow.com:192.168.122.77:86400 =nas.shadow.com:192.168.122.122:86400 [root@a root]# [root@a root]# ls data* data
Apply changes to zone data in .cdb format
[root@a root]# make /usr/local/bin/tinydns-data [root@a root]# ls data* data data.cdb [root@a root]#
Enable service
Enable and disable are done by symlink
[root@a root]# ln -sf /var/dnscache/tinydns /service
[root@a root]# netstat -ntulp | grep 53 tcp 0 0 192.168.122.240:53 0.0.0.0:* LISTEN 4859/dnscache udp 0 0 127.0.0.1:53 0.0.0.0:* 5258/tinydns udp 0 0 192.168.122.240:53 0.0.0.0:* 4859/dnscache [root@a root]#
Query TinyDNS server directly using dnsq utility provided by djbdbns
[root@a root]# dnsq a web.shadow.com 127.0.0.1 1 web.shadow.com: 83 bytes, 1+1+1+1 records, response, authoritative, noerror query: 1 web.shadow.com answer: web.shadow.com 86400 A 192.168.122.77 authority: shadow.com 259200 NS a.ns.shadow.com additional: a.ns.shadow.com 259200 A 192.168.122.240
[root@a root]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.122.240 a.ns.shadow.com [root@a root]# echo "nameserver a.ns.shadow.com" > /etc/resolv.conf
Set our TinyDNS server as authoritative server for shadow.com domain.Otherwise dnscache will query root nameservers for authoritative servername
[root@a root]# echo "127.0.0.1" > /var/dnscache/dnscache/root/servers/shadow.com [root@a root]# echo "127.0.0.1" > /var/dnscache/dnscache/root/servers/122.168.192.in-addr.arpa
To apply changes
[root@a root]# svc -t /service/dnscache/
Get service status
[root@a root]# svstat /service/tinydns/ /service/tinydns/: up (pid 5258) 577 seconds [root@a root]# svstat /service/dnscache/ /service/dnscache/: up (pid 6329) 49 seconds [root@a root]#
Starting and stopping services
[root@a root]# svc -d /service/dnscache/ [root@a root]# svstat /service/dnscache/ /service/dnscache/: down 3 seconds, normally up [root@a root]# svc -u /service/dnscache/ [root@a root]# svstat /service/dnscache/ /service/dnscache/: up (pid 6553) 2 seconds
The file /var/dnscache/dnscache/root/servers/@ contains IP address of root name servers in Internet
[root@a root]# cat /var/dnscache/dnscache/root/servers/@ 198.41.0.4 128.9.0.107 192.33.4.12 128.8.10.90 192.203.230.10 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 198.41.0.10 193.0.14.129 198.32.64.12 202.12.27.33
[root@a root]# netstat -ntulp | grep 53 tcp 0 0 192.168.122.240:53 0.0.0.0:* LISTEN 7093/dnscache udp 0 0 192.168.122.240:53 0.0.0.0:* 7093/dnscache udp 0 0 127.0.0.1:53 0.0.0.0:* 5258/tinydns
Try querying tinyDNS directly
[root@a root]# dig +short @127.0.0.1 nas.shadow.com 192.168.122.122
[root@a root]# svc -d /service/dnscache/ [root@a root]# svc -u /service/dnscache/
Try querying authoritative records through dnscache
[root@a root]# dig +short @192.168.122.240 nas.shadow.com 192.168.122.122
Perform recursive queries
[root@a root]# dig +short @192.168.122.240 yale.edu 130.132.35.53 [root@a root]# dig +short @192.168.122.240 fb.com 66.220.158.11 69.171.242.11 69.171.229.11 69.171.224.11 66.220.149.11
Adding second nameserver
Add new record for testing
[root@a ~]# cd /var/dnscache/tinydns/root/ [root@a root]# ./add-host basil.shadow.com 192.168.122.99
Reload configuration
[root@a root]# svc -t /service/dnscache
[root@a root]# dig +short @192.168.122.240 basil.shadow.com 192.168.122.99
Copy data.cdb to second machine
[root@a root]# scp /var/dnscache/tinydns/root/data.cdb root@192.168.122.120:/var/dnscache/tinydns/root/ root@192.168.122.120's password: data.cdb 100% 3425 3.3KB/s 00:00
on second machine
[root@b ~]# svc -t /service/* [root@b ~]# dig +short @127.0.0.1 basil.shadow.com 192.168.122.99
Automating zone transfers
on a.ns.shadow.com (master)
[root@a root]# nano /service/tinydns/root/Makefile [root@a root]# cat /service/tinydns/root/Makefile data.cdb: data /usr/local/bin/tinydns-data && /usr/bin/rsync -az -e ssh data.cdb 192.168.122.120:/service/tinydns/root/data.cdb && ssh root@192.168.122.120 "svc -t /service/*" [root@a root]# make /usr/local/bin/tinydns-data && /usr/bin/rsync -az -e ssh data.cdb 192.168.122.120:/service/tinydns/root/data.cdb && ssh root@192.168.122.120 "svc -t /service/*" root@192.168.122.120's password: root@192.168.122.120's password:
Try Querying secondary server
[root@b ~]# dig +short @b.ns.shadow.com wins.shadow.com 192.168.122.88
References
202