the djb way

djbdns


dnscache, a caching resolver

dnscache is the resolver component of the djbdns package. At the request of client programs, such as your web browser or mail transport agent, dnscache will perform recursive DNS lookups among authoritative nameservers on the Internet. Then dnscache stores responses in core, answering subsequent queries quickly and without redundant network traffic.

Every computer should run dnscache.

If you are reading this, then no doubt all your computers will (soon!) be set up to run dnscache, no matter whether they are network servers, desktop workstations, or mobile laptops.

Evidently, though, there are some computers out there with operating systems that are just too lame to run their own caching resolver. These systems are usually configured to use a resolver running on some other host. That "other" host can be your server, configured with a dnscache for sharing.

So the only decision you have to make about running dnscache is whether you will be sharing your cache with others or not.

Running dnscache for a single computer is known as a "local" cache. Sharing dnscache with other computers is known as an "external" cache.

All this boils down to is the address you want to configure dnscache to "listen" on. If running a local cache, you will usually use the loopback interface and IP address 127.0.0.1. If running an external cache, such as will be shared with a number of other hosts on a local network, you will use an IP address accessible to those other hosts, for example 192.168.0.53.

We will run through an example of each. Read through both, then pick the one that suits your application.

Of course, we will follow the usual daemontools practice of using an unpriveleged user account to run the dnscache service. The examples that follow expect a user named "dnscache" will have been set up on your system, member of group "nofiles", with disabled password and login shell. As usual, the account "multilog" will be used to run the logger.

local DNS cache

This is too easy. As root, run the dnscache-conf command as follows:

# dnscache-conf dnscache multilog /var/svc.d/dnscache 127.0.0.1

This automatically installs a daemontools service definition in the directory /var/svc.d/dnscache. Look at the run script in /var/svc.d/dnscache/run if you want to see what's going on there.

It also installs a logging service in /var/svc.d/dnscache/log/run:


#!/bin/sh
exec setuidgid multilog multilog t ./main

If you like /var/multilog as a common location for your log files, modify this script to read:


#!/bin/sh
exec setuidgid multilog multilog t /var/multilog/dnscache

Then setup the log directory:

# mkdir -p /var/multilog/dnscache
# chown multilog /var/multilog/dnscache

Activate the service, by linking it into /service:

# ln -s /var/svc.d/dnscache /service/dnscache

Configure your /etc/resolv.conf file to look something like this:


domain example.org
lookup file bind
nameserver 127.0.0.1

That's it! Try some lookups, such as with your browser, or use some of the nifty command-line tools that come with djbdns:

$ dnsip www.thedjbway.org
216.104.202.70

The first few lookups will take a few moments, as the cache populates. Very soon results will seem to come up faster. Watch the log to see dnscache in action:

$ tail -F /var/multilog/dnscache/current | tai64nlocal

This is so cool! Put a local cache on your laptop. As you travel the globe from place to place, you never need to bother with different nameserver settings in /etc/resolv.conf. You always have your own!

external DNS cache

Setting up dnscache as an external cache is almost identical to the local cache procedure above. For example, imagine we want to provide a resolver to serve hosts on the 192.168.0.0/24 network. To demontrate, our dnscache server will be shown here with an IP address of 192.168.0.53.

Run dnscache-conf on the server:

# dnscache-conf dnscache multilog /var/svc.d/dnscache 192.168.0.53

As before, this automatically installs a daemontools service definition in /var/svc.d/dnscache.

Also as above, you can modify the "run" script for the logger to set up logging to /var/multilog/dnscache.

Now here's the twist. Tell dnscache to serve to queries from the local network:

# cd /var/svc.d/dnscache
# touch root/ip/192.168.0

Once again we see a classic djb idiom, the use of filesystem-as-database. In this case, the filename itself is the data. Use touch(1) to create any number of empty files, named to represent all the IP addresses you want dnscache to respond to. As shown here, dnscache will now respond to all hosts with an IP address beginning with "192.168.0". Queries from other IP addresses will be ignored.

All set then? Link into /service:

# ln -s /var/svc.d/dnscache /service/dnscache

Configure clients to use 192.168.0.53 for their DNS server. A dhcpd service is nice for this.

The server itself can use this dnscache, too, of course. Just put nameserver 192.168.0.53 into the server's own /etc/resolv.conf file.

"Hello, my name is Johnny Cache."


Copyright © 2002, 2003, 2004, Wayne Marshall.
All rights reserved.

Last edit 2004.10.04, wcm.