the djb way


dnscache, a caching resolver

dnscache is the resolver component of the djbdns package. At the request of client programs, such as your web browser or mail transport agent, dnscache will perform recursive DNS lookups among authoritative nameservers on the Internet. Then dnscache stores responses in core, answering subsequent queries quickly and without redundant network traffic.

Every computer should run dnscache.

If you are reading this, then no doubt all your computers will (soon!) be set up to run dnscache, no matter whether they are network servers, desktop workstations, or mobile laptops.

Evidently, though, there are some computers out there with operating systems that are just too lame to run their own caching resolver. These systems are usually configured to use a resolver running on some other host. That "other" host can be your server, configured with a dnscache for sharing.

So the only decision you have to make about running dnscache is whether you will be sharing your cache with others or not.

Running dnscache for a single computer is known as a "local" cache. Sharing dnscache with other computers is known as an "external" cache.

All this boils down to is the address you want to configure dnscache to "listen" on. If running a local cache, you will usually use the loopback interface and IP address If running an external cache, such as will be shared with a number of other hosts on a local network, you will use an IP address accessible to those other hosts, for example

We will run through an example of each. Read through both, then pick the one that suits your application.

Of course, we will follow the usual daemontools practice of using an unpriveleged user account to run the dnscache service. The examples that follow expect a user named "dnscache" will have been set up on your system, member of group "nofiles", with disabled password and login shell. As usual, the account "multilog" will be used to run the logger.

local DNS cache

This is too easy. As root, run the dnscache-conf command as follows:

# dnscache-conf dnscache multilog /var/svc.d/dnscache

This automatically installs a daemontools service definition in the directory /var/svc.d/dnscache. Look at the run script in /var/svc.d/dnscache/run if you want to see what's going on there.

It also installs a logging service in /var/svc.d/dnscache/log/run:

exec setuidgid multilog multilog t ./main

If you like /var/multilog as a common location for your log files, modify this script to read:

exec setuidgid multilog multilog t /var/multilog/dnscache

Then setup the log directory:

# mkdir -p /var/multilog/dnscache
# chown multilog /var/multilog/dnscache

Activate the service, by linking it into /service:

# ln -s /var/svc.d/dnscache /service/dnscache

Configure your /etc/resolv.conf file to look something like this:

lookup file bind

That's it! Try some lookups, such as with your browser, or use some of the nifty command-line tools that come with djbdns:

$ dnsip

The first few lookups will take a few moments, as the cache populates. Very soon results will seem to come up faster. Watch the log to see dnscache in action:

$ tail -F /var/multilog/dnscache/current | tai64nlocal

This is so cool! Put a local cache on your laptop. As you travel the globe from place to place, you never need to bother with different nameserver settings in /etc/resolv.conf. You always have your own!

external DNS cache

Setting up dnscache as an external cache is almost identical to the local cache procedure above. For example, imagine we want to provide a resolver to serve hosts on the network. To demontrate, our dnscache server will be shown here with an IP address of

Run dnscache-conf on the server:

# dnscache-conf dnscache multilog /var/svc.d/dnscache

As before, this automatically installs a daemontools service definition in /var/svc.d/dnscache.

Also as above, you can modify the "run" script for the logger to set up logging to /var/multilog/dnscache.

Now here's the twist. Tell dnscache to serve to queries from the local network:

# cd /var/svc.d/dnscache
# touch root/ip/192.168.0

Once again we see a classic djb idiom, the use of filesystem-as-database. In this case, the filename itself is the data. Use touch(1) to create any number of empty files, named to represent all the IP addresses you want dnscache to respond to. As shown here, dnscache will now respond to all hosts with an IP address beginning with "192.168.0". Queries from other IP addresses will be ignored.

All set then? Link into /service:

# ln -s /var/svc.d/dnscache /service/dnscache

Configure clients to use for their DNS server. A dhcpd service is nice for this.

The server itself can use this dnscache, too, of course. Just put nameserver into the server's own /etc/resolv.conf file.

"Hello, my name is Johnny Cache."

Copyright © 2002, 2003, 2004, Wayne Marshall.
All rights reserved.

Last edit 2004.10.04, wcm.