the djb way


tinydns, a DNS publisher

If you are responsible for serving DNS information for your domain, tinydns is the server to use for publishing this information.

By "responsible for", we mean you have a DNS "delegation of authority" for the domain. Typically this means you or your organization have paid to register your domain name with some registry or your ISP. You have then instructed your registrar that you will be publishing DNS information from your own servers. They should then put delegation of authority records into their servers, pointing to your DNS server(s) running tinydns.

On-line domain registry services usually have web-based interfaces for purchasing domains and making the necessary DNS delegation entries yourself.

Setting up a tinydns service for your domain is then almost as easy as setting up a dnscache service. As usual, you will first need to have a non-root user account to run the service. Add an account named "tinydns" to your system, group "nofiles", disabled password and login shell.

Then decide what publicly accessible IP address your tinydns server will "listen" to for queries. Substitute the address of your server's external interface for the "" we use in the example below.

All right, then? Simply run tinydns-conf:

# tinydns-conf tinydns multilog /var/svc.d/tinydns

This automatically installs a daemontools service definition in the directory /var/svc.d/tinydns. Take a look at the run script there to see how it works.

It also installs a logging service in the log subdirectory, the "run" script in the usual /var/svc.d/tinydns/log/run:

exec setuidgid multilog multilog t ./main

If you prefer the consistency of /var/multilog for your log files, modify the script to read:

exec setuidgid multilog multilog t /var/multilog/tinydns

Then setup the log directory:

# mkdir -p /var/multilog/tinydns
# chown multilog /var/multilog/tinydns

Now you can activate the service:

# ln -s /var/svc.d/tinydns /service/tinydns

At this point, the service is running, but tinydns knows nothing. You now need to tell tinydns about the data it should publish.

DNS data for your domain will be entered as plain text into the file named data, in the root subdirectory of the service. The plain text is then compiled into a cdb database, saved to the file named data.cdb.

There are a couple ways you can make entries into the data file:

To get started, it is usually convenient to use the add-* utilities for the first few records. Once this is done, a text editor is easier, using cut-and-paste to quickly make new records in the proper format.

So first, add an NS record, telling the world this server is a nameserver for your domain:

# cd /service/tinydns/root
# ./add-ns

Then add the hostname records for your domain:

# ./add-host
# ./add-host
# ./add-host

If you have a mailserver for your domain, add an MX record:

# ./add-mx

Maybe you have aliases for some of your hosts:

# ./add-alias

Whenever your modifications to the data file are complete, run make:

# make

This compiles the plain-text data file into data.cdb. The changes made to the data will be available to tinydns immediately, no need to restart the service.

Is the server working? Check the entries with the tinydns testing utility, dnsq:

$ dnsq ns
64 bytes, 1+1+0+1 records, response, authoritative, noerror
query: 2
answer: 259200 NS
additional: 259200 A
$ dnsq a
86 bytes, 1+1+1+1 records, response, authoritative, noerror
query: 1
answer: 86400 A
authority: 259200 NS
additional: 259200 A
$ dnsq mx
101 bytes, 1+1+1+2 records, response, authoritative, noerror
query: 15
answer: 86400 MX 0
authority: 259200 NS
additional: 86400 A
additional: 259200 A

Looks great, tinydns is now serving!

See the next section for more information on editing the data file manually.

Copyright © 2002, 2003, 2004, Wayne Marshall.
All rights reserved.

Last edit 2004.10.04, wcm.