####################################################################
@@@@
Implementing a caching-only DNS on Debian @@@@@
####################################################################
Step 1:
#
apt-get install bind9 dnsutils
Step 2:
The config for bind in Debian is a subdirectory
structure in /etc/bind.
#
cd /etc/bind
Step 3:
For a simple caching-only
server, we have to leave /etc/bind/named.conf untouched . We just modify
/etc/bind/named.conf.options file to
give the forwarders IP address:
#
vim named.conf.options
-----------------------------------------------------------------------------------------------------
options {
directory "/var/cache/bind";
// If there is a firewall
between you and nameservers you want
//
to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
//
If your ISP provided one or more IP addresses for stable
//
nameservers, you probably want to use them as forwarders.
//
Uncomment the following block, and insert the addresses replacing
//
the all-0's placeholder.
forwarders {
// OpenDNS servers
208.67.222.222; {Your ISP's DNS Address}
208.67.220.220; {Your ISP's DNS Address}
// ADSL router
192.168.1.1; {If gateway router is available}
};
//
Security options
listen-on port 53 { 127.0.0.1; 192.168.1.100; };
allow-query { 127.0.0.1; 192.168.1.0/24; };
allow-recursion { 127.0.0.1; 192.168.1.0/24; };
allow-transfer { none; };
auth-nxdomain no; # conform to RFC1035
//
listen-on-v6 { any; };
};
------------------------------------------------------------------------------------------------------
Step 4:
Restart bind to load the new configuration:
#
/etc/init.d/bind9 restart
or
#
service bind9 restart
Step 5:
Update /etc/resolv.conf, so DNS queries will be
performed locally:
nameserver 127.0.0.1
Step 6: Test our caching
only dns server
#
dig www.yahoo.com
main portion of the output.................
;; Query time: 433 msec [First time dig]
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 24 05:18:21 2010
;; MSG SIZE
rcvd: 265
//////////////////////////////////////////
;; Query time: 2 msec [Second time dig]
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 24 05:18:21 2010
;; MSG SIZE
rcvd: 265
Important: we have to be more careful about
the server ip address that means from
which dns the query is responded. (SERVER: 127.0.0.1#53(127.0.0.1))
Check for possible syntax errors:
root@server:~# named-checkconf
How Do I See Current Cache?
Type the following
command to dump cache(s) to the dump file called /var/cache/bind/named_dump.db:
# rndc dumpdb
# less /var/cache/bind/named_dump.db
# grep 'yahoo.com' /var/cache/named/named_dump.db
How Do I Debug BIND 9 Caching Server
Problems?
The first place is to look error or warnings in
/var/log/syslog file using the grep, cat, more, less or awk commands:
# tail -f /var/log/syslog
Is Port 53 Open?
Next make sure BIND 9 caching server is running
on default port 53, run:
# netstat -tulpn | grep :53
No comments:
Post a Comment