dnscache

As part of delivering email and filtering spam, this mail server is going to be doing a lot of DNS lookups. In order to improve the performance of those lookups, we're going to install a DNS cache on this machine.

Set up dnscache
dnscache is a recursive nameserver. If it receives a query that it doesn't know the answer for, it will consult other nameservers on the Internet. It caches that answer so the next time it's queried, it doesn't have to go looking again.

While no security holes have been found yet in djbdns, we'll create two non-root users that are limited to running the dnscache programs:

useradd -M -d /nohome -s /bin/false dnsrun
useradd -M -d /nohome -s /bin/false dnslog

Create the directory to hold the cache service:

mkdir -m 755 /var/service

Answer queries from this machine only
If this dnscache is only going to be used by this machine, it can be configured to accept queries from the localhost IP.

dnscache-conf dnsrun dnslog /var/service/dnscache 127.0.0.1

Answer queries from other computers on the network
However, we could allow other computers on our local network to use this cache too. In that case, use the IP address of the server:

dnscache-conf dnsrun dnslog /var/service/dnscache 192.168.0.106
cd /var/service/dnscache/root/ip

As root, create entries in /etc/dnscache/root/ip showing which client IP addresses are authorized to use this cache. For example,

touch 192.168.0

Start the dnscache service
To start the dnscache service, make the symbolic link for daemontools:

ln -s /var/service/dnscache /service/

Wait a few seconds, then confirm that the service is running properly:

svstat /service/dnscache

If it's running properly, then edit /etc/resolv.conf to use the dns service you've just made

nameserver <dnscache IP address>

Consult a Different DNS Server for a domain
dnscache consults external servers for DNS info. If you want it to consult a specific server for information, say if you run an separate DNS server for your internal addresses. For example, we have configured an authoritative tinydns server for productionmonkeys.net, running on 127.0.0.1 of this machine:

cd /service/dnscache
echo 127.0.0.1 > root/servers/productionmonkeys.net
chmod 644 root/servers/productionmonkeys.net
svc -t .

Recent Updates

Apache

1 year 12 months ago
Apache

1 year 12 months ago
lighttpd

1 year 12 months ago

php 8.x
MariaDB

1 year 12 months ago

10.6.7
CentOS

2 years 22 hours ago

Drop Centos 5/6 stuff

Recent Links

SquidGuard

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
NCurses Disk Usage

A disk usage analyzer with an ncurses interface, aimed to be run on a remote server where you don't have an entire gaphical setup, but have to do with a simple SSH connection. ncdu aims to be fast, simple and easy to use, and should be able to run in any minimal POSIX-like environment with ncurses installed.
WPKG

WPKG is an automated software deployment, upgrade and removal program for Windows.

It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server (for example, Samba or Active Directory) to a number of workstations.

It can run as a service to install software in the background (silent install), without user interaction.

It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation.

WPKG is open source software.
opsi

opsi (Open PC Server Integration) the Open Source client management system
Vagrant

Vagrant is a tool for building complete development environments. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases development/production parity, and makes the "works on my machine" excuse a relic of the past.

Main menu

You are here

dnscache

Recent Updates

Recent Links