SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
dnscache
Set up dnscache
dnscache is a recursive nameserver. If it receives a query that it doesn't know the answer for, it will consult other nameservers on the Internet. It caches that answer so the next time it's queried, it doesn't have to go looking again.
While no security holes have been found yet in djbdns, we'll create two non-root users that are limited to running the dnscache programs:
useradd -M -d /nohome -s /bin/false dnsrun
useradd -M -d /nohome -s /bin/false dnslog
Create the directory to hold the cache service:
mkdir -m 755 /var/service
Answer queries from this machine only
If this dnscache is only going to be used by this machine, it can be configured to accept queries from the localhost IP.
dnscache-conf dnsrun dnslog /var/service/dnscache 127.0.0.1
Answer queries from other computers on the network
However, we could allow other computers on our local network to use this cache too. In that case, use the IP address of the server:
dnscache-conf dnsrun dnslog /var/service/dnscache 192.168.0.106
cd /var/service/dnscache/root/ip
As root, create entries in /etc/dnscache/root/ip
showing which client IP addresses are authorized to use this cache. For example,
touch 192.168.0
Start the dnscache service
To start the dnscache service, make the symbolic link for daemontools:
ln -s /var/service/dnscache /service/
Wait a few seconds, then confirm that the service is running properly:
svstat /service/dnscache
If it's running properly, then edit /etc/resolv.conf
to use the dns service you've just made
nameserver <dnscache IP address>
Consult a Different DNS Server for a domain
dnscache consults external servers for DNS info. If you want it to consult a specific server for information, say if you run an separate DNS server for your internal addresses. For example, we have configured an authoritative tinydns server for productionmonkeys.net, running on 127.0.0.1
of this machine:
cd /service/dnscache
echo 127.0.0.1 > root/servers/productionmonkeys.net
chmod 644 root/servers/productionmonkeys.net
svc -t .
- Log in to post comments