Dustin Boswell - Brain Dumps about Computers, Programming, and Everything Else
dustwell.com About Me Past Academic Work Photo Album Links I Use
Articles by Me Subscribe: RSS
Oil ETFs leak money Yes/No proposition bets div, span, and CSS "display:" Pair programming + screen Dear VirginAmerica.com SSH keys in 2 easy steps "An hour" vs. "A hour" How to hash passwords Snapshotting with Rsync MacBook Pro Sharp Edge Fixing Your Flaky Internet How X-over-SSH works Drinking Distilled Water Politician != Decider Understanding iTunes files My Audi A4 Gas Mileage djb-dns installation Vim Cheat Sheet
Installing djb-dns on a Linux machine. February 23, 2011

Down below is a script you can use to install djb-dns on a Linux system (like Ubuntu).

Specifically, it will install dnscache (a local caching nameserver) which resolves any domain name into an IP address. This is much like Google's public 8.8.8.8 DNS server.

Background on DNS lookups

To be clear: dnscache is not an "authoritative" dns server A dns cache is a simply a middle-man that executes global dns lookups on behalf of an incoming query, and caches the result for subsequent queries. See this clarification.

When a program does a dns lookup (turning a domain name into an IP, or vice versa) it uses a dns client library (e.g. calling the UNIX function gethostbyname()) to connect to a ("recursive") domain name server. That server (typically hosted by your ISP) does all the dirty work of first talking to the root-name-servers and going down the tree of DNS lookups until the full domain name is completely resolved.

The file /etc/resolv.conf contains the IP address(es) of the domain name server(s) your system is using. It is a small file that typically looks something like: 

nameserver a.b.c.d
nameserver e.f.g.h

Why do I need to run my own dns cache?

The dns cache servers that your ISP is hosting typically aren't very good. Those servers are overloaded, not well maintained, etc... If you are doing a high volume of dns-lookups they won't keep up. For instsance, you are running a web crawler, or doing reverse-lookups on all the IP addresses that visit your site. Your ISP's servers will introduce latency and flakiness. I've personally dealt with 3 ISPs whose servers started returning errors because my volume was too high.

I've even run my own dns cache on my home Linux desktop because my home ISP's was so bad. (Nowadays I just use 8.8.8.8 for my home networks.)

What's so special about djb-dns?

It's rock-solid. It's written by this crazy-smart guy who knows his shit, and even has an unclaimed $1000 prize to find a security bug.

I've used it multiple times and haven't had any problems. The only downside is it's a pain-in-the-ass to install. Thankfully, I've gone through the headache for you.

The Install Script

# Must be run as root
# Also see http://hydra.geht.net/tino/howto/linux/djbdns/

#Create a /package directory:
mkdir -p /package
chmod 1755 /package

cd /package
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
gunzip daemontools-0.76.tar.gz
tar -xpf daemontools-0.76.tar
rm daemontools-0.76.tar
cd admin/daemontools-0.76
# Apply dumb patch to make things compile
cd src; echo gcc -O2 -include /usr/include/errno.h > conf-cc; cd ..
./package/install

cd /package
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
rm -rf ucspi-tcp-0.88
tar xfz ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88
# Apply dumb patch to make things compile
echo gcc -O2 -include /usr/include/errno.h > conf-cc
make
make setup check

cd /package
wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
gunzip djbdns-1.05.tar.gz
tar -xf djbdns-1.05.tar
cd djbdns-1.05
# Apply dumb patch to make things compile
echo gcc -O2 -include /usr/include/errno.h > conf-cc
# Allow more simultaneous dns requests
sed -i -e "s/MAXUDP 200/MAXUDP 600/g" dnscache.c
make
make setup check

########## Install Users and Service directories ###########
groupadd dnscache
useradd -g dnscache dnscache
useradd -g dnscache dnslog
/usr/local/bin/dnscache-conf dnscache dnslog /var/dnscache
ln -s /var/dnscache /service

# Fix the nameservers to point to current ICANN structure 
# This assumes you have dig installed 
# Patch in the current list of root servers  
for a in a b c d e f g h i j k l m
do
  dig +short $a.root-servers.net.
done > /var/dnscache/root/servers/\@

# Increase the cache to 100MB
echo 100000000 > /service/dnscache/env/CACHESIZE
echo 104857600 > /service/dnscache/env/DATALIMIT

# Change multilog to keep more logs
echo "#!/bin/sh" > /service/dnscache/log/run
echo "exec setuidgid dnslog multilog t s10000000 ./main" >> /service/dnscache/log/run
Now all the tools and binaries are installed. To verify that the tools were installed you can do: 
dnsip www.google.com
Now you just have to kick-off the dnscache server and update /etc/resolv.conf. You will want to run the following script at system startup (if you don't, the file /etc/resolv.conf might get over-written by your system): 
# Must be run as root
rm -rf /etc/resolv.conf.prev
mv /etc/resolv.conf /etc/resolv.conf.prev
echo "nameserver 127.0.0.1" > /etc/resolv.conf

## init q  # (is this needed?)
/command/svscanboot &
sleep 5
svc -u /service/dnscache   # FYI: -t does a reboot
svstat /service/dnscache
svc -t /service/dnscache/log
Enjoy!
blog comments powered by Disqus