Down below is a script you can use to install djb-dns on a Linux system (like Ubuntu).
Specifically, it will install dnscache (a local caching nameserver) which resolves any domain name into an IP address. This is much like Google's public 188.8.131.52 DNS server.
Background on DNS lookups
To be clear: dnscache is not an "authoritative" dns server A dns cache is a simply a middle-man that executes global dns lookups on behalf of an incoming query, and caches the result for subsequent queries. See this clarification.
When a program does a dns lookup (turning a domain name into an IP, or vice versa) it uses a dns client library (e.g. calling the UNIX function gethostbyname()) to connect to a ("recursive") domain name server. That server (typically hosted by your ISP) does all the dirty work of first talking to the root-name-servers and going down the tree of DNS lookups until the full domain name is completely resolved.
The file /etc/resolv.conf contains the IP address(es) of the domain name server(s) your system is using. It is a small file that typically looks something like:
nameserver a.b.c.d nameserver e.f.g.h
Why do I need to run my own dns cache?
The dns cache servers that your ISP is hosting typically aren't very good. Those servers are overloaded, not well maintained, etc... If you are doing a high volume of dns-lookups they won't keep up. For instsance, you are running a web crawler, or doing reverse-lookups on all the IP addresses that visit your site. Your ISP's servers will introduce latency and flakiness. I've personally dealt with 3 ISPs whose servers started returning errors because my volume was too high.
I've even run my own dns cache on my home Linux desktop because my home ISP's was so bad. (Nowadays I just use 184.108.40.206 for my home networks.)
What's so special about djb-dns?
It's rock-solid. It's written by this crazy-smart guy who knows his shit, and even has an unclaimed $1000 prize to find a security bug.
I've used it multiple times and haven't had any problems. The only downside is it's a pain-in-the-ass to install. Thankfully, I've gone through the headache for you.
The Install Script
# Must be run as root # Also see http://hydra.geht.net/tino/howto/linux/djbdns/ #Create a /package directory: mkdir -p /package chmod 1755 /package cd /package wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz gunzip daemontools-0.76.tar.gz tar -xpf daemontools-0.76.tar rm daemontools-0.76.tar cd admin/daemontools-0.76 # Apply dumb patch to make things compile cd src; echo gcc -O2 -include /usr/include/errno.h > conf-cc; cd .. ./package/install cd /package wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz rm -rf ucspi-tcp-0.88 tar xfz ucspi-tcp-0.88.tar.gz cd ucspi-tcp-0.88 # Apply dumb patch to make things compile echo gcc -O2 -include /usr/include/errno.h > conf-cc make make setup check cd /package wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz gunzip djbdns-1.05.tar.gz tar -xf djbdns-1.05.tar cd djbdns-1.05 # Apply dumb patch to make things compile echo gcc -O2 -include /usr/include/errno.h > conf-cc # Allow more simultaneous dns requests sed -i -e "s/MAXUDP 200/MAXUDP 600/g" dnscache.c make make setup check ########## Install Users and Service directories ########### groupadd dnscache useradd -g dnscache dnscache useradd -g dnscache dnslog /usr/local/bin/dnscache-conf dnscache dnslog /var/dnscache ln -s /var/dnscache /service # Fix the nameservers to point to current ICANN structure # This assumes you have dig installed # Patch in the current list of root servers for a in a b c d e f g h i j k l m do dig +short $a.root-servers.net. done > /var/dnscache/root/servers/\@ # Increase the cache to 100MB echo 100000000 > /service/dnscache/env/CACHESIZE echo 104857600 > /service/dnscache/env/DATALIMIT # Change multilog to keep more logs echo "#!/bin/sh" > /service/dnscache/log/run echo "exec setuidgid dnslog multilog t s10000000 ./main" >> /service/dnscache/log/runNow all the tools and binaries are installed. To verify that the tools were installed you can do:
dnsip www.google.comNow you just have to kick-off the dnscache server and update /etc/resolv.conf. You will want to run the following script at system startup (if you don't, the file /etc/resolv.conf might get over-written by your system):
# Must be run as root rm -rf /etc/resolv.conf.prev mv /etc/resolv.conf /etc/resolv.conf.prev echo "nameserver 127.0.0.1" > /etc/resolv.conf ## init q # (is this needed?) /command/svscanboot & sleep 5 svc -u /service/dnscache # FYI: -t does a reboot svstat /service/dnscache svc -t /service/dnscache/logEnjoy! blog comments powered by Disqus