Skip to content

Old DNS setup (djbdns)

Jump to bottom Edit New page
Benedikt Kristinsson edited this page Feb 16, 2015 · 2 revisions

The old DNS structure was as follows

  • Every VPN node has a BIND instance that forwards dns queries to our DNS external DNS caches, that are running dnscache and djbdns.
  • VPN nodes dish out dns-cache0.lokun.is and dns-cache1.lokun.is as DNS caches for the clients via DHCP.
  • huginn.utrad.is and muninn.utrad.is were used as dns resolvers for lokun.is .

This is being phased out now at the time of writing (Feb 2015)

Installation of a DNS cache server

  1. Install build-essential with apt

apt-get install build-essential

```

  1. Install djbdns

    # wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
# tar xzvf djbdns-1.05.tar.gz
# cd djbdns-1.05
# echo gcc -O2 -include /usr/include/errno.h > conf-cc
# make
# make setup check

  2. Create users for dnscache

    # useradd dnscache
# useradd dnslog

  3. Create the /etc/dnscache directory

    # dnscache-conf dnscache dnslog /etc/dnscache <ip>

  4. Add the script that maintains the list of allowed ips to /etc/rc.local and/or a daily/hourly cronjob, then run it. I put it in /srv

    # apt-get install python-pip python-dev
# pip install requests netifaces
# python dnscache-iplist.py

    Note that this adds the local IP of the cache server to /etc/dnscache/root/ip, otherwise it won't work.

  5. Install daemontools and ucspi-tcp with apt and add dnscache

    # apt-get install daemontools ucspi-tcp daemontools-run   
# ln -s /etc/dnscache /etc/service/dnscache

  6. To disable logging, edit the file /etc/dnscache/run. Simply prevent stdout from reaching multilog by changing the line

    exec 2>&1

    to

    exec 1>/dev/null 2>&1

    Logging is useful for debugging though. I tried sending a HUP to the multilog and run process, but ultimately only rebooting worked.

  7. Set up tinydns for overriding

    # useradd tinydns
# tinydns-conf tinydns dnslog /etc/tinydns-override 127.0.0.1
# ln -s /etc/tinydns-override /etc/service/tinydns-override

    And then daemontools picks it up.

  8. Add the DNS records tinydns data file, /etc/tinydns-override/root/data

    .netflix.com:96.47.231.242:ns:300
+netflix.com:96.47.231.242:300
+*.netflix.com:96.47.231.242:300
.hulu.com:96.47.231.242:ns:300
+hulu.com:96.47.231.242:300
+*.hulu.com:96.47.231.242:300
.huluim.com:96.47.231.242:ns:300
+huluim.com:96.47.231.242:300
+*.huluim.com:96.47.231.242:300

Where 96.47.231.242 is a proxy server. This file will be automatically generated.

  1. cd into /etc/tinydns-override/root/ and

    # make

tinydns is now updated.

  1. Tell dnscache to consult our local tinydns-override for these domains

    # echo 127.0.0.1 > /etc/dnscache/root/servers/netflix.com
# echo 127.0.0.1 > /etc/dnscache/root/servers/huluim.com
# echo 127.0.0.1 > /etc/dnscache/root/servers/hulu.com
# echo 127.0.0.1 > /etc/dnscache/root/servers/pandora.com
# echo 127.0.0.1 > /etc/dnscache/root/servers/foodnetwork.com

  2. Send the dnscahce process a HUP signal to make it reload this configuration.

Add a custom footer
Add a custom sidebar
Clone this wiki locally