Board index Linux DNS

Moderator: chandranjoy

Caching-only Name Server - how to configure it?

Postby chandranjoy » Thu Sep 02, 2010 4:36 pm

Caching-only Name Server - how do I configure it to run in chroot environment?

Caching-only Name Server

A caching-only name server is used for looking up zone data and caching (storing) the result which is returned. Then it can return the answers to subsequent queries by using the cached information.

A caching-only server is authoritative only for the local host i.e 0.0.127.in-addr.arpa, but it can automatically send requests to the Internet host handling name lookups for the domain in question.

In most situations, a caching-only name server sends queries directly to the name server that contains the answer. Because of its simplified nature, a DNS zone file is not created for a caching-only name server.

Running the Caching-only Name Server in an chroot environment is a secure approach. The chroot environment has more security compared to the normal environment.

Configuration


The packages which needs to be installed are:
* bind-9.2.4-16.EL4.i386.rpm
* bind-chroot-9.2.4-16.EL4.i386.rpm
* caching-nameserver-7.3-3.noarch.rpm

These packages can be installed from the CD using the command:
# rpm -ivh <PACKAGE NAME>


or using the up2date command:
# up2date <PACKAGE NAME>


The configuration files associated with the caching name server are:

1. /etc/sysconfig/named
2. /var/named/chroot/etc/named.conf
3. /var/named/chroot/var/named/named.local
4. /var/named/chroot/var/named/named.ca
5. /var/named/chroot/var/named/localhost.zone
6. /var/named/chroot/var/named/localdomain.zone


Edit /etc/sysconfig/namedand ensure that the following entry is made in the file, which tells named to run the chroot environment.
ROOTDIR=/var/named/chroot


Note: /etc/named.conf is a symbolic link to /var/named/chroot/etc/named.conf file.

To configure the /etc/named.conf file for a simple caching name server, use this configuration for all servers that don't act as a master or slave name server. Setting up a simple caching server for local client machines will reduce the load on the network's primary server. Many users on dialup connections may use this configuration along with bind for such a purpose. Ensure that the file /etc/named.conf highlights the entries below:

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders { A.B.C.D; W.X.Y.Z; };
forward only;
};


// a caching only nameserver config

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};


With the forwarders option, A.B.C.D and W.X.Y.Z are the IP addresses of the Primary/Master and Secondary/Slave DNS server on the network in question. They can also be the IP addresses of the ISPs DNS server and another DNS server, respectively. With the forward only option set in the named.conf file, the name server doesn't try to contact other servers to find out information if the forwarders does not give it an answer.

Now, /etc/resolv.conf should look like this:
nameserver 127.0.0.1


Start the caching-dns server
# /sbin/chkconfig named on
# service named start

Test the caching-name server
# nslookup
>Default
Server: localhost
Address: 127.0.0.1


Now enter a query in nslookup. For example: www.redhat.com

> www.redhat.com
Server: localhost
Address: 127.0.0.1

Name: www.redhat.com
Address: 209.132.177.50


nslookup now asked the named to look for the machine www.redhat.com. It then contacted one of the name server machines named in the root.cache file, and asked it's way from there. It might take a while before the result is shown, as it searches all the domains the user entered in /etc/resolve.conf. When tried again, the result should be similar to this example:
> www.redhat.com
Server: localhost
Address: 127.0.0.1

Non-authoritative answer:
Name: www.redhat.com
Address: 209.132.177.50


Note the Non-authoritative answer in the result this time. This means that named did not go out on the network to ask this time, it instead looked up in its cache and found it there. But the cached information might be out of date. So the user is informed of this danger by it saying Non-authoritative answer. When nslookup says this the second time when a user ask for a host, it is a sign that it caches the information and that it's working. Now exit nslookup by giving the command exit.

Cool,you have done. :)
chandranjoy
Site Admin
 
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to DNS

Who is online

Users browsing this forum: No registered users and 1 guest


cron