|Last modified: 14-11-2012|
Before installing and running djbDNS, you'll need two add-ons from Berstein: UCSPI-TCP (Unix Client-Server Program; includes xfrdns and axfr-get to perform zone transfers), and daemon-tools (to supervise services.)
djbDNS itself is built on several components:
Note: By default, binaries are installed in /usr/local/bin, so this location should be listed in the PATH environment variable. This target can be changed by editing conf-home before compiling.
SV:123456:respawn:env - PATH=/usr/local/bin:/usr/sbin:/usr/bin:/bin svscan /service /dev/console 2>/dev/console
... and refresh init through killall -HUP init
Note: svscan can also be launched manually through
svscan /service &, and stopped through killall supervise tinydns svscan
Check that svscan is running through ps ax | grep sv
Note: Once again, the target directory is /usr/local/bin/ by default, but can be changed by editing conf-home before running make.
useradd -d /var/dnscache -s /bin/false dnscache
useradd -d /var/dnscache -s /bin/false dnslog
ln -sf /var/dnscache/dnscache /service/, and check that it now shows up through pstree -p
useradd -d /var/dnscache -s /bin/false tinydns
useradd -d /var/dnscache -s /bin/false tinylog
Note: The reason we have tinyDNS listen on the loopback is that dnscache is already listening on the Ethernet interface. We will set up dnscache to query tinyDNS when it needs to resolve zones for which tinyDNS is authoritative.
Also, if you want to have log files live in /var/spool/dnscache instead of /etc/tinydns/log/main, edit /etc/tinydns/log/run, and replace "./main" with /var/log/tinydns
# cd /var/dnscache/tinydns/root
# ./add-ns internal 10.20.30.12
# ./add-ns 30.20.10.in-addr.arpa 10.20.30.12
# ./add-mx internal 10.20.30.4
# ./add-host ns.internal 10.20.30.12
# ./add-host mail.internal 10.20.30.4
# ./add-alias unagi.internal 10.20.30.4
Note: The data file, /var/dnscache/tinydns/root/data, can also be edited manually. By design, djbDNS does not support CNAME records, so the last entry, unagi, is actually an A record pointing to the same address as mail.
... followed by:
cp /var/dnscache/dnscache/root/servers/internal /var/dnscache/dnscache/root/servers/30.20.10.in-addr.arpa
Note: As before, this will install a bunch of binaries in /usr/local. You can change the target directory by editing the conf-home file.
cd /tmp ; tcpclient 10.20.30.13 53 axfr-get internal data data.tmp
Voilą! The zone has been transfered into data. If the secondary is running BIND, you are on familiar ground.
/service/dnscache: unable to open supervise/ok: file does not exist
If you launch svscan through /usr/local/bin/svscan instead of editing /etc/inittab followed by killall -HUP init, you'll get:
supervise: fatal: unable to start KDE/run: file does not exist etc.
As for stopping svscan itself, I haven't found a better than
killall svscan supervise tinydns dnscache.
Note: With just svscan running and inittab containing "SV:123456:respawn:/command/svscanboot", I don't know of a better way to kill this process than by commenting this line, running "killall -HUP init", and running "ps aux | grep sv" to check that svscan was finally put to rest.
djbdns is a collection of Domain Name System tools. It includes several components: The dnscache program is a local DNS cache. It accepts recursive DNS queries from local clients such as web browsers. It collects responses from remote DNS servers. The tinydns program is a fast, UDP-only DNS server. It makes local DNS information available to the Internet. It supports load balancing and client differentiation. The walldns program is a reverse DNS wall. It provides matching reverse and forward records while hiding local host information. The rbldns program is an IP-address-listing DNS server. It uses DNS to publish a list of IP addresses, such as RBL or DUL. The dns library handles outgoing and incoming DNS packets. It can be used by clients such as web browsers to look up host addresses, host names, MX records, etc. It supports asynchronous resolution. The dnsfilter program is a parallel IP-address-to-host-name converter. The dnsip, dnsipq, dnsname, dnstxt, and dnsmx programs are simple command-line interfaces to DNS. The dnsq and dnstrace programs are DNS debugging tools. tinydns handles basic DNS service. The tinydns-data file format combines the flexibility of zone files with the convenience of modern zone-building tools. Host information is stored in one file. PTR records are handled automatically. Changes can be scheduled in advance, with TTLs handled automatically. tinydns has several load-balancing features. It automatically selects a random set of 8 servers from a cluster of any size. It allows easy removal of dead servers by external monitoring tools. It also supports client differentiation, checking the client's IP address and choosing one of several clusters accordingly. walldns is a reverse DNS wall. It lets firewalled sites access name-checking servers without revealing true host information. rbldns publishes lists of IP addresses, such as RBL or DUL, through DNS. This could be done with a general-purpose server, but rbldns uses much less memory and much less disk space.