On 3 Aug 2001, Santiago Canez wrote: > Hi, > > I want to install a caching-only nameserver on my system. > > apt-get install bind >
In my humble opinion, Daniel J. Bernstein's djbdns is a much better bet than BIND, especially in your case. djbdns is a suite of DNS tools that includes dnscache, a ready-to-run caching-only nameserver which runs in a chrooted jail by design. Include the following in your /etc/apt/sources.list if you're using potato: # Gerrit Pape's Debian packages for daemontools, djbdns etc. deb ftp://ftp.innominate.org/pub/pape/Debian potato unofficial innominate deb-src ftp://ftp.innominate.org/pub/pape/Debian potato unofficial innominate Get djbdns and daemontools, which are used to run the djbdns tools instead of the usual /etc/rc stuff. There is also stuff for woody, if you need it. There are links to everything on http://www.djbdns.org. After you've installed the Debian packages, configuration is a cinch. Read the documentation at the above URL, but configuration shouldn't be more than the following: - Add a user under whose UID dnscache will run: prompt# useradd -c Dnscache User -s /bin/false -d /var/dnscache dnscache - Add a user under whose UID the logging for dnscache will run: prompt# useradd -c Dnscache Logger -s /bin/false -d /var/dnscache dnslog - Initiate the dnscache: prompt# dnscache-conf dnscache dnslog /var/dnscache <ip-addr> where <ip-addr> is the IP address you want dnscache to listen to requests on. - Start the dnscache using daemontools by making a link in the directory monitored by the daemontools service-scan utility (/var/service): prompt# ln -s /var/dnscache /var/service Daemontools will start dnscache after five seconds and will make sure it runs always, including (of course) after reboot. - Configure the dnscache to accept requests from your networks by making files named after the network addresses in /var/dnscache/root/ip: For example, to allow access from all addresses on networks 192.168/16 and 10/8, prompt# touch /var/dnscache/root/ip/192.168 prompt# touch /var/dnscache/root/ip/10 And there you have it, a caching dns server after only five command lines or so, which uses but a tiny fraction of the resources BIND uses and has none of the security problems... To test your new cache, put the ip address in /etc/resolv.conf and check forward resolution: prompt# dnsip <fully-qualified-domain-name-you-want-an-ip-for> Also check reverse resolultion: prompt# dnsname <ip-address-you-want-a-name-for> Happy resolving, George Karaolides 8, Costakis Pantelides St., tel: +35 79 68 08 86 Strovolos, email: [EMAIL PROTECTED] Nicosia CY 2057, web: www.karaolides.com Republic of Cyprus
