Setting up a local DNS Server

Why TinyDNS?

Please note: There is no available port for TinyDNS so we are pretty much forced to use the source for this. I humbly apologize!

One of the main reasons why you would want TinyDNS installed is for a few reasons. The first reason is if you are behind a router/firewall, you should always have a DNS server supporting your local lan. Why do this when I have my ISP? Well, heres the reason why:

If you setup your nameserver on your linux box to be your ISP's DNS server, Name resolution is going to be slower than an internal DNS server based upon your speed. Not only that but you cannot specify your own local names/IPs. It is very common to have network administrators blindly using their ISPs DNS server without knowing an Internal DNS server will not only be faster but can also act as your primary DNS server.

Lets say for instance all your computers behind your router/fireall all are in 192.168.9.x subnets and all your machines are using the ISPs DNS. If you get disconnected from your ISP, POOF! All network connectivity is gone. Lets hope you're not using anything like any accounting programs or what not. I am not saying this is the way all people do it but if you are a first or even second network admin, chances are (Unless it was setup properly beforehand) this is the way it is setup now.

Now, In a managed DNS enviornment, Your router has your DNS information and ALL your DNS requests from your clients are sent to the IP of your linux box. If you get disconnected from the net, all your internal DNS is still working. All your Apps will still be working. As long as you're behind your router/firewall, everything should be working fine.

Let me walk you through the two major parts of djbdns. The first is tinydns, this is the naming server portion. Caching servers, like dnscache send queries to tinydns regarding domains it is authorative to. Ddnscache holds those answers so that if you ask for freebsdrocks.net than I do, the program only makes one trip to antagonism's tinydns server. Dnscache reduces the number of external queries a network makes. Makes sense, right?

Requirements of TinyDNS

Copied with permission from the author.

1) A working FreeBSD Box.
2) At least 2 unused IP addresses. 1 is usually fine.
3) Daemontools - This was installed if you did my qmail install. If not, please install that step!
4) UCSPI-TCP - This was also installed if you did my qmail install. If not, please install that step too!
5) You will want ports 22 (SSH) and 53 (DNS) open. If you don't want anyone outside of your network using your DNS server (Personally, I don't pass this port either) don't forward port 53.

That is about it. When all those requirements have been met, You can now continue.

Installing TinyDNS

First, Lets change to the root dir, download the djbdnsrocks tarball and extract it:


# cd ~root
# fetch http://freebsdrocks.net/files/tarballs/djbdnsrocks.tar.gz
# tar zxvf djbdnsrocks.tar.gz
# cd djbdnsrocks

Now lets extract and install djbdns:


# tar zxvf djbdns-1.05.tar.gz
# cd djbdns-1.05
# make
# make setup check

A successful "make setup check" will produce the following output:


# ./install
# ./instcheck

Next, lets run the script that will add the tinydns users/groups to this system:


# ~root/djbdnsrocks/scripts/add_users_freebsd.script

Configuring TinyDNS

For purposes of this HOWTO, example.local is the top level domain and host.example.local is a host on the domain. You can add any amount of top-level domains as you like. Just make sure all the top level domains have a 127.0.0.1 IP address. The local network is 192.168.1.0/24 with host.example.local being the nameserver at 192.168.1.1. To configure tinydns, run the following commands. Replace example.local and host.example.loĆ£al with your chosen domain names:


# /usr/local/bin/tinydns-conf tinydns dnslog /etc/tinydns 127.0.0.1


Starting TinyDNS

Now start the service with the following command:


# ln -s /etc/tinydns /service

You can verify it is running by typing:


# svstat /service/tinydns

If it starts counting up past 2, you should be fine. If not, something isn't working right so check the log here and see what it says:


# vi /service/tinydns/log/main/current

Now lets add your first box to TinyDNS. So lets add the FreeBSD sever first.


# cd /service/tinydns/root/
# ./add-ns example.local 127.0.0.1
# ./add-ns 1.168.192.in-addr.arpa 127.0.0.1
# ./add-host host.example.local 192.168.1.1
# make

Configuring DNSCache

Before you continue, Its possible you may have to type rehash on your console to refresh your shell to run the next command.


# dnscache-conf dnscache dnslog /etc/dnscache 192.168.1.1
# touch /etc/dnscache/root/ip/192.168.1
# echo '127.0.0.1' > /etc/dnscache/root/servers/example.local
# echo '127.0.0.1' > /etc/dnscache/root/servers/1.168.192.in-addr.arpa
# ln -s /etc/dnscache /service

Now edit /etc/resolve.conf to point your server to TinyDNS:


# vi /etc/resolv.conf

Remove all the lines in /etc/resolve.conf and add the following:


nameserver 192.168.1.1

We now need to restart dnscache and tinydns like so:


# svc -t /service/tinydns/
# svc -t /service/dnscache/

Now if you ping your host, you should get a ping response with the correct IP! Thats it! TinyDNS is completed!