Mission
To configure a caching nameserver on a local machine which will cascade to another previously configured and functional nameserver (may or may not be caching. It’ll generally be your ISP nameserver or the one provided by your organization).
Advantage
- Reduces the delay in domain name resolution drastically as the requests for frequently accessed websites are served from cache.
Working
- named gets a request for domain resolution.
- It checks whether the request can be satisfied from cache. If the answer is in cache and not stale, the request is satisfied from cache itself saving a lot of time 🙂
- If request can’t be satisfied from cache, named queries the first parent. If it replies with the answer, then named will cache the response and subsequent requests for the same domain name will be satisfied from the cache.
- In case first parent fails to reply, named will query the second parent and so on.
(The working is my understanding of caching-nameserver using wireshark as traffic analysis tool and caching-nameserver may not behave exactly as explained above.)
How to install
named is by default on most of the systems by the package name ‘caching-nameserver‘. If its not present on your system, install using
[root@localhost ~]# yum install caching-nameserver [ENTER]
# If that doesn't work try this
[root@localhost ~]# yum install bind [ENTER] |
[root@localhost ~]# yum install caching-nameserver [ENTER]
# If that doesn't work try this
[root@localhost ~]# yum install bind [ENTER]
How to configure
The main configuration file for named resides in /var/named/chroot/etc/named.caching-nameserver.conf which is also soft linked from /etc/named.caching-nameserver.conf . named configuration file supports C/C++ style comments.
For a caching nameserver which will cascade to another nameserver, there is nothing much to be configured. You need to configure “options” block. Below is a configuration file for a machine with IP address 172.17.8.64 cascading to two nameserver 192.168.36.204 and 192.168.36.210. The comments inline explain what each option does.
options {
// Set the port to 53 which is standard port for DNS.
// Add the IP address on which named will listen separated by semi-colons.
// It'll be your own IP address.
listen-on port 53 {127.0.0.1; 172.17.8.64;};
// These are default. Leave them as it is.
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// The machines which are allowed to query this nameserver.
// Normally you'll allow only your machine. But you can allow other machines also.
// The address should be separated by semi-colons. To allow a network 172.16.31.0/24,
// the line would be
// allow-query {localhost; 172.16.31.0/24; };
// Don't forget the semi-colons.
allow-query { localhost; 172.17.8.64; };
recursion yes;
// The parent nameservers. List all the nameserver which you can query.
forwarders { 192.168.36.204; 192.168.36.210; };
forward first;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones"; |
options {
// Set the port to 53 which is standard port for DNS.
// Add the IP address on which named will listen separated by semi-colons.
// It'll be your own IP address.
listen-on port 53 {127.0.0.1; 172.17.8.64;};
// These are default. Leave them as it is.
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// The machines which are allowed to query this nameserver.
// Normally you'll allow only your machine. But you can allow other machines also.
// The address should be separated by semi-colons. To allow a network 172.16.31.0/24,
// the line would be
// allow-query {localhost; 172.16.31.0/24; };
// Don't forget the semi-colons.
allow-query { localhost; 172.17.8.64; };
recursion yes;
// The parent nameservers. List all the nameserver which you can query.
forwarders { 192.168.36.204; 192.168.36.210; };
forward first;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
Start caching-nameserver
Now start the caching-nameserver using the following command
[root@localhost ~]# server named start [ENTER] |
[root@localhost ~]# server named start [ENTER]
OR
[root@localhost ~]# /etc/init.d/named start [ENTER] |
[root@localhost ~]# /etc/init.d/named start [ENTER]
To make named start every time your reboot your machine use following command
[root@localhost ~]# chkconfig named on [ENTER] |
[root@localhost ~]# chkconfig named on [ENTER]
Using caching-nameserver
To use your caching-nameserver, open /etc/resolv.conf file and add the following line
Comment all other lines in the file, so that finally the file looks like
; generated by /sbin/dhclient-script
#search wlan.iiit.ac.in
#nameserver 192.168.36.204
#nameserver 192.168.36.210
nameserver 127.0.0.1 |
; generated by /sbin/dhclient-script
#search wlan.iiit.ac.in
#nameserver 192.168.36.204
#nameserver 192.168.36.210
nameserver 127.0.0.1
Now your system will use your own nameserver (in caching mode) for resolving all domain names. To test if your nameserver use the following command
[root@localhost ~]# dig fedora.co.in [ENTER] |
[root@localhost ~]# dig fedora.co.in [ENTER]
Now if you use that command for the second time, the resolution time will be around 2-3 milli seconds while first time it would be around 400-700 milli seconds.
Example
Below is two subsequent runs of dig for fedora.co.in . Notice the Query time.
[root@bordeaux SPECS]# dig fedora.co.in
; <<>> DiG 9.4.2rc1 <<>> fedora.co.in
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7839
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;fedora.co.in. IN A
;; ANSWER SECTION:
fedora.co.in. 83629 IN A 72.249.126.241
;; AUTHORITY SECTION:
fedora.co.in. 79709 IN NS ns.fedora.co.in.
;; ADDITIONAL SECTION:
ns.fedora.co.in. 79709 IN A 72.249.126.241
;; Query time: 531 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 19 18:04:47 2008
;; MSG SIZE rcvd: 79
[root@bordeaux SPECS]# dig fedora.co.in
; <<>> DiG 9.4.2rc1 <<>> fedora.co.in
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64233
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;fedora.co.in. IN A
;; ANSWER SECTION:
fedora.co.in. 83625 IN A 72.249.126.241
;; AUTHORITY SECTION:
fedora.co.in. 79705 IN NS ns.fedora.co.in.
;; ADDITIONAL SECTION:
ns.fedora.co.in. 79705 IN A 72.249.126.241
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 19 18:04:51 2008
;; MSG SIZE rcvd: 79
[root@bordeaux SPECS]# |
[root@bordeaux SPECS]# dig fedora.co.in
; <<>> DiG 9.4.2rc1 <<>> fedora.co.in
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7839
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;fedora.co.in. IN A
;; ANSWER SECTION:
fedora.co.in. 83629 IN A 72.249.126.241
;; AUTHORITY SECTION:
fedora.co.in. 79709 IN NS ns.fedora.co.in.
;; ADDITIONAL SECTION:
ns.fedora.co.in. 79709 IN A 72.249.126.241
;; Query time: 531 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 19 18:04:47 2008
;; MSG SIZE rcvd: 79
[root@bordeaux SPECS]# dig fedora.co.in
; <<>> DiG 9.4.2rc1 <<>> fedora.co.in
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64233
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;fedora.co.in. IN A
;; ANSWER SECTION:
fedora.co.in. 83625 IN A 72.249.126.241
;; AUTHORITY SECTION:
fedora.co.in. 79705 IN NS ns.fedora.co.in.
;; ADDITIONAL SECTION:
ns.fedora.co.in. 79705 IN A 72.249.126.241
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 19 18:04:51 2008
;; MSG SIZE rcvd: 79
[root@bordeaux SPECS]#