From iRedMail

(Difference between revisions)

Current revision as of 16:58, 29 March 2010

Author	hoho

Mission

Configure a caching nameserver on a iRedMail server to speed up DNS lookup.

Advantage

Reduces the delay in domain name resolution drastically as the requests for frequently accessed domain are served from cache.

Working

"named" gets a request for domain resolution.

It checks whether the request can be satisfied from cache. If the answer is in cache and not stale, the request is satisfied from cache itself saving a lot of time. If request can't be satisfied from cache, named queries the first parent. If it replies with the answer, then named will cache the response and subsequent requests for the same domain name will be satisfied from the cache. In case first parent fails to reply, named will query the second parent and so on.

Install Bind

We choose BIND which is the most common package on DNS server.

On RHEL/CentOS:

Terminal:

# yum install caching-nameserver bind-chroot

On Debian/Ubuntu:

On FreeBSD:

Configure Bind

The main configuration file for named is /etc/named.caching-nameserver.conf (actually, it's a symbol link to /var/named/chroot/etc/named.caching-nameserver.conf).

Below is a configuration file for a machine for iRedMail localhost only. The comments inline explain what each option does.

File: /etc/named.caching-nameserver.conf

options {
        // <-- BELOW ARE DEFAULT SETTINGS SHIPPED IN RHEL/CENTOS -->
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

        // Those options should be used carefully because they disable port
        // randomization
        // query-source    port 53;
        // query-source-v6 port 53;

        allow-query     { localhost; };
        allow-query-cache { localhost; };
        // <-- END DEFAULT SETTINGS -->

// <-- Add or modify below lines -->
        forward first;  //using external DNS if no reference on this server
        forwarders {
            202.76.4.18;    // CPCNet DNS you should use the DNS from your ISP
            8.8.8.8;        // Google DNS here is the sample DNS
        };
// <-- END -->
};

Since the DNS cache server is for iRedMail local use only, so the IP listen and query is only for localhost. If you want to share the DNS caching for local network for any query, you need to modify the config file to your own.

Start named now, and make it start while system startup:

On RHEL/CentOS:

Terminal:

# /etc/init.d/named restart
# chkconfig --level 345 named on

On Debian/Ubuntu:
On FreeBSD:

Use Bind as DNS server on your server

To use named, just open /etc/resolv.conf file and add the following line, it will make all DNS query carried on local named only.

File: /etc/resolv.conf

nameserver 127.0.0.1

If local named doesn't have DNS records which you requested, it will forward requests to DNS servers which listed in forwarders {} in named config file.

Now try to ping any domain and you will find that the server cannot resolve any domain name. That mean the domain only query itself the server itself.

To start the DNS caching service

Terminal:

# service named start

and then check the log to see the service starting status log

Terminal:

# cat /var/log/messages

 Mar 10 12:20:03 mail named[1522]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -c /etc/named.caching-nameserver.conf -t /var/named/chroot
 Mar 10 12:20:03 mail named[1522]: adjusted limit on open files from 1024 to 1048576
 Mar 10 12:20:03 mail named[1522]: found 1 CPU, using 1 worker thread
 Mar 10 12:20:03 mail named[1522]: using up to 4096 sockets
 Mar 10 12:20:03 mail named[1522]: loading configuration from '/etc/named.caching-nameserver.conf'
 Mar 10 12:20:03 mail named[1522]: using default UDP/IPv4 port range: [1024, 65535]
 Mar 10 12:20:03 mail named[1522]: using default UDP/IPv6 port range: [1024, 65535]
 Mar 10 12:20:03 mail named[1522]: listening on IPv6 interface lo, ::1#53
 Mar 10 12:20:03 mail named[1522]: listening on IPv4 interface lo, 127.0.0.1#53
 Mar 10 12:20:03 mail named[1522]: command channel listening on 127.0.0.1#953
 Mar 10 12:20:03 mail named[1522]: command channel listening on ::1#953
 Mar 10 12:20:03 mail named[1522]: the working directory is not writable
 Mar 10 12:20:03 mail named[1522]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
 Mar 10 12:20:03 mail named[1522]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
 Mar 10 12:20:03 mail named[1522]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
 Mar 10 12:20:03 mail named[1522]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial  1997022700
 Mar 10 12:20:03 mail named[1522]: zone localdomain/IN/localhost_resolver: loaded serial 42
 Mar 10 12:20:03 mail named[1522]: zone localhost/IN/localhost_resolver: loaded serial 42

This mean the service is started successfully.

Now you can try to ping any domain without any problem.

To make the DNS caching service start automatically everytime system bootup, simply enter:

Terminal:

#  chkconfig --level 345 named on

Using caching-nameserver

Now your system will use your own nameserver (in caching mode) for resolving all domain names. To test if your nameserver use the following command

Terminal:

# dig fedora.co.in

Now if you use that command for the second time, the resolution time will be around 2-3 milli seconds while first time it would be around 400-700 milli seconds.

Example Below is two subsequent runs of dig for fedora.co.in . Notice the Query time.

Terminal:

# dig fedora.co.in

  ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> fedora.co.in
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43694
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9
  
  ;; QUESTION SECTION:
  ;fedora.co.in.                  IN      A
  
  ;; ANSWER SECTION:
  fedora.co.in.           18199   IN      A       174.136.1.134
  
  ;; AUTHORITY SECTION:
  fedora.co.in.           31974   IN      NS      ns4.webcomindia.com.
  fedora.co.in.           31974   IN      NS      ns1.webcomindia.com.
  fedora.co.in.           31974   IN      NS      ns2.webcomindia.com.
  fedora.co.in.           31974   IN      NS      ns3.webcomindia.com.
  
  ;; ADDITIONAL SECTION:
  ns1.webcomindia.com.    31976   IN      A       67.15.47.189
  ns1.webcomindia.com.    31976   IN      A       67.15.253.220
  ns1.webcomindia.com.    31976   IN      A       67.15.253.251
  ns3.webcomindia.com.    31976   IN      A       67.15.253.252
  ns3.webcomindia.com.    31976   IN      A       67.15.47.188
  ns3.webcomindia.com.    31976   IN      A       67.15.253.219
  ns4.webcomindia.com.    166378  IN      A       66.249.5.122
  ns4.webcomindia.com.    166378  IN      A       66.249.5.25
  ns4.webcomindia.com.    166378  IN      A       66.249.5.105
  
  ''';; Query time: 531 msec'''
  ;; SERVER: 127.0.0.1#53(127.0.0.1)
  ;; WHEN: Wed Mar 10 15:18:56 2010
  ;; MSG SIZE  rcvd: 277

The query time is long at the first time.

Enter the command again and then you will see the query time is greatly reduced that mean the caching service running successfully.

Addition/Setup.Bind.As.Cache.DNS.Server

From iRedMail

Current revision as of 16:58, 29 March 2010

Contents

Mission

Advantage

Install Bind

Configure Bind

Use Bind as DNS server on your server

Views

Personal tools

Navigation

Search

Toolbox

@@ Line 1: / Line 1: @@
-'''Mission
+<table border="1">
-'''
+<tr>
-To configure a caching nameserver on a iRedMail server itself.
+<th>Author</th>
+<td>[http://www.iredmail.org/forum/user528.html hoho]</td>
+</tr>
+</table>
+=Mission=
+Configure a caching nameserver on a iRedMail server to speed up DNS lookup.
+= Advantage =
-'''Advantage
-'''
 Reduces the delay in domain name resolution drastically as the requests for frequently accessed domain are served from cache.
 '''Working'''
-named gets a request for domain resolution.
+"'''named'''" gets a request for domain resolution.
-It checks whether the request can be satisfied from cache. If the answer is in cache and not stale, the request is satisfied from cache itself saving a lot of time
+<p>It checks whether the request can be satisfied from cache. If the answer is in cache and not stale, the request is satisfied from cache itself saving a lot of time.
 If request can't be satisfied from cache, named queries the first parent. If it replies with the answer, then named will cache the response and subsequent requests for the same domain name will be satisfied from the cache.
-In case first parent fails to reply, named will query the second parent and so on.
-How to install
+In case first parent fails to reply, named will query the second parent and so on.</p>
+= Install Bind =
+We choose '''BIND''' which is the most common package on DNS server.
+* On RHEL/CentOS:
+{{cmd|<pre># yum install caching-nameserver bind-chroot</pre>}}
+* On Debian/Ubuntu:
+* On FreeBSD:
+= Configure Bind =
+The main configuration file for named is /etc/named.caching-nameserver.conf (actually, it's a symbol link to /var/named/chroot/etc/named.caching-nameserver.conf).
+Below is a configuration file for a machine for iRedMail localhost only. The comments inline explain what each option does.
+{{cfg|/etc/named.caching-nameserver.conf|<pre>
+options {
+        // <-- BELOW ARE DEFAULT SETTINGS SHIPPED IN RHEL/CENTOS -->
+        listen-on port 53 { 127.0.0.1; };
+        listen-on-v6 port 53 { ::1; };
+        directory       "/var/named";
+        dump-file       "/var/named/data/cache_dump.db";
+        statistics-file "/var/named/data/named_stats.txt";
+        memstatistics-file "/var/named/data/named_mem_stats.txt";
+        // Those options should be used carefully because they disable port
+        // randomization
+        // query-source    port 53;
+        // query-source-v6 port 53;
+        allow-query     { localhost; };
+        allow-query-cache { localhost; };
+        // <-- END DEFAULT SETTINGS -->
+// <-- Add or modify below lines -->
+        forward first;  //using external DNS if no reference on this server
+        forwarders {
+.76.4.18;    // CPCNet DNS you should use the DNS from your ISP
+.8.8.8;        // Google DNS here is the sample DNS
+        };
+// <-- END -->
+};
+</pre>}}
+Since the DNS cache server is for iRedMail local use only, so the IP listen and query is only for localhost. If you want to share the DNS caching for local network for any query, you need to modify the config file to your own.
+Start named now, and make it start while system startup:
+* On RHEL/CentOS:
+{{cmd|<pre>
+# /etc/init.d/named restart
+# chkconfig --level 345 named on
+</pre>}}
+* On Debian/Ubuntu:
+* On FreeBSD:
+= Use Bind as DNS server on your server =
+To use named, just open ''/etc/resolv.conf'' file and add the following line, it will make all DNS query carried on local named only.
+{{cfg|/etc/resolv.conf|<pre>nameserver 127.0.0.1</pre>}}
+If local named doesn't have DNS records which you requested, it will forward requests to DNS servers which listed in '''forwarders {}''' in named config file.
+Now try to ping any domain and you will find that the server cannot resolve any domain name. That mean the domain only query itself the server itself.
+To start the DNS caching service
+{{cmd|<pre># service named start</pre>}}
+and then check the log to see the service starting status log
+{{cmd|<pre># cat /var/log/messages
+ Mar 10 12:20:03 mail named[1522]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -c /etc/named.caching-nameserver.conf -t /var/named/chroot
+ Mar 10 12:20:03 mail named[1522]: adjusted limit on open files from 1024 to 1048576
+ Mar 10 12:20:03 mail named[1522]: found 1 CPU, using 1 worker thread
+ Mar 10 12:20:03 mail named[1522]: using up to 4096 sockets
+ Mar 10 12:20:03 mail named[1522]: loading configuration from '/etc/named.caching-nameserver.conf'
+ Mar 10 12:20:03 mail named[1522]: using default UDP/IPv4 port range: [1024, 65535]
+ Mar 10 12:20:03 mail named[1522]: using default UDP/IPv6 port range: [1024, 65535]
+ Mar 10 12:20:03 mail named[1522]: listening on IPv6 interface lo, ::1#53
+ Mar 10 12:20:03 mail named[1522]: listening on IPv4 interface lo, 127.0.0.1#53
+ Mar 10 12:20:03 mail named[1522]: command channel listening on 127.0.0.1#953
+ Mar 10 12:20:03 mail named[1522]: command channel listening on ::1#953
+ Mar 10 12:20:03 mail named[1522]: the working directory is not writable
+ Mar 10 12:20:03 mail named[1522]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
+ Mar 10 12:20:03 mail named[1522]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
+ Mar 10 12:20:03 mail named[1522]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
+ Mar 10 12:20:03 mail named[1522]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial  1997022700
+ Mar 10 12:20:03 mail named[1522]: zone localdomain/IN/localhost_resolver: loaded serial 42
+ Mar 10 12:20:03 mail named[1522]: zone localhost/IN/localhost_resolver: loaded serial 42
+</pre>}}
+This mean the service is started successfully.
+Now you can try to ping any domain without any problem.
-We choose BIND which is the most common package on DNS server.
+To make the DNS caching service start automatically everytime system bootup, simply enter:
-To check the package present or not on the system, just using
+{{cmd|<pre>#  chkconfig --level 345 named on</pre>}}
-rpm -qa |grep bind
+Using caching-nameserver
-rpm -qa |grep caching-nameserver
-by default on iRedMail server, the result is:
+Now your system will use your own nameserver (in caching mode) for resolving all domain names. To test if your nameserver use the following command
-[root@mail ~]# rpm -qa |grep bind
+{{cmd|<pre># dig fedora.co.in</pre>}}
-ypbind-1.19-12.el5
-bind-libs-9.3.6-4.P1.el5_4.2
-bind-utils-9.3.6-4.P1.el5_4.2
-the package we need on cache named server is
+Now if you use that command for the second time, the resolution time will be around 2-3 milli seconds while first time it would be around 400-700 milli seconds.
-bind
+Example
-bind-chroot
+Below is two subsequent runs of dig for fedora.co.in . Notice the Query time.
-bind-util
-caching-nameserver
-If its not present on your system, install using
+{{cmd|<pre># dig fedora.co.in
-yum install caching-nameserver bind-chroot
+  ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> fedora.co.in
+  ;; global options:  printcmd
+  ;; Got answer:
+  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43694
+  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9
+  ;; QUESTION SECTION:
+  ;fedora.co.in.                  IN      A
+  ;; ANSWER SECTION:
+  fedora.co.in.           18199   IN      A       174.136.1.134
+  ;; AUTHORITY SECTION:
+  fedora.co.in.           31974   IN      NS      ns4.webcomindia.com.
+  fedora.co.in.           31974   IN      NS      ns1.webcomindia.com.
+  fedora.co.in.           31974   IN      NS      ns2.webcomindia.com.
+  fedora.co.in.           31974   IN      NS      ns3.webcomindia.com.
+  ;; ADDITIONAL SECTION:
+  ns1.webcomindia.com.    31976   IN      A       67.15.47.189
+  ns1.webcomindia.com.    31976   IN      A       67.15.253.220
+  ns1.webcomindia.com.    31976   IN      A       67.15.253.251
+  ns3.webcomindia.com.    31976   IN      A       67.15.253.252
+  ns3.webcomindia.com.    31976   IN      A       67.15.47.188
+  ns3.webcomindia.com.    31976   IN      A       67.15.253.219
+  ns4.webcomindia.com.    166378  IN      A       66.249.5.122
+  ns4.webcomindia.com.    166378  IN      A       66.249.5.25
+  ns4.webcomindia.com.    166378  IN      A       66.249.5.105
+  ''';; Query time: 531 msec'''
+  ;; SERVER: 127.0.0.1#53(127.0.0.1)
+  ;; WHEN: Wed Mar 10 15:18:56 2010
+  ;; MSG SIZE  rcvd: 277
+</pre>}}
+The query time is long at the first time.
-all the components we need will be installed
+Enter the command again and then you will see the query time is greatly reduced that mean the caching service running successfully.