Addition/Setup.Bind.As.Cache.DNS.Server
From iRedMail
Contents |
Mission
Configure a caching nameserver on a iRedMail server to speed up DNS lookup.
Advantage
Reduces the delay in domain name resolution drastically as the requests for frequently accessed domain are served from cache.
Working
"named" gets a request for domain resolution.
It checks whether the request can be satisfied from cache. If the answer is in cache and not stale, the request is satisfied from cache itself saving a lot of time. If request can't be satisfied from cache, named queries the first parent. If it replies with the answer, then named will cache the response and subsequent requests for the same domain name will be satisfied from the cache. In case first parent fails to reply, named will query the second parent and so on.
Install Bind
We choose BIND which is the most common package on DNS server.
To check the package present or not on the system, just using
| Terminal: |
# rpm -qa |grep bind # rpm -qa |grep caching-nameserver |
by default on iRedMail server, the result is:
| Terminal: |
# rpm -qa |grep bind ypbind-1.19-12.el5 bind-libs-9.3.6-4.P1.el5_4.2 bind-utils-9.3.6-4.P1.el5_4.2 |
the package we need on cache named server is
- bind
- bind-chroot
- bind-util
- caching-nameserver
If they are not present on your system, install using
| Terminal: |
# yum install caching-nameserver bind-chroot |
all the components we need will be installed
Configure Bind
The main configuration file for named resides in /var/named/chroot/etc/named.caching-nameserver.conf which is also soft linked from /etc/named.caching-nameserver.conf . named configuration file supports C/C++ style comments.
Below is a configuration file for a machine for iRedMail localhost only. The comments inline explain what each option does.
Since the DNS cache server is for iRedMail local use only, so the IP listen and query is only for localhost. If you want to share the DNS caching for local network for any query, you need to modify the config file to your own.
| File: |
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// <-- Add below lines -->
forward first; //using external DNS if no reference on this server
forwarders {
202.76.4.18; // CPCNet DNS you should use the DNS from your ISP
8.8.8.8; // Google DNS here is the sample DNS
};
// <-- End -->
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost; };
allow-query-cache { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
|
To use your caching-nameserver, open /etc/resolv.conf file and add the following line to make all query carry on the local iRedMail only.
| File: /etc/resolv.conf |
nameserver 127.0.0.1 |
Comment all other lines in the file, so that finally the file looks like
| File: /etc/resolv.conf |
# search yourdomain.com # nameserver 202.76.4.18 # nameserver 8.8.8.8 nameserver 127.0.0.1 |
save and restart the service:
| Terminal: |
# service network restart |
Now try to ping any domain and you will find that the server cannot resolve any domain name. That mean the domain only query itself the server itself.
To start the DNS caching service
| Terminal: |
# service named start |
and then check the log to see the service starting status log
| Terminal: |
# cat /var/log/messages Mar 10 12:20:03 mail named[1522]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -c /etc/named.caching-nameserver.conf -t /var/named/chroot Mar 10 12:20:03 mail named[1522]: adjusted limit on open files from 1024 to 1048576 Mar 10 12:20:03 mail named[1522]: found 1 CPU, using 1 worker thread Mar 10 12:20:03 mail named[1522]: using up to 4096 sockets Mar 10 12:20:03 mail named[1522]: loading configuration from '/etc/named.caching-nameserver.conf' Mar 10 12:20:03 mail named[1522]: using default UDP/IPv4 port range: [1024, 65535] Mar 10 12:20:03 mail named[1522]: using default UDP/IPv6 port range: [1024, 65535] Mar 10 12:20:03 mail named[1522]: listening on IPv6 interface lo, ::1#53 Mar 10 12:20:03 mail named[1522]: listening on IPv4 interface lo, 127.0.0.1#53 Mar 10 12:20:03 mail named[1522]: command channel listening on 127.0.0.1#953 Mar 10 12:20:03 mail named[1522]: command channel listening on ::1#953 Mar 10 12:20:03 mail named[1522]: the working directory is not writable Mar 10 12:20:03 mail named[1522]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Mar 10 12:20:03 mail named[1522]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 Mar 10 12:20:03 mail named[1522]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Mar 10 12:20:03 mail named[1522]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 Mar 10 12:20:03 mail named[1522]: zone localdomain/IN/localhost_resolver: loaded serial 42 Mar 10 12:20:03 mail named[1522]: zone localhost/IN/localhost_resolver: loaded serial 42 |
This mean the service is started successfully.
Now you can try to ping any domain without any problem.
To make the DNS caching service start automatically everytime system bootup, simply enter:
{{cmd|# chkconfig named on
Using caching-nameserver
Now your system will use your own nameserver (in caching mode) for resolving all domain names. To test if your nameserver use the following command
| Terminal: |
# dig fedora.co.in |
Now if you use that command for the second time, the resolution time will be around 2-3 milli seconds while first time it would be around 400-700 milli seconds.
Example Below is two subsequent runs of dig for fedora.co.in . Notice the Query time.
| Terminal: |
# dig fedora.co.in ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> fedora.co.in ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43694 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9 ;; QUESTION SECTION: ;fedora.co.in. IN A ;; ANSWER SECTION: fedora.co.in. 18199 IN A 174.136.1.134 ;; AUTHORITY SECTION: fedora.co.in. 31974 IN NS ns4.webcomindia.com. fedora.co.in. 31974 IN NS ns1.webcomindia.com. fedora.co.in. 31974 IN NS ns2.webcomindia.com. fedora.co.in. 31974 IN NS ns3.webcomindia.com. ;; ADDITIONAL SECTION: ns1.webcomindia.com. 31976 IN A 67.15.47.189 ns1.webcomindia.com. 31976 IN A 67.15.253.220 ns1.webcomindia.com. 31976 IN A 67.15.253.251 ns3.webcomindia.com. 31976 IN A 67.15.253.252 ns3.webcomindia.com. 31976 IN A 67.15.47.188 ns3.webcomindia.com. 31976 IN A 67.15.253.219 ns4.webcomindia.com. 166378 IN A 66.249.5.122 ns4.webcomindia.com. 166378 IN A 66.249.5.25 ns4.webcomindia.com. 166378 IN A 66.249.5.105 ''';; Query time: 531 msec''' ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Mar 10 15:18:56 2010 ;; MSG SIZE rcvd: 277 |
The query time is long at the first time.
Enter the command again and then you will see the query time is greatly reduced that mean the caching service running successfully.
