caching-nameserver Setup

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

caching-nameserver Setup

Post by jaoudestudios »

How can I setup my server to run as a DNS server? (yum install caching-nameserver)

And is there any downside in doing so?

Thanks
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: caching-nameserver Setup

Post by VladSun »

What are you trying to do? What do you need?
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: caching-nameserver Setup

Post by jaoudestudios »

Well our work DNS keeps having issues, and I keep losing internet, so I thought if it was not too hard to setup my own one?
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: caching-nameserver Setup

Post by VladSun »

No, it's not :)
Just install it, set it as a primary DNS in your workstations and it will work.
A chrooted DNS setup is better, so you may try it, but it's not obligatory.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: caching-nameserver Setup

Post by jaoudestudios »

Cool, thanks :)

Is it a security risk? or does it take lots of resources? Basically I am asking if there is any reason not to have it?
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: caching-nameserver Setup

Post by VladSun »

Basically, if it's setup properly there are no security or performance issues. You need to make sure that only your client subnet/s is/are allowed to make DNS queries and these queries must be allowed to be recursive (in order the DNS cache is fully used).

Chrooted setup will jail your BIND user, so if there are any future bugs/exploits the attacker will be jailed with the permissions/directory of BIND.
You can even use some iptables rules to "stealth" your DNS service from Internet, but you should be careful how it's done (i.e. established/related UDP sessions must be accepted). If you wish, I could help you with this.
There are 10 types of people in this world, those who understand binary and those who don't
Doug G
Forum Contributor
Posts: 282
Joined: Sun Sep 09, 2007 6:27 pm

Re: caching-nameserver Setup

Post by Doug G »

VladSun wrote:Basically, if it's setup properly there are no security or performance issues. You need to make sure that only your client subnet/s is/are allowed to make DNS queries and these queries must be allowed to be recursive (in order the DNS cache is fully used).

Chrooted setup will jail your BIND user, so if there are any future bugs/exploits the attacker will be jailed with the permissions/directory of BIND.
You can even use some iptables rules to "stealth" your DNS service from Internet, but you should be careful how it's done (i.e. established/related UDP sessions must be accepted). If you wish, I could help you with this.
Thanks for the info. If you're only running a caching DNS server for your local network, does the DNS server need to be exposed to the internet at all? I've never tried setting up a caching server in linux, but my W2003 DNS server does recursive external lookups for my lan clients, and it isn't accessible at all from outside my LAN.

I haven't done much with DNS servers of my own, but I'm interested in setting up an internal server that I can configure to handle 'bogus' internal names.
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: caching-nameserver Setup

Post by jaoudestudios »

VladSun wrote:If you wish, I could help you with this.
Cheers, I will give it a go, any probs I will let you know. Thanks again :)
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: caching-nameserver Setup

Post by VladSun »

Doug G wrote:If you're only running a caching DNS server for your local network, does the DNS server need to be exposed to the internet at all? I've never tried setting up a caching server in linux, but my W2003 DNS server does recursive external lookups for my lan clients, and it isn't accessible at all from outside my LAN.

I haven't done much with DNS servers of my own, but I'm interested in setting up an internal server that I can configure to handle 'bogus' internal names.
The DNS service needs to have Internet access in order to connect to the root and domain DNS servers. So, it must be "exposed" somehow to the Internet. For caching-only DNS there are only outgoing Internet connections.
There are some directives that are useful in this context: allow-query, allow-recursion, listen-on.

Take a look at http://www.debian.org/doc/manuals/netwo ... -bind.html for defining "bogus" domain zones.
There are 10 types of people in this world, those who understand binary and those who don't
Doug G
Forum Contributor
Posts: 282
Joined: Sun Sep 09, 2007 6:27 pm

Re: caching-nameserver Setup

Post by Doug G »

Thanks
Post Reply