tname-that-domain.txt - monochromatic - monochromatic blog: http://blog.z3bra.org
HTML git clone git://z3bra.org/monochromatic
DIR Log
DIR Files
DIR Refs
---
tname-that-domain.txt (6448B)
---
1 # Name that domain
2
3 10 July, 2014
4
5 Hello folks !
6
7 I recently reinstalled my home server, and during the process, I decided to
8 throw away the heavy `BIND` nameserver from my application stack. I decided to
9 go with the light couple **`tinydns` + ` dnscache`**.
10
11 This wasn't really "easy" to do so, as there are really few resources on the web
12 explaining the step to get this working (If you're aware of one, please send me
13 a link, I'll be glad to share it). So here is a full tutorial !
14
15
16 ## TL;DR
17
18 1. create tinydns zone file
19 2. make `tinydns` listen on 127.0.0.1
20 3. create the `ip` files for dnscache
21 4. create the `servers` file for dnscache containing `127.0.0.1`
22 5. Fire it up
23 6. Enjoy.
24
25
26 ## The whole installation
27
28 First of all, I had to find out what were my needs. It seems stupid to say so,
29 but I have the bad habit to dive into configuration, barely knowing what I'm
30 trying to do. Here's what I wanted:
31
32 > The DNS nameserver will be running on a machine with IP **10.0.0.1**.
33 > My local network will be named **domain.lan**.
34 > I want all my machines to **contact 10.0.0.1 to resolve URIs**, and the server
35 > will provide **authoritative answers for domain.lan**, and **forward
36 > everything else** to some other servers.
37
38 How should we organise things then ?
39
40 Here's how I see it:
41
42 * `tinydns` listens on 127.0.0.1
43 * `tinydns` answers queries related to *.domain.lan
44 * `dnscache` answer queries from any address
45 * `dnscache` forwards queries related to *.domain.lan to ip 127.0.0.1
46 * `dnscache` forwards everything else to others DNS
47 * `dnscache` answers on any address
48
49 Let's set this up then!
50
51
52 ## tinydns
53
54 `tinydns` is fairly simple to use, and even more simple to configure. But it's
55 nothing you've ever seen before. You can configure tinydns from a single file:
56
57 ─── cat /etc/tinydns/root/data
58 Zdomain.lan:dns.domain.lan::contact.domain.lan
59 &domain.lan::dns.domain.lan
60 +domain.lan:10.0.0.1
61 +pc1.domain.lan:10.0.0.1
62 +pc2.domain.lan:10.0.0.2
63
64 That's a basic configuration file to use with `tinydns`. It will resolve
65 `domain.lan` and `pc1.domain.lan` to ip `10.0.0.1` and `pc2.domain.lan` to
66 `10.0.0.2`.
67
68 For more infos on the syntax, check the [alpine wiki page](http://wiki.alpinelinux.org/wiki/TinyDNS_Format).
69
70 Once your config file is created, you can generate the data that tinydns will
71 use. Remember to correctly set the `ROOT` variable to define the directory where
72 tinydns will store it's data:
73
74 # ROOT=/var/cache/tinydns/ tinydns-data
75
76 As we said earlier, we want `tinydns` to listen on the loopback interface. To do
77 so, we have to export the variable IP before running the binary.
78
79 # ROOT=/var/cache/tinydns/ IP=127.0.0.1 tinydns
80
81 And there you go ! Tinydns is listenning on address 127.0.0.1.
82 To check if it's correctly running, you can use `nslookup`.
83
84 # cp /etc/resolv.conf.old /etc/resolv.conf.orig
85 # cat <<EOF > /etc/resolv.conf
86 nameserver 127.0.0.1
87 EOF
88 # nslookup pc2.domain.lan
89 Server: (null)
90 Address 1: ::1 localhost
91 Address 2: 127.0.0.1 dns.domain.lan
92
93 Name: pc2.domain.lan
94 Address 1: 10.0.0.g.2
95 # mv /etc/resolv.conf.orig /etc/resolv.conf
96
97 It works ! Don't use tinydns as a resolv.conf entry though. Because it's
98 authoritative and ONLY serves our domain.lan zone, it would not be efficient...
99
100 ## dnscache
101
102 No DNS server can answer all the queries, so in most case, if the DNS can't
103 provide an answer, it will just forward the query to another depending on some
104 internal rules.
105
106 That's how we're gonna set up `dnscache`. Intercept queries from the local
107 network, forward every query for `domain.lan` to `tinydns`, and everything to a
108 standard list of known root servers.
109
110 But first, we need to tell `dnscache` to answer every query from local domain.
111 Let's say my current configuration is the following:
112
113 Network : 10.0.0.0
114 Netmask : 255.255.0.0
115 Gateway : 10.0.0.254
116 DNS : 10.0.0.1
117
118 We need to listen on `10.0.0.0/16` for DNS queries. To set this up, take a look
119 at the `/etc/dnscache/ip/` directory:
120
121 ─── ls /etc/dnscache/ip
122 127
123 ─── wc 127
124 0 0 0 /etc/dnscache/ip/127
125
126 A single file named `127`, which is totally empty... What does that mean ?
127 Upon startup, `dnscache` will read this directory and check the filenames to
128 know which IP address it should accept queries from.
129
130 The filename also act as a netmask, so in this case, `127` really means
131 `127.0.0.0/8`.
132
133 Back to our configuration. We want `dnscache` to accept queries from our local
134 network: `10.0.0.0/16`. Just create the corresponding file:
135
136 # :> /etc/dnscache/ip/10.0
137
138 And we're done !
139
140 Now, we need to tell `dnscache` who will answer the queries it receives. This is
141 done in the `/etc/dnscache/servers/` directory. We can see that there is already
142 a file here:
143
144 ─── ls /etc/dnscache/servers/
145 @
146 ─── cat /etc/dnscache/servers/@
147 198.41.0.4
148 192.228.79.201
149 192.33.4.12
150 128.8.10.90
151 ...
152
153 This is a list of the root servers extracted from [this
154 list](http://www.internic.net/zones/named.root).
155
156 In this directory, each file represent a domain, and the content of this file is
157 the list of the servers to contact in order to resolve those names.
158 "`@`" is a special name for the "fallback" entry.
159
160 In our case, we want `tinydns` to resolve names from "domain.lan", and forward
161 everything else to the root servers in the "`@`" file. To query `tinydns`, we
162 need to forward queries to `127.0.0.1`. Here's how to do this:
163
164 # cat <<EOF > /etc/dnscache/servers/domain.lan
165 127.0.0.1
166 EOF
167
168 That's all. Pretty simple isn't it ?
169
170 It's now time to start dnscache. It needs (like `tinydns`) two environment
171 variables: `ROOT` for the configuration directory path, and `IP` for the address
172 of the interface to listen on (note that you can use `0.0.0.0` to listen on all
173 interfaces).
174
175 # ROOT=/etc/dnscache IP=10.0.0.1 dnscache
176
177 You can now check if everything is working fine with `nslookup`:
178
179 # cp /etc/resolv.conf.old /etc/resolv.conf.orig
180 # cat <<EOF > /etc/resolv.conf
181 nameserver 10.0.0.1
182 EOF
183 # nslookup pc2.domain.lan
184 Server: (null)
185 Address 1: ::1 localhost
186 Address 2: 127.0.0.1 dns.domain.lan
187
188 Name: pc2.domain.lan
189 Address 1: 10.0.0.g.2
190 # mv /etc/resolv.conf.orig /etc/resolv.conf
191
192 And there you are ! You can now specify the IP address of your server in the
193 `resolv.conf` on your local computers.