Pidora: Raspberry Pi DNS Caching Server

dns-caching-server

Pidora DNS caching server

Since the Pi’s release they have been quite popular with schools, coders and those that dabble in Linux like myself. Recently I decided to purchase my own to build a small caching name server on my network, this was in the hopes of speeding up my page loads, additionally I wanted to use it for work as a conditional forwarder with my work’s domains. So far this is the best solution I’ve found out there.

Install Pidora

I’m going on the premise that you’ve already gone ahead an installed Pidora on to your SD card, but in case you haven’t here is an article I’ve written earlier. Inset your SD card, power on your Raspberry Pi and go through the required installation steps to complete your set up. I chose not to install the GUI to save on resources.

BIND

[notification type=”notification_info” ]BIND is an implementation of the Domain Name System (DNS) protocols. The name BIND stands for “Berkeley Internet Name Domain”, because the software originated in the early 1980s at the University of California at Berkeley. In recent years, the word BIND has become, like “radar” and “laser”, more word than acronym.[/notification]

There are many solutions out there and most a more lightweight than BIND, but as I said earlier I needed a DNS caching server with conditional forwarding, most if not all of the other solutions will not support conditional forwarding. The first Raspberry Pi BIND server I built was using Raspbian with a catch all forwarder to OpenDNS, it worked OK but it could have been better, the only reason I changed to Pidora was due to my file system had become corrupt causing me to rebuild and I have more experience with RHEL flavours of Linux. My second and current build I have had less issues with and now sends queries the root name servers instead of OpenDNS, unsurprisingly this resulted in my queries being faster.

• Assuming you have already set up your network connection, install bind:

[shell]yum install -y bind bind-utils[/shell]

• Edit your named config file ( nano -w /etc/named.conf )
This is your config file for BIND, it should look something like this:

[no-highlight]
// Config file for caching name server
// Note that the filenames and directory names may differ, the
// ultimate contents of should be quite similar though.

options {
directory “/var/named”;

// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.

// query-source port 53;
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key “rndc_key” {
algorithm hmac-md5;
secret “c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K”;
};

zone “.” {
type hint;
file “root.hints”;
};

zone “0.0.127.in-addr.arpa” {
type master;
file “127.0.0”;
};
[/no-highlight]

• Create your root hints file ( nano -w /var/named/root.hints )

[no-highlight]
; Before using this list!
; Check to see if it is up to date: http://www.iana.org/domains/root/servers
;
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
[/no-highlight]

• Now we need to create a bogus domain for our nameserver ( nano -w /var/named/127.0.0 ) the reason for this is to make sure we don’t disturb anyone out there.

$TTL 3D
@               IN      SOA     ns.linux.bogus. hostmaster.linux.bogus. (
                                1       ; Serial
                                8H      ; Refresh
                                2H      ; Retry
                                4W      ; Expire
                                1D)     ; Minimum TTL
                        NS      ns.linux.bogus.
1                       PTR     localhost.

• Update your resolv.conf to use itself as a name server ( nano -w /etc/resolv.conf ), we might as well as we are looking up directly to the root servers.

[no-highlight]
nameserver 127.0.0.1
[/no-highlight]

• If you are running IPTables, ensure your firewall allows for TCP and UDP port 53, once all this is done you can start the server ( service named start ) and add the service to start on boot ( chkconfig named on ).

Foot Note

There you have it, how to make your own DNS caching server. If like me your router is running on 192.168.1.1, you may wish to run the DNS server on 192.168.1.2 that way you can configure DHCP to set client’s primary/secondary DNS servers to 192.168.1.2 (DNS Server) and 192.168.1.1 (router). After doing this I configured my router to resolve using the OpenDNS servers, if the Raspberry Pi brakes, it needs to be rebooted or you need to stop the service for whatever reason it won’t take out the internet for all of your networked devices, they will simply fail-over to the secondary DNS server.

This last section is completely optional and was only required for myself because I have IPSec VPN connectivity between home and work, this allows me to work remotely. Personally I don’t want to use my work’s DNS servers at home as A) I like my privacy as I’m sure a lot of people do and B) I have family using my network and I can’t/won’t control what they look at. So to fix this problem I added conditional forwarders to my named.conf for each domain I work with running it’s own DNS servers. I add these conditional forwarders as zone entries, so all of my general DNS lookups will go out through the web and if I make a DNS request for something such as web-1.london.example.com it will instead make the request to one of the forwarding servers I’ve listed by IP address.

zone "london.example.com" {
 type forward;
 forward only;
 forwarders { 192.168.10.2; 192.168.10.3; };
};

If you also require this, you can add it to the end of your named.conf, but you will need to restart your named service ( service named restart ) for any changes to take affect.

References: Image, DNS HOWTO

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply