Setup of DNS caching name server for home server

[Tim]

On Thu, 2009-09-24 at 16:04 -0400, Steven W. Orr wrote:
> I have a home server (saturn) off the cablemodem. I get my address from my
> ISP's dhcp server.
> 
> I had made the following change to my box (saturn) so it would use OpenDNS.org

To be honest, unless you want some unusual out-of-band domains resolved
that are ONLY handled by OpenDNS.org, or are avoiding censorship, I
don't see a great advantage in using them.

As far as I'm concerned, it's better to use DNS as it was intended.
Queries are made to root servers to find the right top level server for
the domain you want (e.g. use root to find out who handles .com to
resolve example.com), then query /that/ server for your answer.  Rather
than, go through a middle man (crappy ISP servers), or sidestep into an
external system which might subvert things.

> [root at saturn etc]# cat /etc/dhclient-eth0.conf
> prepend domain-name-servers 208.67.222.222, 208.67.220.220;
> send host-name "saturn.syslang.net";  # temporary RHL ifup addition
> 
> All is good. Then we have another machine inside my network which is getting
> its address from my own dhcpd. All is well there too. That machine also has
> its resolv.conf set by my dhcpd.conf to use opendns.org.
> 
> What I want to do is to set up the DNS Caching Nameserver. The goal is:
> * for saturn to use OpenDNS.org
> * For client machines in my network to use saturn via the caching server
> 
> I saw instructions to do this
> 
> yum install caching-nameserver
> 
> It installed bind. BTW, if I say
> 
> rpm -q caching-nameserver
> 
> it says package caching-nameserver is not installed.

That sounds odd.  Did you check for typing errors?

> I started bind. Please note that I am not serving any names. I just want this
> for DNS name caching. Nothing more.

Same functionality, really.  You get that if you don't go adding any
local records to your server.  But if you're going to the trouble of
running your own DNS and DHCP server, you may as well put in some local
records, and never have to fiddle with an /etc/hosts file ever again on
any local client computers.

> Then the stuff on the web said to create a file called
> /etc/named.caching-nameserver.conf
> 
> but that file didn't exist by default. As an experiment, I hand modified
> saturn's copy of /etc/resolv.conf so it just says
> 
> nameserver 127.0.0.1

Which means that *that* machine will use itself as a name server for any
queries it does.

> It looks like I'm still up and running. Should I, and how do I, really do the
> following:
> 
> * Where do I modify bind to tell it to look in OpenDNS.org (i.e.,
> 208.67.222.222, 208.67.220.220)?

If you want to use them, they will be set as your "forwarders."

> * Is it correct to modify the dhclient-eth0.conf to look in 127.0.0.1

On the DNS server machine, or all your clients?

127.0.0.1 means "myself" to a computer.  If you have your DHCP server
tell all your DHCP clients to look at themselves to resolve queries,
they'll fail unless they do have a DNS server on themselves, too.

For your clients, you'd not do anything like that.  You'd let your DHCP
server tell them the DNS server IPs to use.  For your DNS server
machine, it's better that it has a fixed IP, and doesn't use DHCP for
anything.


> * If I get these parts correct, then can I assume that setting my dhcpd.conf
> to say:
> 
> option domain-name-servers 192.168.0.101;
> 
> Would that be correct for my client? 192.168.0.101) from the client box points
> to saturn as the dhcp server and gateway.

Yes, that'd be normal.

In summary:  Don't configure a DNS server via DHCP, manually configure
it with fixed IP addresses (in some cases this is a "need," as DHCP
comes into play too late).  Set its resolver to be itself, and only
itself (don't supply extra resolver addresses).  Set up your DNS server
to answer queries from your LAN, perhaps to resolve LAN addresses,
perhaps to use a forwarder to get someone else's cached query results,
but it'd probably be better to just go straight to the root servers.
Set up your DHCP server to tell your clients to use your DNS server, and
only your DNS server.  Set up your clients to get what they need from
the DHCP server, and don't make custom DHCP client configuration files
on each client.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.