# Local DNS

## Paulathome

Hi folks,

My internet access is via a Satellite "broadband" connection. For the most part it works reasonably well but I am forever having trouble with DNS lookups.. Essentially, hosts that I know are correct, such as www.gentoo.org, come back as an invalid domain name. Usually a retry in the browser sorts it out. I am not sure why the problem is occurring, but I guess it is to do with slow responses from the DNS due to the very long round trip times inherent with satellite connections. The problem happens on all PCs on my home network, including a couple of different windows machines (XP + Vista) and my Gentoo machine.

Anyway, I was hoping to be able to setup some sort of DNS cache on my Gentoo box. The idea being to route all DNS lookups on my network to my Gentoo box which will either return the IP of a known host straight away, or go upstream to the ISP DNS if it doesnt have a particular host. While this wont solve the problem entirely, it should help (especially for frequently visited sites such as Gmail etc)

The network is put together using a 3com router with some wired and some wireless clients. The router also serves as a DHCP server and I can specify up to 2 DNS servers in the internet config, which get passed to the PCs when they request an IP. 

I was hoping to be able to set things up as follows

1. Leave the router as the DHCP server and get it to set the Gentoo box as a primary DNS and my ISPs DNS as secondary.

2. Setup some sort of DNS caching / forwarding service on the Gentoo box.

This means that even if I have the Gentoo machine offline for some reason, the router will continue to assign IPs to the other machines and failover to the ISP DNS for domain lookups.

I have been looking around at some different packages available but I am not sure what would be the best way to go about it. Djbdns may work but it seems to need to be bound to 2 NICs  one for the LAN and one for the Internet. My Gentoo machine has only one Ethernet card so I dont know if this will work (plus it may be overkill for what I want). I have also looked at dnsmasq but I dont want it to be my DHCP server.. I want to leave that function in the router.

Has anyone got any ideas as to what may be the best approach?

Thanks!

Paul.

----------

## PaulBredbury

Run bind.

----------

## Paulathome

I will take a look. Thanks!

----------

## Rob1n

Djbdns doesn't need 2 NICs - you can bind the authoritative server to localhost and the recursive server to the NIC.  I'd say BIND is overly complex for a basic caching nameserver - I'm using maradns but there's plenty of other caching DNS servers in portage.

----------

## Paulathome

I will look into that one too!

thanks

Paul.

----------

## darkphader

 *Paulathome wrote:*   

> I have been looking around at some different packages available but I am not sure what would be the best way to go about it. Djbdns may work but it seems to need to be bound to 2 NICs  one for the LAN and one for the Internet.

 

I recommend running dnscache from djbdns.

Djbdns has several components: tinydns, dnscache and afxrdns. You only need to run the dnscache component of djbdns, therefore only one IP address is needed (and as previously mentioned, even if you decide to run an internal authoritative nameserver for your internal network later, you can bind tinydns to your loopback address - or any IP alias as well - never a need for another NIC unless the network design calls for it).

I would skip the ISP's DNS servers (usually overworked, slow, and stale) in favor of OpenDNS - http://opendns.com/ - fast and free, and you don't need an account unless you want to use its advanced features. Set up dnscache to forward directly to its servers (instructions at the site: http://www.opendns.com/start/forwarding.php#dnscache). Also recommend to increase the size of dnscache from the default by a factor of 10 or more if you have the memory: http://cr.yp.to/djbdns/cachesize.html (I use the 100MB cache in this example).

Of course, then point all of your systems to your local cache on your server. Once done you will probably get better performance on  Windows boxes if you disable the "DNS Client" service.

Chris

----------

## manaka

It seems djbdns has many enthusiasts here   :Wink: . The only drawback (for some)... It's not free software. The author (Dan Bernstein) wants his software to be security bugs free. So he doesn't want others to add additional features. Just a detail to be taken into account...

I would also recommend using the root servers as base servers (this is the default in dnscache). You add insignificant load to the authoritative servers (since you are caching the responses). And you avoid the reliability problems of some ISP caching servers.

----------

## darkphader

 *manaka wrote:*   

> It seems djbdns has many enthusiasts here  :wink:. The only drawback (for some)... It's not free software. The author (Dan Bernstein) wants his software to be security bugs free. So he doesn't want others to add additional features. Just a detail to be taken into account...

 

Sure it's free, it's not GPL free, but then GPL licensed software isn't BSD free either. Everything's a matter of degrees.

 *manaka wrote:*   

> I would also recommend using the root servers as base servers (this is the default in dnscache). You add insignificant load to the authoritative servers (since you are caching the responses). And you avoid the reliability problems of some ISP caching servers.

 

I've used the root servers, and on every network I've tested including 8Mbs fast cable connections initial resolution time is easily twice that of a fast cache like OpenDNS. In the case presented by the OP: *Paulathome wrote:*   

> ...the very long round trip times inherent with satellite connections

  the overhead of resolving from the root servers is not necessarily insignificant and a mistake that will significantly impact DNS performance for items not already cached.

Chris

----------

## Paulathome

Thanks for the suggestions guys.

unfortunatley my net connection has been dead all weekend. My ISP think they will have an engineer in the area tomorrow and hope to fix me up then (4 days offline... grumble   :Mad:  ). Soo.. I have not been able to een read up on the different options let alone install any of them!

thanks again

Paul

----------

## manaka

You are right... It's a matter of degrees... But in the case of DJB software most people think it's not free software...

 *darkphader wrote:*   

>  *manaka wrote:*   It seems djbdns has many enthusiasts here  . The only drawback (for some)... It's not free software. The author (Dan Bernstein) wants his software to be security bugs free. So he doesn't want others to add additional features. Just a detail to be taken into account... 
> 
> Sure it's free, it's not GPL free, but then GPL licensed software isn't BSD free either. Everything's a matter of degrees.
> 
>  *manaka wrote:*   I would also recommend using the root servers as base servers (this is the default in dnscache). You add insignificant load to the authoritative servers (since you are caching the responses). And you avoid the reliability problems of some ISP caching servers. 
> ...

 

You are right, darkphader... Initial resolution times are better if you use big caching servers like OpenDNS (you avoid some DNS queries)... But there are other important things to be taken into account. Like reliability (you don't depend on any intermediate) or privacy (statistical aggregates and trend analyses are performed on your queries)... It's again a matter of choices...

Good luck, Paulathome... You'll improve things a lot if you use a caching DNS server...

----------

## darkphader

 *manaka wrote:*   

> Initial resolution times are better if you use big caching servers like OpenDNS (you avoid some DNS queries)... But there are other important things to be taken into account. Like reliability (you don't depend on any intermediate) or privacy (statistical aggregates and trend analyses are performed on your queries)... It's again a matter of choices...

 

Yes, indeed, those other issues should be addressed in all cases. In fact there was an OpenDNS glitch not to long ago. I wasn't using it then but am currently experimenting with it. I guess I'm not sure how private my DNS searches are anyway as even when I resolve from root my ISP could easily snoop any of those packets to see what I'm requesting. Of course, it's easy to change from forwarding to resolving (or changing forwarding servers), if ever the need arises.

Some of my small business clients like the change to OpenDNS due to the degree of protection offered by their phishing, X-rated, and other domain blocking features. Seemingly quite useful when you have limited bandwidth and a bunch of Windows machines on the network.

Chris

----------

## slycordinator

 *Paulathome wrote:*   

> I have also looked at dnsmasq but I dont want it to be my DHCP server.. I want to leave that function in the router.

 

That'd be easy.

```
# If you want dnsmasq to provide only DNS service on an interface,

# configure it as shown above, and then use the following line to

# disable DHCP on it.

#no-dhcp-interface=
```

So run dnsmasq, uncomment that line and put in the interface (be it eth0 or whatever) and if you have more than one interface then I believe you separate them with a comma.

----------

