# Nameserver, dns and djbdns

## digital diesel

Ok here's what I want to do.  I'm building a network out of computers I have found in trash and "frankenstiened" together, others that people gave me, etc.  I'm doing this because I want to learn hands on how networks work and how linux works and some of the finer points.

Like right now, I'm learing all sorts of things about DNS.  First I tried bind, then I tried djbdns.  I truely like djbdns much better, if not only because it has been easier to understand what i'm doing when i begin to configure it.

However I can't get djbdns to work properly.  For dnscache, i listen on the loopback addy 127.0.0.1 and on tinydns i listen to it's network ip addy 10.0.0.2

i configured and made tinydns/root/data to tinydns/root/data.cnb and i ran both dnscache-setup and tinydns-setup. Once i got it to resolve ip addresses only on my network, but it couldn't resolve ip addresses on the internet.  Does my router have to forward port 53 (domain) to the dns server in order to do lookups?

And finally, i eventually want to register a domain name and register this name server and network, but I have a dynamic ip address.  Since I don't have a static IP address, how can I register my network and name server.

Or am i just crazy?

PS:Last edited by digital diesel on Sun Oct 26, 2003 2:29 am; edited 1 time in total

----------

## NeddySeagoon

digital diesel,

You are making a lot of work for yourself. I'll assume that you have an always on broadband link of some sort.

The first thing you need (must have?) on the end of your broadand is a firewall, you want to keep crackers out, after all.

You put you outward facing hardware in the firewalls DMZ and your private stuff on its fully protected network.

Firewalls normally privide a lot of the services you are looking for.  Check out smoothwall and IPCop, which is a Smoothwall fork.

You can have a domain address on a dynamic IP.  Check out noip.com and services like it.

Are you crazy ???

Maybe - what you are doing is building a seti farm. Look up Seti@Home. You have probably worked out by now that peripherals like CDROM, floppy, keyboard, mouse, hard drive, video card are all optional extras in the PCs you are building.

You didn't say what your network connection was - you are only crazy if its a modem.

Regards,

NeddySeagoon

----------

## digital diesel

I have a cable modem and i'm like the ONLY one in my neighborhood with it.  I have the best speeds I have ever seen next to being on CMU's back bones and downloading stuff at like 800k.  Anyhow I'm getting like 390k when I download files from a Gentoo mirror about 2 miles away from me (gentoo.mirrors.pair.com).  With my dsl from verizon, i only got (at best) 90k/s

So back to my network.  I have a router/firewall I have built and thus, my own little piece of the net. After a trip to the computer expo today i bought two more computers for 30 bucks each (pII's 400mhz)  so I'm up to five working gentoo boxes.  And you better believe i'll have openmosix installed on each.  So yes i'm crazy, but like i said it's in the pursuit of knowledge.  Nevertheless.

I have DNS resolving on my DNS server only and it only resolves INTERNET names now and not anything on the local network.  Local network machines cannot resolve OUTSIDE NETWORK Names with the DNS server 10.0.0.2 .  They can when I"m using my ISP's DNS servers (but remember, I want to resolve both network and internet ips).  I'm led to believe that dnscachex isn't allowing network computers to bind to it's dns server, why?

So 10.0.0.20 (client) can not use 10.0.0.2 (dns server) to resolve.  however 10.0.0.2 can resolve using 127.0.0.1 as the nameserver.  I did touch /var/dnscachex/root/ip/10.0.0 and no dice, same permissions.

----------

## funkmankey

personally, I am a lazy, lazy bastard. for local resolution, I just use /etc/hosts on all my machines. for external resolution, I have a dnscache running against my rooter's internal IP. all is good, especially when there is beer. then again, I don't think I have nearly as many machines as you ^_^ and I only use distcc while dreaming about openmosix clusters...

think about it: 10.0.0.2 can resolve against 127.0.0.1 because that's its own personal localhost. none of your other machines can get to that particular 127.0.0.1 though.

I think for the djbdns split setup of cache-external and local, you need to have one listening on the internal address and one on the external address (or you could always add an additional alias address to the internal interface...)

of course I could be wrong, beer has led me astray in the past and will no doubt do so in future...

----------

## digital diesel

beer has undoubtablely lead you astray and soon it shall for me.  because it is saturday night and i'm about to go to a see a dj spin.

But I haven't started drinking yet, hence:

the DNS server 10.0.0.2 has /etc/resolve.conf's nameserver set to 127.0.0.1 and all the other computers are given the dns server of 10.0.0.2 when assigned by the DHCP server 10.0.0.1

So this other computer (my desktop) 10.0.0.20 tries to resolve against 10.0.0.2 but 10.0.0.2 is being a bitch and won't share it's resolutions.  Nor do i think it's doing reverse lookups and it certainly won't resolve any of the computers on the network.

Mind you I know it's not doing reverse looksups because it can't resolve the dhcp leased IP addresss like (10.0.0.20) and it won't resolve the statics 10.0.0.1.  And I even assigned 10.0.0.1 (my router in /var/tinydns/root/data and made it for data.cdb).

Please continue to flood me with ideas  :Smile: 

----------

## funkmankey

the DNS server 10.0.0.2 has /etc/resolve.conf's nameserver set to 127.0.0.1 and all the other computers are given the dns server of 10.0.0.2 when assigned by the DHCP server 10.0.0.1

ah, good point.

hrm, what if you run tinydns against localhost and dnscache against the ethernet interface; and then put 127.0.0.1 into the "@" file of the dnscache?

----------

## digital diesel

 *funkmankey wrote:*   

> the DNS server 10.0.0.2 has /etc/resolve.conf's nameserver set to 127.0.0.1 and all the other computers are given the dns server of 10.0.0.2 when assigned by the DHCP server 10.0.0.1
> 
> ah, good point.
> 
> hrm, what if you run tinydns against localhost and dnscache against the ethernet interface; and then put 127.0.0.1 into the "@" file of the dnscache?

 

ahhh that's a no go captin.  that made it so nothing was able to be resolved.

I'm back to prior configuration and So here's what i'm thinking now.  I have dnscachex and no dnscache, does that have something to do with it?  also i have tinydns's data file setup so if it was working properly the dns server should beable to resolve against itself.  So i think tinydns isn't working properly or that dnscache needs to be there.  finally, i have dnscachex setup to listen to connections from ip/10.0.0 and it doesn't.  Is this the function of the dnscache/ ? 

Does anybody have a tinydns/root/data file they can post? here's mine:

```

# AUTHORITATIVE NAMESERVER

.altf8.net::newyork.altf8.net

# MAIL EXCHANGER

#@altf8.net::newyork.altf8.net

# IP ADDRESS FOR STATIC MACHINES

=seattle.altf8.net::10.0.0.1

+newyork.altf8.net::10.0.0.2

```

PS: thanks everybody for your help  :Smile: 

----------

## funkmankey

my bad, according to

http://cr.yp.to/djbdns/dot-local.html

you don't do it by putting 127.0.0.1 into the @ file of the dnscache, you do it by telling the dnscache to be authoritative for your given tld, i.e. put 127.0.0.1 into a file called the toplevel name in the dnscache rootdir, e.g.

```
% cat /etc/dnscache/root/servers/internal

127.0.0.1

% cat /etc/tinydns/root/data

.internal:127.0.0.1:a:259200

=emphyrio.internal:192.168.0.2:86400

=deucas.internal:192.168.0.1:86400

=puppybook.internal:192.168.0.8:86400
```

this is with my original dnscache that was already listening on 192.168.0.1, and I just now added a tinydns instance listening on 127.0.0.1. and now I am able to query the public dnscache for the private local zone as well as for the external cache, works very well.

so now I can get rid of all my /etc/hosts laziness, heh.

----------

## digital diesel

```

newyork root # cat /var/dnscachex/root/servers/internal

127.0.0.1

```

```

newyork root # pwd

/service/tinydns/root

newyork root # ls

Makefile  add-alias  add-childns  add-host  add-mx  add-ns  data  data.cdb

newyork root # cat data

.internal:127.0.0.1:a:259200

=seattle.internal:10.0.0.1:86400

=newyork.internal:10.0.0.2:86400

newyork root #

```

That should cover the bases correct?  Still no pingipoo.

```

newyork root # ping seattle

ping: unknown host seattle

newyork root # ping seattle.internal

ping: unknown host seattle.internal

newyork root # ping 10.0.0.2

PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.

64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.127 ms

64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.074 ms

64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.081 ms

 

--- 10.0.0.2 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1998ms

rtt min/avg/max/mdev = 0.074/0.094/0.127/0.023 ms

newyork root #

```

Is there a difference in dnscachex and dnscache ?  I can't find anything on the djbdns website

----------

## funkmankey

stupid question 1:

did you do a 'make' after changing the data file?

stupid question 2:

does resolv.conf have

```
domain internal
```

in it? hm but you tried ping with the fqdn too, and that didn't work.

stupid question 3:

did you restart svcscan? (or do one of the various reload-ish commands...)

to be honest, I have no idea if dnscachex is different than dnscache, I assumed it was the same thing...

EDIT: stupid question 15: since you were originally running dnscache on 127.0.0.1, did you change dnscache/env/IP to point to 10.0.0.2   (or whatever)? /EDIT

----------

## bbarrera

I'm assuming you want 1 machine to be dns caching server for LAN, plus want local name resolution (both forward and reverse lookups).

1. Setup dnscache on 10.0.0.2 -- it doesn't matter whether you call it dnscache or dnscachex (suggest calling it dnscachex to clarify it is external cache for your LAN).

Now make sure your /etc/resolv.conf points to 10.0.0.2.  Check if you can still perform DNS lookups by pinging a few popular websites just to see if ping can resolve the URL into an IP address (more precisely dnscache resolves the URL into an IP address).

2. Set /etc/resolv.conf of all other computers to point to 10.0.0.2. Now your entire LAN is using the computer at 10.0.0.2 for caching DNS lookups.

3. Setup tinydns to listen on 127.0.0.1. Tinydns only answers requests for domains it is authoritative.

4a.  Cd to /service/tinydns/root and use add-ns to add domain "internal" and while your at it use add-ns to add "0.0.10.in-addr.arpa" to data so that reverse lookups will work.

./add-ns internal 127.0.0.1

./add-ns 0.0.10.in-addr.arpa 127.0.0.1

4b. Now add hosts

./add-host host3 10.0.0.3

./add-host host4 10.0.0.4

You should end up with something like this (mine is hand edited):

#

# Authoritative Nameservers

#

.bcs.local:127.0.0.1:a:259200

.199.168.192.in-addr.arpa:127.0.0.1:a:259200

.200.168.192.in-addr.arpa:127.0.0.1:a:259200

#

# Routers

#

=bcs1.bcs.local:192.168.200.254:86400

=bcs2.bcs.local:192.168.199.254:86400

#

# Hosts in main network

#

=server1.bcs.local:192.168.200.1:86400

=dns1.bcs.local:192.168.200.5:86400

4c. Run make

make

5a.  Tell dnscache to use your new tinydns name server:

cd /service/dnscachex/root/service

cat > 0.0.10.in-addr.arpa

127.0.0.1

EOF

cat > internal

127.0.0.1

EOF

5b. Restart dnscache

svc -t /service/dnscachex

Everything will start working once you fill in gaps in my explanation.

----------

## funkmankey

oooh good call on the rdns I totally forgot to do that on my server, cheers!

----------

## digital diesel

 *bbarrera wrote:*   

> I'm assuming you want 1 machine to be dns caching server for LAN, plus want local name resolution (both forward and reverse lookups).
> 
> ECT..........

 

THANK YOU SOOO MUCH, works perfect!

----------

## digital diesel

Ok, so if i add boxes via DHCP, i can't resolve the hostnames.  Is this possible and if so, how is it done?

Thanks in advance  :Smile: 

----------

## funkmankey

tinydns homepage links to this:

http://www.thismetalsky.org/magic/projects/dhcp_dns.html

----------

## bbarrera

Alternative to link provided.

Setup ip<>hostname mappings in djbdns. Then configure dhcp to statically assign IP address by using dns name.

For example, here is a snippet from my /etc/dhcp3/dhcpd.conf

```

...

...

...

host tivo {

  hardware ethernet 00:09:5B:1C:xx:xx;

  fixed-address tivo;

}

host nyquist {

  hardware ethernet  00:04:75:C1:xx:xx;

  fixed-address nyquist;

...

...

...

```

Not too bad if you only have a few nodes and want to statically assign IP addresses using DHCP.

Sometimes static DHCP assignments are necessary to avoid reconfiguring your router. For example, if you setup port forwarding on your router then you need static LAN IPs -- otherwise you must reconfigure port forwarding on the router if a host gets a different IP address from the DHCP server.

I've got laptops and like the easy administration of DHCP -- at home I have "set it and forget it" port forwarding. Then I take laptop on road and use DHCP servers at work or at wireless hotspots.

----------

