DaemonForums  

Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 5th March 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default BIND 9 : Caching and forward-only named.conf

A simple named.conf which forwards all DNS queries to another nameserver, and caches the answers for possible reuse.
Tested under OpenBSD 4.7 BETA with
Code:
$ named -v
BIND 9.4.2-P2
This type of configuration is useful to minimize the repeating nameserver queries issued when surfing the web.
Not only for your notebook or laptop using wireless connections, but also for a department that wishes to make use of a LAN/WAN link efficiently.
  • The Access Control List (acl) limits useage of this forward-only nameserver to my local 192.168.222.0/24 subnet.
  • The queries are forwarded to a dnscache namerver running on my OpenBSD firewall at 192.168.222.10.
  • The cache size is limited to two MB, which probably is too much for a notebook or laptop. The comments show how to calculate this amount in bytes using bc(1), the unlimited precision calculator.

Code:
// Caching and forward only configuration

// Access Control List

acl  clients    {
    192.168.222.0/24  ;
};

options {
    forward only ;
    forwarders { 192.168.222.10 ; } ; 
    allow-query { clients ; } ;
    // max-cache-size is in bytes : echo '2 * 1024^2' | bc
    max-cache-size 2097152 ; 
    empty-zones-enable yes;
} ;

# After editing this file please use 'named-checkconf' to validate!
To enable this under OpenBSD, assuming the above configuration has been saved as /var/naned/etc/caching-forward-only.conf, you have to add the following to /etc/rc.conf.local:

Code:
named_flags='-4 -c /etc/caching-forward-only.conf'
Note that applications use the /etc/resolv.conf to find out which name server they should use. So for a departmental nameserver, all clients should have the iP address of that name server in /etc/resolv.conf

For my small department in the garage, the clients have the following in /etc/resolv.conf

Code:
nameserver 192.168.222.25
A test query shows that dig indeed selects the 192.168.222.25 nameserver:

Code:
dig www.kpn.com

; <<>> DiG 9.4.2-P2 <<>> www.kpn.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34979
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.kpn.com.                   IN      A

;; ANSWER SECTION:
www.kpn.com.            3600    IN      A       145.7.192.133

;; Query time: 96 msec
;; SERVER: 192.168.222.25#53(192.168.222.25)
;; WHEN: Fri Mar  5 04:11:47 2010
;; MSG SIZE  rcvd: 45
The nameserver received this answer after 96 msec, and will cache this data for 3600 seconds, A repeat query showing a 1 msec query time and a decreased TTL (Ttime to live) of 3219.

Code:
dig www.kpn.com 

; <<>> DiG 9.4.2-P2 <<>> www.kpn.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24059
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.kpn.com.                   IN      A

;; ANSWER SECTION:
www.kpn.com.            3219    IN      A       145.7.192.133

;; Query time: 1 msec
;; SERVER: 192.168.222.25#53(192.168.222.25)
;; WHEN: Fri Mar  5 04:18:08 2010
;; MSG SIZE  rcvd: 45
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
 

Tags
bind, named, named.conf, nameserver forward-only

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DDNS problem (unable to add forward / reverse map) riotnrrd FreeBSD General 12 28th February 2010 03:13 PM
simple named.conf with dnssec ? mayuka OpenBSD Security 21 31st January 2010 09:47 PM
Named not starting on NetBSD boot Antimidget NetBSD General 2 27th August 2009 10:57 PM
Forward SSH from some port to some other machine starbuck Other BSD and UNIX/UNIX-like 10 18th September 2008 04:40 AM
caching DNS server? spiderpig General software and network 5 30th May 2008 10:01 PM


All times are GMT. The time now is 03:31 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick