djbdns is a DNS server package that was created in response to BIND’s history of security holes. Whenever I setup a Linux or FreeBSD DNS server, I try to use djbdns rather than BIND. Here’s how to setup a DNS caching server using FreeBSD 6.x and djbdns’s dnscache mode. The following commands should be run with root, su or sudo:
- Install the djbdns port, and its dependencies.
- Enable the supervise service, which is used to start djbdns.
- Create djbdns’s cache and log accounts.
- Configure djbdns as a DNS caching server. In the examples below, 192.168.0.1 is the IP address of the interface that the djbdns DNS caching server will run on, and 192.168.0/24 is the network that I want to allow to access the server. Subsitute in the appropriate IPs and range(s) for your network.
make install clean
echo 'svscan_enable="YES"' >> /etc/rc.conf
pw useradd Gdnscache -d /nonexistent -s /sbin/nologin
pw useradd Gdnslog -d /nonexistent -s /sbin/nologin
dnscache-conf Gdnscache Gdnslog /usr/local/etc/dnscache 192.168.0.1
ln -s /usr/local/etc/dnscache /var/service