djbdns is a DNS server package that was created in response to BIND’s history of security holes. Whenever I setup a Linux or FreeBSD DNS server, I try to use djbdns rather than BIND. Here’s how to setup a DNS caching server using FreeBSD 6.x and djbdns’s dnscache mode. The following commands should be run with root, su or sudo:

  1. Install the djbdns port, and its dependencies.
  2. cd /usr/ports/dns/djbdns
    make install clean
    rehash

  3. Enable the supervise service, which is used to start djbdns.
  4. echo 'svscan_enable="YES"' >> /etc/rc.conf
    mkdir /var/service
    usr/local/etc/rc.d/svscan.sh start

  5. Create djbdns’s cache and log accounts.
  6. pw useradd Gdnscache -d /nonexistent -s /sbin/nologin
    pw useradd Gdnslog -d /nonexistent -s /sbin/nologin

  7. Configure djbdns as a DNS caching server. In the examples below, 192.168.0.1 is the IP address of the interface that the djbdns DNS caching server will run on, and 192.168.0/24 is the network that I want to allow to access the server. Subsitute in the appropriate IPs and range(s) for your network.
  8. dnscache-conf Gdnscache Gdnslog /usr/local/etc/dnscache 192.168.0.1
    ln -s /usr/local/etc/dnscache /var/service
    touch /var/service/dnscache/root/ip/192.168.0
    /usr/local/etc/rc.d/svscan.sh restart

Sources: