How to configure a BIND DNS Cache in CentOS 7

Introduction I recently configured a CentOS 7 server to run BIND as a DNS caching server. This post documents the process. Although I used CentOS 7, these instructions should be equally applicable to CentOS 5 through 7, and Red Hat Enterprise Linux 5 through 7. If you already know why and where you want to configure a DNS caching server, feel free to skip ahead to this page’s “DNS Cache Setup” section. Otherwise, read on. A DNS Cache is normally setup accomplish one or more of the following: Improve performance. This can be especially true for mail servers, which make a large number of DNS queries. Bypass a flaky DNS resolver. The DNS caching server configuration that’s described on this page is applicable to both situations. It’s important to restrict which clients can query your DNS caching server, so that you don’t create an open resolver. This document includes instructions for doing so using BIND’s “allow-recursion” directive. Performance Considerations All other things being equal, I recommend placing your DNS caching server as close as possible to the clients which will query it. If the DNS cache will be used by a single client, it could make sense to run the DNS cache on that client. For example, you could install a DNS cache on your mail server. By running the cache on the same system as the querying application, you bypass the network latency that there would normally be between the DNS cache, and client. If the clients are primarily in a single data center or geographic area, try to place the DNS cache within that same datacenter or...

Installing djbdns dnscache on FreeBSD 6

djbdns is a DNS server package that was created in response to BIND’s history of security holes. Whenever I setup a Linux or FreeBSD DNS server, I try to use djbdns rather than BIND. Here’s how to setup a DNS caching server using FreeBSD 6.x and djbdns’s dnscache mode. The following commands should be run with root, su or sudo: Install the djbdns port, and its dependencies. cd /usr/ports/dns/djbdns make install clean rehash Enable the supervise service, which is used to start djbdns. echo 'svscan_enable="YES"' >> /etc/rc.conf mkdir /var/service usr/local/etc/rc.d/svscan.sh start Create djbdns’s cache and log accounts. pw useradd Gdnscache -d /nonexistent -s /sbin/nologin pw useradd Gdnslog -d /nonexistent -s /sbin/nologin Configure djbdns as a DNS caching server. In the examples below, 192.168.0.1 is the IP address of the interface that the djbdns DNS caching server will run on, and 192.168.0/24 is the network that I want to allow to access the server. Subsitute in the appropriate IPs and range(s) for your network. dnscache-conf Gdnscache Gdnslog /usr/local/etc/dnscache 192.168.0.1 ln -s /usr/local/etc/dnscache /var/service touch /var/service/dnscache/root/ip/192.168.0 /usr/local/etc/rc.d/svscan.sh restart Sources: How to install djbdns How to run an external cache for your...