Junk Food for the Brain

Open Source and Awesomesauce :)

Configure a Caching-Only Name Server in a Chroot Environment for Fedora 11

| Comments

Having a caching only name-server on your local Machine speeds up your browsing. Here’s how to set up a slightly more secure caching server using ISC Bind in Fedora 11.

  1. Install bind and bind-chroot packages
# yum install bind bind-chroot
  1. Edit your `/etc/sysconfig/named file.
# vim /etc/sysconfig/named

Add the following line:

ROOTDIR="/var/named/chroot"

`

  1. Edit your /etc/named.conf file.
# vim /etc/named.conf
  1. Change the following line:
listen-on port 53 { 127.0.0.1; };

to

listen-on port 53 { any; };

This allows the bind daemon to listen on all your network IPs, not just your loopback(127.0.0.1) address.

  1. Change this line:
allow-query     { localhost; };

to

allow-query     { 192.168.0.0/24; };

You now allow all the machines in your home LAN to use your DNS server.

  1. Make sure it starts at boot time.
# chkconfig named on

Restart your DNS server.

# service named restart
  1. Make sure its listening on the correct ports.
# netstat -ntupl | grep named

In my case, the DNS server IP is 192.168.0.10. So, as seen here, the line udp 0 0 192.168.0.10:53 0.0.0.0:* 2851/named shows it is listening correctly.

  1. Then test your server from another machine in your network. Most probably another linux box or laptop.
# dig @192.168.0.10 google.com

The dig command, with the ‘@’ instructs it to get the IP address for google.com from your newly set up server. On my machine, it looked like this:-

[root@atreides ~]# dig @192.168.0.10 google.com  
; < <>> DiG 9.6.1-RedHat-9.6.1-2.fc11 < <>> @192.168.0.10 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6515
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0  
;; QUESTION SECTION:
;google.com.            IN  A  
;; ANSWER SECTION:
google.com.     300 IN  A   74.125.127.100
google.com.     300 IN  A   74.125.45.100
google.com.     300 IN  A   74.125.67.100  
;; AUTHORITY SECTION:
google.com.     171853  IN  NS  ns3.google.com.
google.com.     171853  IN  NS  ns1.google.com.
google.com.     171853  IN  NS  ns2.google.com.
google.com.     171853  IN  NS  ns4.google.com.  
;; Query time: 82 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Sat Jul 18 20:14:59 2009
;; MSG SIZE  rcvd: 148

Note the SERVER: line. that shows you the answer for the query came from my DNS server (192.168.0.10).

  1. Finally, set up your /etc/resolv.conf accordingly.
    On the server:
nameserver 127.0.0.1

And on all your other machines:

nameserver 192.168.0.10