caching only DNS server

Souza Simbota SouzaSimbota at BURCOMW.COM
Wed Apr 18 06:04:54 UTC 2007 

I followed the procedure below on configuring a caching only DNS server
(http://kbase.redhat.com/faq/FAQ_42_9609.shtm) but it works on the same
machine. When I dig from another machine to this one (dig yahoo.com
@10.0.0.103) it doesn't work and gives a message

; <<>> DiG 9.2.4 <<>> yahoo.com @10.0.0.103
;; global options:  printcmd
;; connection timed out; no servers could be reached

What could be  the problem. Will appreciate your help.

SOUZA



The packages which needs to be installed are:
bind-9.2.4-16.EL4.i386.rpm 
bind-chroot-9.2.4-16.EL4.i386.rpm 
caching-nameserver-7.3-3.noarch.rpm 

These packages can be installed from the CD using the command:
# rpm -ivh <PACKAGE NAME>

or using the up2date command:
# up2date <PACKAGE NAME>

The configuration files associated with the caching name server are:
/etc/sysconfig/named 
/var/named/chroot/etc/named.conf 
/var/named/chroot/var/named/named.local 
/var/named/chroot/var/named/named.ca 
/var/named/chroot/var/named/localhost.zone 
/var/named/chroot/var/named/localdomain.zone 

Edit /etc/sysconfig/named and ensure that the following entry is made in the
file, which tells named to run the chroot environment.
ROOTDIR=/var/named/chroot
Note: /etc/named.conf is a symbolic link to /var/named/chroot/etc/named.conf
file. 

To configure the /etc/named.conf file for a simple caching name server, use
this configuration for all servers that don't act as a master or slave name
server. Setting up a simple caching server for local client machines will
reduce the load on the network's primary server. Many users on dialup
connections may use this configuration along with bind for such a purpose.
Ensure that the file /etc/named.conf highlights the entries below:
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders { A.B.C.D; W.X.Y.Z; };
forward only;
};

// a caching only nameserver config

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

With the forwarders option, A.B.C.D and W.X.Y.Z are the IP addresses of the
Primary/Master and Secondary/Slave DNS server on the network in question.
They can also be the IP addresses of the ISPs DNS server and another DNS
server, respectively. With the forward only option set in the named.conf
file, the name server doesn't try to contact other servers to find out
information if the forwarders does not give it an answer.

Now, /etc/resolv.conf should look like this:
nameserver 127.0.0.1

Start the caching-dns server
# /sbin/chkconfig named on
# service named start

Test the caching-name server
# nslookup
>Default 
Server: localhost
Address: 127.0.0.1

Now enter a query in nslookup. For example: www.redhat.com 
> www.redhat.com
Server: localhost
Address: 127.0.0.1

Name: www.redhat.com
Address: 209.132.177.50
nslookup now asked the named to look for the machine www.redhat.com. It then
contacted one of the name server machines named in the root.cache file, and
asked it's way from there. It might take a while before the result is shown,
as it searches all the domains the user entered in /etc/resolve.conf. When
tried again, the result should be similar to this example: 
> www.redhat.com
Server: localhost
Address: 127.0.0.1

Non-authoritative answer:
Name: www.redhat.com
Address: 209.132.177.50

Note the Non-authoritative answer in the result this time. This means that
named did not go out on the network to ask this time, it instead looked up
in its cache and found it there. But the cached information might be out of
date. So the user is informed of this danger by it saying Non-authoritative
answer. When nslookup says this the second time when a user ask for a host,
it is a sign that it caches the information and that it's working. Now exit
nslookup by giving the command exit.
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.F-Secure.com/
or contact sales at burcomw.com

More information about the bind-users mailing list