[CentOS] Caching nameserver

Feizhou feizhou at graffiti.net
Tue Aug 9 07:19:48 UTC 2005 

> If you only need caching, then try using something simpler, and more 
> secure, than bind. Try dnsmasq (it can run a dhcp-server too, but that 
> is easily disabled) or dns-cache (a djb software utility).

dnscache - simple and secure

However you need some supporting software, namely, daemontools

see http://cr.yp.to/daemontools.html for more information.

wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
tar zxf daemontools-0.76.tar.gz
cd admin/daemontools-0.76
echo 'gcc -Os -include /usr/include/errno.h -Wimplicit -Wunused 
-Wcomment -Wchar-subscripts -Wuninitialized -Wshadow -Wcast-qual 
-Wcast-align -Wwrite-strings' > src/conf-cc
./package/install
cd ../..

(The above will get you a running daemontools installation right away)

djbdns -- see http://cr.yp.to/djbdns.html

wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
tar zxf djbdns-1.0.5.tar.gz
cd djbdns-1.05.tar.gz
echo 'gcc -Os -include /usr/include/errno.h -Wimplicit -Wunused 
-Wcomment -Wchar-subscripts -Wuninitialized -Wshadow -Wcast-qual 
-Wcast-align -Wwrite-strings' > conf-cc
make setup check
dnscache-conf nobody nobody /var/dnscache 192.168.0.[?]
touch /var/dnscache/root/ip/192.168.0

(This will get you an installation that listens only on 192.168.0.[?] 
and that is installed under /var/dnscache. The dnscache program will run 
under nobody and log files will be generated under nobody uid/gid in 
/var/dnscache/log/main/current.

By default, it will only use 1MB of RAM for caching. To increase, edit 
/var/dnscache/env/DATALIMIT and /var/dnscache/env/CACHESIZE.
DATALIMIT must be slighty larger than CACHESIZE. At least two megabytes 
larger seems to be a good value.
-- see http://cr.yp.to/djbdns/cachesize.html.

Regarding last step, only queries from 192.168.0.x will be entertained. 
This is a non-forwarding setup)

To activate: cd /service; ln -s /var/dnscache

If you change anything under /var/dnscache/env or 
/var/dnscache/root/servers, you need to restart to take effect.

To restart: svc -t /service/dnscache
To stop: svc -d /service/dnscache
To start: svc -u /service/dnscache (note: daemontools will automatically 
start on boot and it will also automatically start dnscache)

More information about the CentOS mailing list