FreeBSD comes with the venerable BIND (the Berkeley Internet Name Daemon) both for resolving hostnames and to publish own domain addresses (dns server). I don’t like it a bit…. it’s not fond to the Unix ways and principles at all, it’s big and monolithic, strange configuration file, bad security holes history, etc…
So, with a new box, comes the need to replace bind with djbdns. This is my howto on doing this in FreeBSD. Viewer discretion is advised as the level of geekness can leave brain damage…
Instalation of the needed software
Our good friend the ports tree, makes this a breeze…
cd /usr/ports/dns/djbdns
make install cleanoptions selected: MAN, JUMBO (the djdns jumbo patch by Claudiu Costin)
the djbdns depends on ucspi-tcp (another DJB software). And if it is not already in your system you will be prompted to install it. If later on you think about replace Sendmail with Qmail (also have a neat guide about it) the options you should select in the ucspi-tcp dialog are: LIMITS, MANPAGES, RSS_DIFF.
The startup on boot, restart, start, stop, etc.. will be managed by yet another DJB software, daemontools, so go ahead and install it also.
cd /usr/ports/sysutils/daemontools
make install cleanoptions selected: MAN, S_NORMAL, TESTS
Setting up DNS resolver/cache
Add up the needed user accounts
pw useradd -n dnscache -s /usr/sbin/nologin
pw useradd -n dnslog -s /usr/sbin/nologinAnd set-up the dnscache with the dnscache-conf command (replace a.b.c.d with the ip where dnscache will listen to incoming resolving requests
dnscache-conf dnscache dnslog /etc/dnscache a.b.c.dSet up the Ips that can query your dnscache, it’s just plain files in /etc/dnscache/root/ip/
touch /etc/dnscache/root/ip/127.0.0.1
touch /etc/dnscache/root/ip/a.b.c.d
touch /etc/dnscache/root/ip/a.b.c.e
etc...Now set-up daemontools (if is already running skip this part), edit /etc/rc.conf and add:
svscan_enable=”YES”
svscan_servicedir=”/service”
Now, start daemontools
mkdir -p /service
/usr/local/etc/rc.d/svscan startand check that is running
ps -waux | grep svscanyou should get something like
root 30558 0.0 0.0 3292 932 ?? S 2:58AM 0:00.03 /usr/local/bin/svscan /service
Now, start dnscache
ln -s /etc/dnscache /service/dnscacheand stop bind
/etc/rc.d/named stopedit /etc/rc.conf and make the change permanently with
named_enable=”NO”
Configure /etc/resolv.conf to use the dnscache
edit /etc/resolv.conf (change a.b.c.d to whatever ip you set up dnscache with dnscache-conf)
nameserver a.b.c.d
Check if you are up and running and look the magic unfolding
svstat /service/dnscache
sockstat | grep dns
tail -f /etc/dnscache/log/main/current | tai64nlocal