monochromatic

monochromatic blog: http://blog.z3bra.org
git clone git://z3bra.org/monochromatic
Log | Files | Refs

name-that-domain.txt (6513B)


      1 # [Name that domain](#)
      2 ## — 10 July, 2014
      3 
      4 Hello folks !
      5 
      6 I recently reinstalled my home server, and during the process, I decided to
      7 throw away the heavy `BIND` nameserver from my application stack. I decided to
      8 go with the light couple **`tinydns` + ` dnscache`**.
      9 
     10 This wasn't really "easy" to do so, as there are really few resources on the web
     11 explaining the step to get this working (If you're aware of one, please send me
     12 a link, I'll be glad to share it). So here is a full tutorial !
     13 
     14 
     15 ### TL;DR
     16 
     17 1. create tinydns zone file
     18 2. make `tinydns` listen on 127.0.0.1
     19 3. create the `ip` files for dnscache
     20 4. create the `servers` file for dnscache containing `127.0.0.1`
     21 5. Fire it up
     22 6. Enjoy.
     23 
     24 
     25 ### The whole installation
     26 
     27 First of all, I had to find out what were my needs. It seems stupid to say so,
     28 but I have the bad habit to dive into configuration, barely knowing what I'm
     29 trying to do. Here's what I wanted:
     30 
     31 > The DNS nameserver will be running on a machine with IP **10.0.0.1**.
     32 > My local network will be named **domain.lan**.
     33 > I want all my machines to **contact 10.0.0.1 to resolve URIs**, and the server
     34 > will provide **authoritative answers for domain.lan**, and **forward
     35 > everything else** to some other servers.
     36 
     37 How should we organise things then ?
     38 
     39 Here's how I see it:
     40 
     41 * `tinydns` listens on 127.0.0.1
     42 * `tinydns` answers queries related to *.domain.lan
     43 * `dnscache` answer queries from any address
     44 * `dnscache` forwards queries related to *.domain.lan to ip 127.0.0.1
     45 * `dnscache` forwards everything else to others DNS
     46 * `dnscache` answers on any address
     47 
     48 Let's set this up then!
     49 
     50 
     51 ### tinydns
     52 
     53 `tinydns` is fairly simple to use, and even more simple to configure. But it's
     54 nothing you've ever seen before. You can configure tinydns from a single file:
     55 
     56     ─── cat /etc/tinydns/root/data
     57     Zdomain.lan:dns.domain.lan::contact.domain.lan
     58     &domain.lan::dns.domain.lan
     59     +domain.lan:10.0.0.1
     60     +pc1.domain.lan:10.0.0.1
     61     +pc2.domain.lan:10.0.0.2
     62 
     63 That's a basic configuration file to use with `tinydns`. It will resolve
     64 `domain.lan` and `pc1.domain.lan` to ip `10.0.0.1` and `pc2.domain.lan` to
     65 `10.0.0.2`.
     66 
     67 For more infos on the syntax, check the [alpine wiki page](http://wiki.alpinelinux.org/wiki/TinyDNS_Format).
     68 
     69 Once your config file is created, you can generate the data that tinydns will
     70 use. Remember to correctly set the `ROOT` variable to define the directory where
     71 tinydns will store it's data:
     72 
     73     # ROOT=/var/cache/tinydns/ tinydns-data
     74 
     75 As we said earlier, we want `tinydns` to listen on the loopback interface. To do
     76 so, we have to export the variable IP before running the binary.
     77 
     78     # ROOT=/var/cache/tinydns/ IP=127.0.0.1 tinydns
     79 
     80 And there you go ! Tinydns is listenning on address 127.0.0.1.  
     81 To check if it's correctly running, you can use `nslookup`.
     82 
     83     # cp /etc/resolv.conf.old /etc/resolv.conf.orig
     84     # cat <<EOF > /etc/resolv.conf
     85     nameserver 127.0.0.1
     86     EOF
     87     # nslookup pc2.domain.lan
     88     Server:    (null)
     89     Address 1: ::1 localhost
     90     Address 2: 127.0.0.1 dns.domain.lan
     91 
     92     Name:      pc2.domain.lan
     93     Address 1: 10.0.0.g.2
     94     # mv /etc/resolv.conf.orig /etc/resolv.conf
     95 
     96 It works ! Don't use tinydns as a resolv.conf entry though. Because it's
     97 authoritative and ONLY serves our domain.lan zone, it would not be efficient...
     98 
     99 ### dnscache
    100 
    101 No DNS server can answer all the queries, so in most case, if the DNS can't
    102 provide an answer, it will just forward the query to another depending on some
    103 internal rules.
    104 
    105 That's how we're gonna set up `dnscache`. Intercept queries from the local
    106 network, forward every query for `domain.lan` to `tinydns`, and everything to a
    107 standard list of known root servers.
    108 
    109 But first, we need to tell `dnscache` to answer every query from local domain.
    110 Let's say my current configuration is the following:
    111 
    112     Network : 10.0.0.0
    113     Netmask : 255.255.0.0
    114     Gateway : 10.0.0.254
    115     DNS     : 10.0.0.1
    116 
    117 We need to listen on `10.0.0.0/16` for DNS queries. To set this up, take a look
    118 at the `/etc/dnscache/ip/` directory:
    119 
    120     ─── ls /etc/dnscache/ip
    121     127
    122     ─── wc 127
    123     0         0         0 /etc/dnscache/ip/127
    124 
    125 A single file named `127`, which is totally empty... What does that mean ?
    126 Upon startup, `dnscache` will read this directory and check the filenames to
    127 know which IP address it should accept queries from.
    128 
    129 The filename also act as a netmask, so in this case, `127` really means
    130 `127.0.0.0/8`.
    131 
    132 Back to our configuration. We want `dnscache` to accept queries from our local
    133 network: `10.0.0.0/16`. Just create the corresponding file:
    134 
    135     # :> /etc/dnscache/ip/10.0
    136 
    137 And we're done !
    138 
    139 Now, we need to tell `dnscache` who will answer the queries it receives. This is
    140 done in the `/etc/dnscache/servers/` directory. We can see that there is already
    141 a file here:
    142 
    143     ─── ls /etc/dnscache/servers/
    144     @
    145     ─── cat /etc/dnscache/servers/@
    146     198.41.0.4
    147     192.228.79.201
    148     192.33.4.12
    149     128.8.10.90
    150        ...
    151 
    152 This is a list of the root servers extracted from [this
    153 list](http://www.internic.net/zones/named.root).
    154 
    155 In this directory, each file represent a domain, and the content of this file is
    156 the list of the servers to contact in order to resolve those names.  
    157 "`@`" is a special name for the "fallback" entry.
    158 
    159 In our case, we want `tinydns` to resolve names from "domain.lan", and forward
    160 everything else to the root servers in the "`@`" file. To query `tinydns`, we
    161 need to forward queries to `127.0.0.1`. Here's how to do this:
    162 
    163     # cat <<EOF > /etc/dnscache/servers/domain.lan
    164     127.0.0.1
    165     EOF
    166 
    167 That's all. Pretty simple isn't it ?
    168 
    169 It's now time to start dnscache. It needs (like `tinydns`) two environment
    170 variables: `ROOT` for the configuration directory path, and `IP` for the address
    171 of the interface to listen on (note that you can use `0.0.0.0` to listen on all
    172 interfaces).
    173 
    174     # ROOT=/etc/dnscache IP=10.0.0.1 dnscache
    175 
    176 You can now check if everything is working fine with `nslookup`: 
    177 
    178     # cp /etc/resolv.conf.old /etc/resolv.conf.orig
    179     # cat <<EOF > /etc/resolv.conf
    180     nameserver 10.0.0.1
    181     EOF
    182     # nslookup pc2.domain.lan
    183     Server:    (null)
    184     Address 1: ::1 localhost
    185     Address 2: 127.0.0.1 dns.domain.lan
    186 
    187     Name:      pc2.domain.lan
    188     Address 1: 10.0.0.g.2
    189     # mv /etc/resolv.conf.orig /etc/resolv.conf
    190 
    191 And there you are ! You can now specify the IP address of your server in the
    192 `resolv.conf` on your local computers.
    193 
    194 <!-- vim: set ft=markdown ts=4 et tw=80: -->