Attention
To correctly install and configure dnsmasq, go to the superuser session:
When prompted for a password, enter the root user or local administrator password.
DNS cache is designed to speed up the loading of website pages by storing their IP addresses in memory. To configure caching, use the utility dnsmasq.
Yum install dnsmasq
Using the vi or nano text editor, open the file located at /etc/dnsmasq.conf
vi /etc/dnsmasq.conf
Nano /etc/dnsmasq.conf
Edit the following options:
resolv-file=/etc/resolv.dnsmasq no-poll listen-address=127.0.0.1 cache-size=150 conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
Also add the following parameter:
All servers
You can also specify the following options:
Now create a file resolv.dnsmasq using a text editor vi or nano and write down the addresses of the dns servers there.
Vi /etc/resolv.dnsmasq
Nano /etc/resolv.dnsmasq
Then add the IP address 127.0.0.1 to file resolv.conf. To do this, use the utility « Network connections» located in "Menu" → "Options" → "Network Connections" in a graphical environment Cinnamon or "System" → "Settings" → "Network Connections" in a graphical environment Mate. Select your active connection, click the button "Change", go to tab "IPv4 Settings", change "Method" on "Automatic (DHCP, address only)", and in the field " Additional DNS servers" write the address 127.0.0.1 , click apply and restart network manager.
Editing the resolv.conf file with help text editors Not recommended. The file will be overwritten with the next system restart.
Systemctl restart NetworkManager.service
Check the contents of the file to make sure the changes have taken effect. resolv.conf:
/etc/resolv.conf
The content should be like this:
# Generated by NetworkManager nameserver 127.0.0.1
The operations described above will allow you to redirect all dns requests to the local machine.
Add a Service dnsmasq to autostart and relogin session:
Systemctl enable dnsmasq.service --now
To reset the cache, simply restart the service:
Systemctl restart dnsmasq.service
Check if the service is enabled:
Systemctl status dnsmasq.service
Check port 53:
Netstat -ntlp | grep:53 tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 7319/dnsmasq tcp6 0 0:::53:::* LISTEN 7319/dnsmasq
Now try using the dig utility to access the site several times google.com
Dig google.com | grep "Query time" ;; Query time: 135 msec
If dns-query caching works, then in almost all the following requests, the highlighted line query time will be equal to zero.
;; Query time: 0 msec
Otherwise, it will vary from 0 and up with each new request.
As a result, the network's primary DNS server will experience much less load.
If you find an error, highlight the text and click Ctrl+Enter.
Good time, readers. Continuing the theoretical material about, in the current article I want to consider a practical example installations and settings different BIND server configurations. In the article I will describe DNS setting-cache and full DNS master server. I'll start the description with general concepts and necessary steps to organize any DNS servers.
Named is a demon that is part of bind9 package and being domain name server. Demon named can implement the functions of servers of any type: master, slave, cache. In the above diagram, I tried to display the main one as transparently as possible. how the BIND DNS server works. The binary that does the bulk of the work is located in /usr/sbin/named. It takes settings from the main configuration file, which is called named.conf and located in the catalog /etc/bind. in main config described server working directory, often a directory /var/cache/bind, in which they lie zone description files and other service files. Correspondence zone names And zone description file sets zone section with parameter file. zone section also sets the type of responsibility this server per zone (master, slave, etc.), and also defines special parameters for the current zone (for example, on which interface to process requests for the current zone). In zone description files contains parameters for zones and resource records (the paths indicated in this paragraph may differ, it depends on Linux distribution or parameters).
This general scheme work that will help you not to get confused in the future when considering specific configurations.
The format of the configuration file for the 4th version of the program differs from that used in the eighth and ninth versions BIND. Given that I'm looking forward to installing a new DNS server, and old version I don’t see the point of setting it, therefore I will consider the config of the new version.
For DNS to work correctly, it must have a . The DNS in this article will be set up on a Debian distribution, and the specifics of other distributions will also be noted. The stand network config is as follows:
DNS: ~# CAT/ETC/Network/InterFaces Auto LO IFACE LOT LOOPBACK AUTH0 IFACE ETH0 INETCENTIC 10.0.152 Netmask 255.255.255.0 Gateway 10.0.254 Auto ETHA ATH Face ETH1 Inet Static Address 192.168.1 Netmask 255.255.255.0
Where 10.0.0.152/24 - external interface (subnet allocated by the provider), 192.168.1.1/24 - internal (Local network). The custom zone will be named example.com. In the example with slave server, the secondary server will be located on the IP 10.0.0.191 .
For the DNS server to work, you need bind9 (on some distributions - bind ). As noted in the diagram - the main configuration file BIND is the file named.conf (given file can be placed in a directory /etc, sometimes in /etc/bind).
named.conf file syntax adheres to the following rules:
IP addresses- IP list must be separated by ";" , it is possible to specify a subnet in the format 192.168.1.1/24 or 192.168.1.1/255.255.255.0, (to exclude IP, you need to put a sign in front of it!), it is possible to specify names "any", "none", "localhost" in double quotes.
Comments- lines starting with #, // and enclosed in /* and */ are considered comments.
IN zone description files -symbol @ is a "variable" holding the name of the zone specified in the configuration file named.conf or in the @ directive $ORIGIN the current zone description.
Each completed line parameters must end with a character; .
Acl (access control list)- allows you to set a named list of networks. Section Format: acl "net_name" (ip; ip; ip; );
Options section sets global options configuration file that controls all zones. This section has the following format: options(options_section_options);. Options can be "nested" in Zone section, while it overrides the global settings. Often used options statements:
Specifies the description of the zone(s). Section Format: zone( zone_section_statements}; Operators which are most commonly used:
Time values in zone files by default it is specified in seconds if they are not followed by one of the following letters: S - seconds, M - minutes, H - hours, D - days, W - weeks. Accordingly, the entry 2h20m5s will have a value of 2 hours 20 minutes 5 seconds and correspond to 8405 seconds.
Any hostname/entries that do not end with dot counts non-FQDN name and will be completed with the name of the current zone. For example, a domen entry in the zone file examle.com would expand to the FQDN name domen.examle.com. .
IN BIND configuration files the following may apply directives:
Separately, I would like to describe parameter allow-transfer ( 10.0.0.191; );. This parameter describes the servers that are allowed to download a copy of the zone - so-called server slave. In the following example, we will analyze the setting slave DNS.
For logging to work correctly, you need to create the appropriate directory and assign the necessary rights:
Dns:~# mkdir /var/log/bind/ dns:~# chmod 744 /var/log/bind/ dns:~# ps aux | grep named bind 4298 0.0 3.4 46792 13272 ? Ssl Jul05 0:00 /usr/sbin/named -u bind root 4815 0.0 0.1 3304 772 pts/4 S+ 18:19 0:00 grep named dns:~# chown bind /var/log/bind/ dns:~# ls -ld /var/log/bind/ drwxr--r-- 2 bind root 4096 Jul 6 18:18 /var/log/bind/
Dns:~# cat /var/cache/bind/example.com $TTL 3D @ IN SOA ns.example.com. root.example.com. (2011070601 ; serial 8H ; refresh 2H ; retry 2W ; expire 1D) ; minimum @ IN NS ns.example.com. @ IN NS ns2.example.com. @ IN A 10.0.0.152 @ IN MX 5 mx.example.com. ns IN A 10.0.0.152 ns2 IN A 10.0.0.191 mx IN A 10.0.0.152 www IN CNAME @
as well as in the in-addr.arpa domain.
Dns:~# cat /var/cache/bind/0.0.10.in-addr.arpa $TTL 3600 @ IN SOA ns.examle.com. root.example.com. (2007042001 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600) ; Minimum IN NS ns.examle.com. IN NS ns2.example.com. 152 IN PTR examle.com. 191 IN PTR ns.example.com. * IN PTR examle.com. dns:~# cat /var/cache/bind/1.168.192.in-addr.arpa $TTL 3600 @ IN SOA ns.examle.com. root.example.com. (2007042001 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600) ; Minimum IN NS ns.examle.com. IN NS ns2.example.com. * IN PTR examle.com.
Our network is small, it is assumed that there are very few machines on the network. All network services are hosted on the same host example.com., so the master DNS (ns.example.com.) and mail server(mx.example.com.) points to one machine (10.0.0.152).
main function server slave- automatic synchronization of the zone description with the master server. This task regulated by the document RFC 1034 In chapter 4.3.5. According to this document it is recommended to exchange data between servers by means of an AXFR request. For this request for one TCP connection the entire zone must be transmitted (RFC 1035).
Also, slave DNS server shares the load with the master server or takes over the entire load in the event of a failure on the first server.
Before proceeding to configuring a slave DNS server, you need to verify that you can manually obtain the zone from the secondary using the following command:
Root@debian:~# [email protected] example.com. axfr ;<<>> DiG 9.7.3<<>> @10.0.0.152 example.com. axfr ; (1 server found) ;; global options: +cmd example.com. 259200 IN SOA ns.example.com. root.example.com. 2011070801 28800 7200 1209600 86400 example.com. 259200 IN NS ns.example.com. example.com. 259200 IN NS ns2.example.com. example.com. 259200 IN A 10.0.0.152 example.com. 259200 IN MX 5 mx.example.com. mx.example.com. 259200 IN A 10.0.0.152 ns.example.com. 259200 IN A 10.0.0.152 ns2.example.com. 259200 IN A 10.0.0.191 www.example.com. 259200 IN CNAME example.com. example.com. 259200 IN SOA ns.example.com. root.example.com. 2011070801 28800 7200 1209600 86400;; Query time: 14 msec ;; SERVER: 10.0.0.152#53(10.0.0.152) ;; WHEN: Fri Jul 8 15:33:54 2011 ;; XFR size: 11 records (messages 1, bytes 258)
In total, we get the slave server config:
[email protected]:~# cat /etc/bind/named.conf options ( directory "/var/cache/bind"; allow-query ( any; ); // answer requests from all interfaces recursion no; // disable recursive requests auth- nxdomain no; // for RFC1035 compatibility listen-on-v6 ( none; ); // we don't need IPv6 version "unknown"; // don't display DNS server version in responses ); // the zones described below define the server as authoritative for loopback // interfaces, as well as for broadcast zones (according to RFC 1912) zone "localhost" ( type master; file "localhost"; ); zone "127.in-addr.arpa" ( type master; file "127.in-addr.arpa"; ); zone "0.in-addr.arpa" ( type master; file "0.in-addr.arpa"; ); zone "255.in-addr.arpa" ( type master; file "255.in-addr.arpa"; ); // description of the main zone zone "example.com" ( type slave; file "example.com"; masters ( 10.0.0.152; ); ); //reverse zone description zone "0.0.10.in-addr.arpa" ( type slave; file "0.0.10.in-addr.arpa"; masters ( 10.0.0.152; ); ); // logging settings logging ( channel "misc" ( file "/var/log/bind/misc.log" versions 4 size 4m; print-time YES; print-severity YES; print-category YES; ); channel "query" ( file "/var/log/bind/query.log" versions 4 size 4m; print-time YES; print-severity NO; print-category NO; ); category default ( "misc"; ); category queries ( "query "; ); );
after restarting our slave server will safely copy the information it needs from the main server, as indicated by the presence of files in the directory:
[email protected]:~# ls -la /var/cache/bind/ total 28 drwxrwxr-x 2 root bind 4096 Jul 8 18:47 . drwxr-xr-x 10 root root 4096 Jul 8 15:17 .. -rw-r--r-- 1 bind bind 416 Jul 8 18:32 0.0.10.in-addr.arpa ...... - rw-r--r-- 1 bind bind 455 Jul 8 18:32 example.com ........
Basically, /stroallow-transfer (pngp slave server may not store a copy of the zone in its file system. This copy is needed only at the time of DNS start. Having a copy of the zone in the file system can prevent a crash if the master server is unavailable during the startup of the slave DNS. If you do not specify the file option in the zone section, no copy is created.
Actually, having configured the server, it would be nice to protect it. We know that the server is running on port 53/udp. After reading the article about and familiarizing yourself with, you can create network traffic filtering rules:
Dns ~ # iptables-save # generic iptables rules for DNS *filter:INPUT DROP :FORWARD DROP :OUTPUT DROP -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate INVALID -j DROP # allow access local network to DNS server: -A INPUT -s 192.168.1.1/24 -d 192.168.1.1/32 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -p icmp -j ACCEPT -A OUTPUT -p udp -m udp --sport 32768:61000 -j ACCEPT -A OUTPUT -p tcp -m tcp --sport 32768:61000 -j ACCEPT -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # allow DNS server access to make outbound queries -A OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT COMMIT
This is a typical example! To set iptables rules for your tasks and network configuration, you need to understand how netfilter works in Linux by reading the above articles.
The main source for identifying DNS problems is . Here is an example of startup errors when I made a mistake with the path to core servers zone file:
Jul 5 18:12:43 dns-server named: starting BIND 9.7.3 -u bind Jul 5 18:12:43 dns-server named: built with "--prefix=/usr" "--mandir=/usr/ share/man" "--infodir=/usr/share/info" "--sysconfdir=/etc/bind" "--localstatedir=/var" "--enable-threads" "--enable-largefile" "- -with-libtool" "--enable-shared" "--enable-static" "--with-openssl=/usr" "--with-gssapi=/usr" "--with-gnu-ld" "- -with-dlz-postgres=no" "--with-dlz-mysql=no" "--with-dlz-bdb=yes" "--with-dlz-filesystem=yes" "--with-dlz-ldap =yes" "--with-dlz-stub=yes" "--with-geoip=/usr" "--enable-ipv6" "CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2" "LDFLAGS=" " CPPFLAGS=" Jul 5 18:12:43 dns-server named: adjusted limit on open files from 1024 to 1048576 Jul 5 18:12:43 dns-server named: found 1 CPU, using 1 worker thread Jul 5 18:12: 43 dns-server named: using up to 4096 sockets Jul 5 18:12:43 dns-server named: loading configuration from "/etc/bind/named.conf" Jul 5 18:12:43 dns-server named: reading built -in trusted keys from file "/etc/bind/bind.keys" Jul 5 18:12:43 dns-server named: using default UDP/IPv4 port range: Jul 5 18:12:43 dns-server named: using default UDP/IPv6 port range: Jul 5 18:12:43 dns-server named: listening on IPv4 interface lo, 127.0.0.1#53 Jul 5 18:12:43 dns-server named: listening on IPv4 interface eth1, 192.168.1.1 #53 Jul 5 18:12:43 dns-server named: generating session key for dynamic DNS Jul 5 18:12:43 dns-server named: could not configure root hints from "/etc/bind/db.root": file not found Jul 5 18:12:43 dns-server named: loading configuration: file not found # file not found Jul 5 18:12:43 dns-server named: exiting (due to fatal error) Jul 5 18:15:05 dns-server named: starting BIND 9.7.3 -u bind Jul 5 18:15:05 dns-server named: built with "--prefix=/usr" "--mandir=/usr/share/man" "-- infodir=/usr/share/info" "--sysconfdir=/etc/bind" "--localstatedir=/var" "--enable-threads" "--enable-largefile" "--with-libtool" "- -enable-shared" "--enable-static" "--with-openssl=/usr" "--with-gssapi=/usr" "--with-gnu-ld" "--with-dlz-postgres= no" "--with-dlz-mysql=no" "--with-dlz-bdb=yes" "--with-dlz-filesystem=yes" "--with-dlz-ldap=yes" "--with -dlz-stub=yes" "--with-geoip=/usr" "--enable-ipv6" "CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2" "LDFLAGS=" "CPPFLAGS=" Jul 5 18: 15:05 dns-server named: adjusted limit on open files from 1024 to 1048576 Jul 5 18:15:05 dns-server named: found 1 CPU, using 1 worker thread Jul 5 18:15:05 dns-server named: using up to 4096 sockets Jul 5 18:15:05 dns-server named: loading configuration from "/etc/bind/named.conf" Jul 5 18:15:05 dns-server named: using default UDP/IPv4 port range: Jul 5 18:15:05 dns-server named: using default UDP/IPv6 port range: Jul 5 18:15:05 dns-server named: listening on IPv4 interface lo, 127. 0.0.1#53 Jul 5 18:15:05 dns-server named: listening on IPv4 interface eth1, 192.168.1.1#53 Jul 5 18:15:05 dns-server named: automatic empty zone: 254.169.IN-ADDR. ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: 2.0.192.IN-ADDR.ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: 100.51.198.IN-ADDR. ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: 113.0.203.IN-ADDR.ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: 255.255.255.255.IN-ADDR. ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6 .ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. IP6.ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: D.F.IP6.ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: 8.E.F.IP6.ARPA Jul 5 18:15 :05 dns-server named: automatic empty zone: 9.E.F.IP6.ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: A.E.F.IP6.ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: B.E.F.IP6.ARPA Jul 5 18:15:05 dns-server named: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jul 5 18:15:05 dns-server named: zone 0. in-addr.arpa/IN: loaded serial 1 Jul 5 18:15:05 dns-server named: zone 127.in-addr.arpa/IN: loaded serial 1 Jul 5 18:15:05 dns-server named: zone 255.in-addr.arpa/IN: loaded serial 1 Jul 5 18:15:05 dns-server named: zone localhost/IN: loaded serial 2 Jul 5 18:15:05 dns-server named: running # started successfully
They are an excellent diagnostic tool.
Summary
In the current article, I have described how to set up basic BIND server DNS configurations. The purpose of this article was to give an idea of how the BIND server works on UNIX. I practically did not touch upon DNS security issues and little touched on such specific settings as the operation of the server in edge mode, when different networks given miscellaneous information about the zone(s). For a deeper understanding, I will provide a list of additional sources, in which, I hope, it will be possible to obtain the necessary information. I put an end to this. See you again.
Domain Name System: http://citforum.ru/internet/dns/khramtsov/
RFC 1034- Domain Names - Concepts and Facilities: http://tools.ietf.org/html/rfc1034
RFC 1035- Domain Names - Implementation and Specification: http://tools.ietf.org/html/rfc1035
RFC 1537- Common DNS Data File Configuration Errors: http://tools.ietf.org/html/rfc1537
RFC 1591- Domain Name System Structure and Delegation: http://tools.ietf.org/html/rfc1591
RFC 1713- Tools for DNS Debugging: http://tools.ietf.org/html/rfc1713
RFC 2606- Reserved Top Level DNS Names: http://tools.ietf.org/html/rfc2606
DNS security (DNSSEC): http://book.itep.ru/4/4/dnssec.htm
BIND 9 Administrator Reference Manual: http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.html
Secure BIND Template: http://www.cymru.com/Documents/secure-bind-template.html
The config parameters are well defined onRussian: http://www.bog.pp.ru/work/bind.html
Automatic creation of a zone file: http://www.zonefile.org/?lang=en#zonefile
Every year, the speed of the Internet - both the last mile and the main channels - is getting higher. Only one thing is invariable - the latency has already come up against physical limitations: the speed of light in an optical fiber is about 200 thousand kilometers per second, and accordingly, faster than ~ 150ms, a response from a server across the Atlantic Ocean will not be received in the foreseeable future (although of course there are frills, such as an optical fiber with air core or radio relay communication, but this is hardly accessible to mere mortals).
When we try, for example, from Russia to open a website located in the USA (its NS server is probably in the same place), and the domain was not found in the DNS cache of your provider, then we will have to wait a long time even on a gigabit Internet, perhaps even a whole second: while we across the ocean we will receive the names of the NS servers of the domain, while we resolve their IP, while we send and receive the actual DNS request itself ...
A couple of years ago, Google started their public DNS servers, and to promote the transition to them, they developed the NameBench utility, which runs DNS tests on your surfing history and shows how much Google DNS is faster than your ISP's DNS server.
But I managed to make my DNS server work faster than google Public DNS, and in this short note I want to share the results.
It is the inclusion of parallel polling that gives us the main advantage in speed., because when finding the result in the cache of any of the providers, we get the result very quickly, and do not wait for a complete and slow resolution if the first provider does not have a response in the cache.
Installed in Ubuntu - banal apt-get.
In principle, caching can be made less aggressive (for example, min_ttl=1m), but there were no particular problems during the year of operation. In case of problems - if you wish, you can wipe one entry from the cache:
sudo pdnsd-ctl record 3.14.by delete or all at once:
sudo pdnsd-ctl empty-cache
According to the test results, NameBench happily tells us:
8.8.8.8 Slower replica of SYS-192.167.0.98 8.8.4.4 Slower replica of SYS-192.167.0.98
The purpose of DNS is to translate domain names easily remembered by humans into IP addresses that computers understand, a process called name resolution.
What will the installation of our own caching DNS server give us?!
This will slightly speed up the response of sites + Linux does not perceive NetBios names very well, and sometimes you have to find computers or printers inside the local network, but you want to do it by name.
Remembering IP addresses is not convenient, but constantly climbing to the DHCP server log is also not our method. For such cases, DNS is needed in the local network.
The installation of the bind9 package itself is not difficult, plugs usually arise at the stage of its configuration, because after easy-to-read configuration files of the system, an incomprehensible syntax falls on a person, by the way, very similar to the C programming language. the server will work inside the local network, then it does not make sense to transfer it to a chroot environment and the whole setup takes very little time.
On this, the lyrical part can be completed, we proceed to installation and configuration.
Install the Bind9 DNS server:
sudo apt-get install bind9
Once completed, downloaded and installed, we need to edit its configuration file:
sudo nano /etc/bind/named.conf.options
We find the section, it is located at the very beginning of the configuration file, there is nothing else besides it ...
Options ( directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http: //www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0"s placeholder. // forwarders ( // 0.0.0.0; // ); auth-nxdomain no; # conform to RFC1035 listen-on-v6 ( any; ); );
The forwarders section is responsible for where the DNS request for name resolution will be sent if it is not in its own database. Lately, I’m not at all happy, the work of these servers at the provider can be connected to third-party ones, for example, Google ones, it’s very easy to remember the IP 8.8.
We edit the section, first you need to remove comments from it and add third-party DNS, if there is a need to add several servers, for example, in case the google server does not withstand your requests and breaks :), then the IP of other servers can be written in a column, then you can achieve greater resiliency.
forwarders ( 8.8.8.8; 193.58.251.251; //Russian DNS service -SkyDNS );
In this section, it is better to enter the IP of the server that you have specified in the file /etc/resolv.conf or enter there in the section nameserver this IP
Save changes and exit
Restart the server and check
Recruiting in command line nslookup mail.ru
Should issue:
Non-authoritative answer: Name: mail.ru Addresses: 94.100.191.202
This suggests that our server is not the main one in servicing this zone (mail.ru), but the requests have been added to the cache!
Now we need to create a DNS zone for our network so that machines can find various network services - there can be, for example, network printers, they can be either independent or shared on other workstations.
Our zone can be called orgname -i.e. Name of the organization.
First of all, we create a zone, for this we edit named.conf.local
sudo nano /etc/bind/named.conf.local
and add the following to it:
zone "orgname" ( type master; file "/etc/bind/db.orgname"; );
Save and exit
Now we need to create a zone configuration file
sudo nano /etc/bind/db.orgname
and paste the following into it:
(Please pay attention to the syntax of the configuration file, even dots matter)
@ IN SOA orgname. root.orgname. (20101015 4h ; update time -4 hours 1h ; repeat every hour 1w ; how long to store information -1 week 1d) ; TTL (time to live) records - 1 day @ IN NS orgname. ; name server name @ IN A 192.168.10.1 ; A - record - IP address of our DNS server that serves this zone, @ means that this is the root zone. * IN CNAME @ printer IN A 192.168.10.25 ; You can create a DNS record network printer which is located at 192.168.10.25
Now, when adding a new network device, you need to do 2 things:
1) Reserve an IP address for DHCP server how to do this, you can read in the article-
2) Create a DNS zone for this IP, like devicename IN A XXX.XXX.XXX.XXX. Where: devicename - network name of the device; XXX.XXX.XXX.XXX is its IP address which is reserved on the DHCP server.
Now we need to edit the resolv.conf file
sudo nano /etc/resolv.conf
And enter there:
Nameserver 127.0.0.1
Everything that was there could be commented out by putting #
Restarting the server
This is done so that the server looks for everything in its own database, and only then BIND will redirect requests to the server 8.8.8.8 whose IP is entered in the directive forwarders.
Now you can check if it works:
If testing is done from under Windows:
ping devicename.orgname
If we test from under Linux:
ping devicename.orgname -c 4
Pings should go to the IP that you specified instead of XXX.XXX.XXX.XXX
This completes the DNS server setup.
Every year, the speed of the Internet - both the last mile and the main channels - is getting higher. Only one thing is invariable - the latency has already come up against physical limitations: the speed of light in an optical fiber is about 200 thousand kilometers per second, and accordingly, faster than ~ 150ms, a response from a server across the Atlantic Ocean will not be received in the foreseeable future (although of course there are frills, such as an optical fiber with air core or radio relay communication, but this is hardly accessible to mere mortals).
When we try, for example, from Russia to open a website located in the USA (its NS server is probably in the same place), and the domain was not found in the DNS cache of your provider, then we will have to wait a long time even on a gigabit Internet, perhaps even a whole second: while we across the ocean we will receive the names of the NS servers of the domain, while we resolve their IP, while we send and receive the actual DNS request itself ...
A couple of years ago, Google started their public DNS servers, and to promote the transition to them, they developed the NameBench utility, which runs DNS tests on your surfing history and shows how much Google DNS is faster than your ISP's DNS server.
But I managed to make my own DNS server that is faster than Google Public DNS, and in this short note I want to share the results.
It is the inclusion of parallel polling that gives us the main advantage in speed., because when finding the result in the cache of any of the providers, we get the result very quickly, and do not wait for a complete and slow resolution if the first provider does not have a response in the cache.
Installed in Ubuntu - banal apt-get.
In principle, caching can be made less aggressive (for example, min_ttl=1m), but there were no particular problems during the year of operation. In case of problems - if you wish, you can wipe one entry from the cache:
sudo pdnsd-ctl record 3.14.by delete or all at once:
sudo pdnsd-ctl empty-cache
According to the test results, NameBench happily tells us:
8.8.8.8 Slower replica of SYS-192.167.0.98 8.8.4.4 Slower replica of SYS-192.167.0.98
