Caching DNS Server using djbdns

Overview
Djbdns is a DNS server package named for its creator, Daniel J. Bernstein. This article aims to assist in its installation and configuration as a DNS caching server (dnscachex) and an authoritative DNS server (tinydns).

A DNS caching server can help improve lookup times by keeping DNS data readily available for LAN users. A lookup request to one's own server is frequently answered more quickly than a distant DNS server.

Installation
First, we will need to install to manage the djbdns server processes.

Start the svscan service and set it to run at boot time.

Create a nofiles group if not already created (needed by djbdns)

Then install the djbdns package.

Configuring djbdns
Some users may want to run only dnscache or only tinydns, but we're going to discuss how to make them work in tandem. Because both services listen on the same port, running both on the same machine requires them to be bound to different IP addresses. This sounds convoluted but really isn't.

We configure tinydns to listen on the loopback address (127.0.0.1) and dnscache to listen on the server's local IP address (e.g. 192.168.x.x). Then we list 127.0.0.1 in dnscache's forwarding server list (along with other DNS servers) and clients make use of tinydns through dnscache rather than accessing it directly.

dnscache
Run the dnscache configuration and follow the prompts:

Most users will want to use the default installation location [/var].

Bind to the LAN IP address [e.g. 192.168.x.x]

The forward-to IP should be a DNS server which will act as a source for dnscache. Good values include ISP's DNS servers, Google's DNS servers (8.8.8.8, 8.8.4.4), or sometimes the contents of

When configuring clients, enter the IP addresses to allow access to dnscache. Incomplete IP addresses denote address groups: 192.168.2 will allow connections from any host with an address in the 192.168.2.0 network.

That's it for the setup script. A directory will be created, as will a symlink to it in. We can test if dnscache is working by changing the nameserver(s) listed in to the bound address from earlier and attempting to ping any domain name.

(Some known problems, with einfo and /sbin/functions.sh, is described and solved here: http://forums.gentoo.org/viewtopic-t-838856-start-0.html)

tinydns
Run the tinydns configuration and follow the prompts:

For most, the default installation location is fine [/var].

When running tinydns without dnscache, bind to the LAN IP address [e.g. 192.168.x.x] When running tinydns in concert with dnscache, bind to the loopback address [127.0.0.1]

And so concludes the setup script. It creates and  and the corresponding symlinks in.

Next we need to define our domain and DNS entries. There are a number of scripts in to help us out. First we specify our domain name:

And then we can define some hosts which are part of that domain:

Each of these scripts contributes to the (which can be edited by hand also). Once all the entries are in, compile it into the active database:

IMPORTANT: Since we want dnscache to know that tinydns is handling the example.com domain, we need to add it to the appropriate configuration directory:

This is how definitions in tinydns, while only accessible from localhost, can be seen by the rest of the world.

Checking that Gentoo Caching DNS Server is running and working correctly
Run svc to try and restart your DNS services if svstat doesn't start counting. Also run it if you had to go back more than once and run the setup scripts. /service/axfrdns: up (pid 10587) 392203 seconds /service/dnscachex: up (pid 10569) 392203 seconds service/tinydns: up (pid 10578) 392203 seconds

Above is an example of a good running Caching DNS. Notice the vary large number 393203 seconds: it has been running for days. If you have configured your Caching DNS the number should be climbing. If it doesn't climb, say it's 0 then 1 second then 0 again, it means your configuration is incorrect.

Now you can change your DNS Settings on your Clients to your Local Caching DNS IP.