cachiing nameserver, did I miss something?

Woodchuck djv at bedford.net
Mon Nov 13 16:30:54 PST 2006 

On Mon, 13 Nov 2006, Ed D. wrote:

> Hi,
>     I've been working on setting up my firewall box to also act
> as a caching nameserver for my network.
> I THINK I might have it working, but want to be sure I did it right.
> In the past, I thought I remembered there being a guide about how to
> do this in the OpenBSD FAQ section.  I don't seem to be able to find
> it anymore, so I've set out on my own.
> 
> As I said, it appears it's working, but I feel like there has to be
> more to it, or that I'm missing the boat on something.
>  Would appreciate any input on this.  Thanks,  Ed
> 
>     What I've done so far:
> 1. I've added the rndc-key to the end of named.conf in the
> /var/named/etc subdirectory.
> 
> 2. I've changed the named flags in rc.conf to
> named_flags=""          # for normal use: ""
> 
> 3. I have resolv.conf set to
> lookup file bind

Looks in /etc/hosts, then calls the nameserver.  Note not all
applications (mozilla is one) follow this, i.e. some apps do not
use the unix resolver library calls.  (Grrr...)

> 
> 4. All the computers in the network are using the IP address of
> the interface card that they connect to the firewall with as
> the address of their dns.

This should be the IPA of the card that is on the nameserver.  I think
that's what you meant, but it's not what you said.

> When I run rndc status I get
> meenon# rndc status
> number of zones: 3
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 0
> query logging is OFF
> recursive clients: 0/1000
> tcp clients: 0/100
> server is up and running
> meenon#

OK.

Note that there is a configuration file for named in
/var/named/etc/named.conf 

Also, the should be some rudimentary zone files in /var/named/master,
for the localhost stuff.

use nslookup(1) from a client to see how the nameserver is working.

You can also use the command
	rndc dumpdb
to have a look at the cache, to see what the nameserver has been up to.
But for this to work, you'll have to change the mode of /var/named to
777, so that the chroot'ed server can write the dumpfile to /var.
I'd recommend changing the mode back to 755 afterwards.

It would be fairly easy to hack the source for named to make it dump
to a place other than "named_dump.db", which is hardcoded, and results
in trying to write the file to named's cwd, which is / in the /var/named
chroot.  Better would be to write it to /tmp/named_dump.db, hardwire
that and create a directory /var/named/tmp with suitable permissions.
(likewise for the recursion dump).

Dave
-- 
  "Confound these wretched rodents! For every one I fling away,
               a dozen more vex me!" -- Doctor Doom

More information about the Openbsd-newbies mailing list