DJB tinydns (djbdns)

FreeBSD comes with the venerable BIND (the Berkeley Internet Name Daemon) both for resolving hostnames and to publish own domain addresses (dns server). I don’t like it a bit…. it’s not fond to the Unix ways and principles at all, it’s big and monolithic, strange configuration file, bad security holes history, etc…

So, with a new box, comes the need to replace bind with djbdns. This is my howto on doing this in FreeBSD. Viewer discretion is advised as the level of geekness can leave brain damage…

Instalation of the needed software

Our good friend the ports tree, makes this a breeze…

cd /usr/ports/dns/djbdns
make install clean

options selected: MAN, JUMBO (the djdns jumbo patch by Claudiu Costin)

the djbdns depends on ucspi-tcp (another DJB software). And if it is not already in your system you will be prompted to install it. If later on you think about replace Sendmail with Qmail (also have a neat guide about it) the options you should select in the ucspi-tcp dialog are: LIMITS, MANPAGES, RSS_DIFF.

The startup on boot, restart, start, stop, etc.. will be managed by yet another DJB software, daemontools, so go ahead and install it also.

cd /usr/ports/sysutils/daemontools
make install clean

options selected: MAN, S_NORMAL, TESTS

Setting up DNS resolver/cache

Add up the needed user accounts

pw useradd -n dnscache -s /usr/sbin/nologin
pw useradd -n dnslog -s /usr/sbin/nologin

And set-up the dnscache with the dnscache-conf command (replace a.b.c.d with the ip where dnscache will listen to incoming resolving requests

dnscache-conf dnscache dnslog /etc/dnscache a.b.c.d

Set up the Ips that can query your dnscache, it’s just plain files in /etc/dnscache/root/ip/

touch /etc/dnscache/root/ip/127.0.0.1
touch /etc/dnscache/root/ip/a.b.c.d
touch /etc/dnscache/root/ip/a.b.c.e
etc...

Now set-up daemontools (if is already running skip this part), edit /etc/rc.conf and add:

svscan_enable=”YES”
svscan_servicedir=”/service”

Now, start daemontools

mkdir -p /service
/usr/local/etc/rc.d/svscan start

and check that is running

ps -waux | grep svscan

you should get something like
root 30558 0.0 0.0 3292 932 ?? S 2:58AM 0:00.03 /usr/local/bin/svscan /service

Now, start dnscache

ln -s /etc/dnscache /service/dnscache

and stop bind

/etc/rc.d/named stop

edit /etc/rc.conf and make the change permanently with
named_enable=”NO”

Configure /etc/resolv.conf to use the dnscache
edit /etc/resolv.conf (change a.b.c.d to whatever ip you set up dnscache with dnscache-conf)
nameserver a.b.c.d

Check if you are up and running and look the magic unfolding

svstat /service/dnscache
sockstat | grep dns
tail -f /etc/dnscache/log/main/current | tai64nlocal

Related Posts

• DNS server with djbdns (VegaDNS GUI + bonus replication)
• My Qmail installation guide reloaded
• Reverse DNS with djbdns on private IP
• FreeBSD – Configure a private IP jail
• Setting up SSH access with server keys (no password) in FreeBSD