Update: these exact same instructions work on EL6, too (tested it on my ScientificLinux 6 workstation).
Today I was looking into installing a dns caching server on my Centos box so it wastes less time looking up hostnames. I wanted something as light on resources as possible (my dom0 server has only 512MB RAM).First I thought of dnsmasq, but then I reconsidered as I didn't want something that can also do DHCP, and anyway, AFAIK dnsmasq doesn't use the dns root servers, but your upstream ISP name servers.
My second thought was dnscache (from the djbdns suite), but I really didn't feel like compiling all that stuff (daemontools, ucspi etc). And anyway.. dnscache is _old_.
After all that fuss I remembered reading about pdnsd somewhere so I checked it out: exactly what I needed!
Why do I like it?
- It's small - It's fast - It's secure (goes around dns cache poisoning) - Does persistent caching (good for not permanent connections, also for machines rebooting often) - Knows IPv6 - Installation is very easy
Installing it on Centos 5 was a no brainer. The RPM package is not in any 3rd party repos that I use (mostly EPEL nowadays - and of course my own :> ). Luckily the developer also mantains RPMs for Centos x86_32 and x86_64:
rpm -ivh http://www.phys.uu.nl/~rombouts/pdnsd/releases/pdnsd-1.2.8-par_el5.x86_64.rpm(It's a good idea to check the homepage as newer versions might be available)
The configuration is equally easy (a sample config file comes with the rpm package). Here's mine, should work on most servers:
// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup! // Read the pdnsd.conf(5) manpage for an explanation of the options. // Add or remove '#' in front of options you want to disable or enable, respectively. // Remove '/*' and '*/' to enable complete sections. global { perm_cache=1024; cache_dir="/var/cache/pdnsd"; # pid_file = /var/run/pdnsd.pid; run_as="pdnsd"; server_ip = 127.0.0.1; # Use eth0 here if you want to allow other # machines on your network to query pdnsd. status_ctl = on; # paranoid=on; # This option reduces the chance of cache poisoning # but may make pdnsd less efficient, unfortunately. query_method=udp_tcp; min_ttl=15m; # Retain cached entries at least 15 minutes. max_ttl=1w; # One week. timeout=10; # Global timeout option (10 seconds). neg_domain_pol=on; } # The following section is most appropriate if you have a fixed connection to # the Internet and an ISP which provides good DNS servers. server { label = "root-servers"; root_server = discover; # Query the name servers listed below # to obtain a full list of root servers. randomize_servers = on; # Give every root server an equal chance # of being queried. ip = 198.41.0.4, # This list will be expanded to the full 192.228.79.201; # list on start up. timeout = 5; uptest = query; # Test availability using empty DNS queries. interval = 30m; # Test every half hour. ping_timeout = 300; # Test should time out after 30 seconds. purge_cache = off; exclude = .localdomain; policy = included; preset = off; } source { owner=localhost; # serve_aliases=on; file="/etc/hosts"; } /* include {file="/etc/pdnsd.include";} # Read additional definitions from /etc/pdnsd.include. */ rr { name=localhost; reverse=on; a=127.0.0.1; owner=localhost; soa=localhost,root.localhost,42,86400,900,86400,86400; } /* neg { name=doubleclick.net; types=domain; # This will also block xxx.doubleclick.net, etc. } */ /* neg { name=bad.server.com; # Badly behaved server you don't want to connect to. types=A,AAAA; } */
Just save the above as /etc/pdnsd.conf and start the daemon:
service pdnsd start
Have it started upon boot:
chkconfig pdnsd on
And update your resolv.conf file:
echo nameserver 127.0.0.1 > /etc/resolv.conf
Enjoy!