Anonymous (not verified) - Wed, 2006-03-22 10:53
Well, basically it's just incredibly well written software. Dan is obsessed with security and efficiency (as reading the code will show). The cache is immune to cache poisoning unlike other DNS implementations and on a small network such as mine, the cache barely uses any RAM. It's very easy to set up and as far as I know there hasn't actually been a single published vulnerability in it in some 9 years of circulation. It's chrooted and runs as non-root by default, so that's a bit of added peace of mind. I've installed a DNS cache and private DNS server for my network and the entire installation consisted of the following commands (there would have been even fewer commands if I'd installed it from a source package but I was installing it on a machine lacking a compiler for security reasons). Assuming that I've just typed 'make setup check' and the binaries have been installed: # useradd -g nogroup -d /nonexistant -s /sbin/nologin Gdnscache # useradd -g nogroup -d /nonexistant -s /sbin/nologin Gdnslog # dnscache-conf Gdnscache Gdnslog /etc/dnscache 192.168.3.10 # ln -s /etc/dnscache /service # touch /etc/dnscache/root/ip/192.168.3 # touch /etc/dnscache/root/ip/192.168.2 Now every machine in 192.168.2.0/24 and 192.168.3.0/24 can use the cache. To increase the memory usage for better caching: # echo 32000000 > /etc/dnscache/env/CACHESIZE # echo 34000000 > /etc/dnscache/env/DATALIMIT # svc -t /service/dnscache Now to add the DNS server to publish addresses of machines on the network: # useradd -g nogroup -d /nonexistant -s /sbin/nologin Gtinydns # tinydns-conf Gtinydns Gdnslog /etc/tinydns 127.53.0.1 # ln -s /etc/tinydns /service # echo '127.53.0.1' > /etc/dnscache/root/servers/internal.network # echo '127.53.0.1' > /etc/dnscache/root/servers/3.168.192.in-addr.arpa # echo '127.53.0.1' > /etc/dnscache/root/servers/2.168.192.in-addr.arpa # cd /etc/tinydns/root # ./add-ns internal.network 127.53.0.1 # ./add-ns 0.53.127.in-addr.arpa 127.53.0.1 # ./add-ns 3.168.192.in-addr.arpa 127.53.0.1 # ./add-ns 2.168.192.in-addr.arpa 127.53.0.1 # ./add-host postbox.internal.network 192.168.3.11 # ./add-host ns.internal.network 192.168.3.10 # ./add-host northgate.internal.network 192.168.2.1 # make # svc -t /service/tinydns That's the entire installation procedure. It took some 20 minutes and has worked absolutely flawlessly ever since. The machine it's running on is a P3 450mhz with 128mb RAM and yet it doesn't miss a beat when 4-5 machines are deliberately flooding it with queries.