djbdns

Anonymous (not verified) - Wed, 2006-03-22 10:53

http://cr.yp.to/djbdns.html Following a recent conversation on the mailing list, here is some complimentary [djbdns] hype:

Well, basically it's just incredibly well written software. Dan
is obsessed with security and efficiency (as reading the code
will show). The cache is immune to cache poisoning unlike other
DNS implementations and on a small network such as mine, the
cache barely uses any RAM. It's very easy to set up and as far
as I know there hasn't actually been a single published
vulnerability in it in some 9 years of circulation. It's
chrooted and runs as non-root by default, so that's a bit of
added peace of mind.

I've installed a DNS cache and private DNS server for my network
and the entire installation consisted of the following commands
(there would have been even fewer commands if I'd installed it
from a source package but I was installing it on a machine
lacking a compiler for security reasons). Assuming that I've
just typed 'make setup check' and the binaries have been
installed:

 # useradd -g nogroup -d /nonexistant -s /sbin/nologin Gdnscache        
 # useradd -g nogroup -d /nonexistant -s /sbin/nologin Gdnslog         
 # dnscache-conf Gdnscache Gdnslog /etc/dnscache 192.168.3.10         
 # ln -s /etc/dnscache /service                        
 # touch /etc/dnscache/root/ip/192.168.3                    
 # touch /etc/dnscache/root/ip/192.168.2                    

Now every machine in 192.168.2.0/24 and 192.168.3.0/24 can use the
cache. To increase the memory usage for better caching:

 # echo 32000000 > /etc/dnscache/env/CACHESIZE                 
 # echo 34000000 > /etc/dnscache/env/DATALIMIT                 
 # svc -t /service/dnscache                          

Now to add the DNS server to publish addresses of machines on the
network:

 # useradd -g nogroup -d /nonexistant -s /sbin/nologin Gtinydns        
 # tinydns-conf Gtinydns Gdnslog /etc/tinydns 127.53.0.1            
 # ln -s /etc/tinydns /service                         
 # echo '127.53.0.1' > /etc/dnscache/root/servers/internal.network       
 # echo '127.53.0.1' > /etc/dnscache/root/servers/3.168.192.in-addr.arpa    
 # echo '127.53.0.1' > /etc/dnscache/root/servers/2.168.192.in-addr.arpa    
 # cd /etc/tinydns/root                            
 # ./add-ns internal.network 127.53.0.1                    
 # ./add-ns 0.53.127.in-addr.arpa 127.53.0.1                  
 # ./add-ns 3.168.192.in-addr.arpa 127.53.0.1                 
 # ./add-ns 2.168.192.in-addr.arpa 127.53.0.1                 
 # ./add-host postbox.internal.network 192.168.3.11              
 # ./add-host ns.internal.network 192.168.3.10                 
 # ./add-host northgate.internal.network 192.168.2.1              
 # make                                    
 # svc -t /service/tinydns                           

That's the entire installation procedure. It took some 20 minutes
and has worked absolutely flawlessly ever since. The machine it's
running on is a P3 450mhz with 128mb RAM and yet it doesn't miss
a beat when 4-5 machines are deliberately flooding it with queries.

 

Tags: