Setting up DNS caching with Linux (and Windows)
Last update 3-12-1999 by GoMoRRaH
edited 26-11-2000 by snider
www.xxxxx.com is used as a non-existent site, as an example.
1 Good old dry theory
1.1 Introduction
The internet is going thru an evolution; faster pc's, more reliable connections
etc... But the greatest evolution are the capacity of the lines. What were
telephone line are now ISDN lines or cable modems. But there are still
people (unfortunate people like me) who have such a sloppy telephone line,
which is sloooooow. So people are beginning to search ways to speed up
their connection. There are tools like download managers, tools that download
the underlying pages of a visited web site in idle times. And so there
are many ways that go to adjusting the hardware of your modem.
Like you all see the software is either Windows based or lets you fuck
up your hardware. This way is for Linux and is so easy even a Windows user
could do it :P
There is also an explanation on how to do the exact same thing under
Windows.
1.2 Who should be reading this document, requirements
Everyone who wants to speed up their (modem) dial-up account by some seconds.
And want to do this in five minutes (if not less).
If you have questions regarding this tutorial, please make sure you've
already read at least some of the basic networking tutorials at blacksun.box.sk.
Also, please do not Email any member of BSRF directly. There is a message
board at blacksun.box.sk - use it.
Information on how to do the same thing under Windows can be found at
the bottom of the tutorial.
Requirements
-
A computer
-
A connection to the internet
-
Linux up and running
-
named (1) installed *
-
5 minutes of time
-
Some spare change for me (*grin*)
* named is the nameserver package, this is standard and the most common
Linux distrubutions should bring it.
1.3 What does a nameserver do?
What does a nameserver do ? Well, suppose you are dialed in with you ISP
and you wish to go to www.xxxxx.com. You open up you browser and type in
the address field http://www.xxxxx.com, you press enter and wait until
xxxxx.com appears. Simple, isn't it ? Let's look behind the scenes to find
out what's really going on in there.
[The flexibility of the Domain Name System is endless, and by all
means this isn't supposed to be a complete study of it, so if you find
anything specific you want to know about i suggest you can look through
RFC-1034 and RFC-1035 for the answer -ed]
-
Your computer gets the request to connect to www.xxxxx.com, but what is
www.xxxxx.com ? Well it the alias of a computer (which has an ip) and has
an httpd daemon running (on port 80).
-
Your computers checks if that site isn't running on your own computer or
on you local network. So it checks your /etc/hosts file (which has you
local intranet information) or it checks a local nameservers referred to
from /etc/resolv.conf. By the way, this is a good time to mention that
DNS stands for Domain Name System.
-
The file /etc/resolv.conf should look something like this.
nameserver 123.123.123.123
-
This is the nameserver of you ISP. And when nothing can be found on the
local intranet you computer will query this nameserver. (if this nameserver
is unreachable the you'll get an error).
-
When this nameserver is reachable it will answer with an ip. If www.xxxxx.com
is unknown to the nameserver it will query some other nameserver [In
fact, there exists a large number of nameservers on the internet. For every
domain there is (yahoo.com, box.sk), there are probably a couple of nameservers
(a primary, and a secondary if not more). The root nameservers, the ones
that hold all the information for .com's .org's .gov's and .net's etc.
(Top Level Domains) are located at something called InterNIC, and
this is where your query will end up if your ISP's nameserver doesnt have
what you're asking for. The '.com' root nameserver at InterNIC will forward
your query for www (.xxxxx.com) to the primary nameserver at xxxxx.com
and from there you will get the correct ip address for www.xxxxx.com]
-
Once this ip (lets say 123.123.123.111) is known, you browser will try
to establish a connection to 123.123.123.111:80 (this connection will be
made by the standard routing procedure as can be viewed by typing route
from a root shell.
Now the communication will be established, data will be transferred using
the http protocol. So the nameserver simply translates www.xxxxx.com into
an ip by quering its own database or querying other databases.
1.4 Whooow that sounds very cool!! So ?
Well suppose those seven steps take about 2 seconds (if you have a speedy
connection and your ISP has a nameserver with almost no network traffic
and if the ip is in the nameservers cache). So if this was an utopia it
would take two seconds. So in these times it'll take a bit longer. In this
tutorial we'll make something called 'a caching only nameserver'.
1.5 What is a caching only nameserver
Well, this is a special 'type' of nameserver. This is not intended to be
the nameserver of your intranet. The only thing it does is to cache all
names and ip's that are queried from the local network. The first time
you query an ip, an other database has to be queried (isp). But any other
time that query does not have to find place. It is on you own hard disk,
so it doesn't consume any bandwidth, and site will come up some seconds
faster on your screen which makes surfing a lot more FUN. You can say now
what the hell are two seconds? Yes but how often do you go to a search
engine ? How often do you go to you favorite site and further, how often
doe you check your e-mail ? (once every 10 minutes is a Netscape default)
Here ends the theory, now you should be able to understand what a caching
only nameserver does and how it can speed up you connection with a few
seconds, now go ahead and type something.
2 Fuck that damned theory, let me type something
2.1 named.conf
First we edit the general config file of the nameserver. The file is called
/etc/named.conf and it should look like:
options {
directory "/var/named";
/* Some shit */
};
....
This first part of the file is the one that needs changes. For this you
need to know the nameserver of your ISP (NOT the name but the IP ofcourse),
you change the file to:
options {
directory "/var/named";
forwarders {
123.123.123.123;
123.123.123.124;
};
};
....
You've now simple said that an unknown query has to be forwarded to the
ip's above. If the first is not reachable the second one will be tried.
2.2 Changing the nameserver
In fact you have now an up and (almost) running nameserver. There is just
one little detail you have to take care of, that's the fact that your computer
doesn't recognize / will use you nameserver yet. You have to edit /etc/resolv.conf
.
And you should edit the file so it'll look like:
# nameserver 321.321.321.321
nameserver 127.0.0.1
The first line was your original nameserver, just comment this (you never
know ...) and then you add the line nameserver 127.0.0.1 this just
says that queries no longer have to be forwarded but can be answered by
you OWN local nameserver.
2.3 Up and running
Now you just have to (re)start your nameserver with killall -HUP named
.
Then you check you logs ( /var/log/messages ) and hope they'll look like
Nov 20 13:29:34 SaTaN named[692]: starting. named 8.2.1 Fri Sep 24 14:52:24 EDT 1999 ^Iroot@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.1/src/bin/named
Nov 20 13:29:34 SaTaN named[692]: hint zone "" (IN) loaded (serial 0)
Nov 20 13:29:34 SaTaN named[692]: Zone "0.0.127.in-addr.arpa" (file named.local): No default TTL set using SOA minimum instead
Nov 20 13:29:34 SaTaN named[692]: master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 1997022700)
Nov 20 13:29:34 SaTaN named[692]: listening on [127.0.0.1].53 (lo)
Nov 20 13:29:34 SaTaN named[692]: listening on [10.0.0.1].53 (eth0)
Nov 20 13:29:34 SaTaN named[692]: Forwarding source address is [0.0.0.0].1025
Nov 20 13:29:34 SaTaN named: named startup succeeded
Nov 20 13:29:34 SaTaN named[693]: Ready to answer queries.
Nov 20 13:29:34 SaTaN named[693]: sysquery: sendto([123.123.123.123].53): Network is unreachable
If you see a last line, like mine, don't worry about it. It means you are
not yet connected to the internet. When you get some erros, it means that
you have not edited you config file properly so you have check it again.
(hint: check if all the ; are in place and every { is closed with an }
)
2.4 You don't believe me ?
Ok, for everyone who doesn't believe me ...
[root@SaTaN /] nslookup www.iwanttoquerythis.com
Server: localhost
Address: 127.0.0.1
Name: www.iwanttoquerythis.com
Address: 123.123.123.321 ... other ip's ..
Aliases: If available ...
This was the first query and a request was sent to the nameserver mentioned
in the config file. For this far you know you nameserver can forward addresses.
It's a start.
[root@SaTaN /] nslookup www.iwanttoquerythis.com
Server: localhost
Address: 127.0.0.1
NON-AUTHORITIVE ANSWER
Name: www.iwanttoquerythis.com
Address: 123.123.123.321
Aliases: ...
Cool, it says Non-authoritive answer. What does it means ? Well, it just
wants to say that for that answer there was no need to forward the request,
cool huh ?
2.5 And here's another way to do it
You can also manage your local DNS database by yourself! Simply add lines
to the /etc/hosts file that will look like this:
IP-address hostname #comment
For example:
1.2.3.4 www.some-website.com #just another stupid website
In case you're wondering, you don't HAVE to put the comment...
:p
Oh, by the way, this method is inferior because you have to enter IPs
and hostnames by yourself... ouch...
2.6 Local DNS cache under Windows
Hello, poor Windows users. Want to make yourself a nice local DNS cache?
Too bad, 'cause you can only use the method described in chapter 2.5, only
you will be using c:\windows\hosts (not to be confused with c:\windows\hosts.sam,
which is a sample file for c:\windows\hosts) instead of /etc/hosts. If
you don't wanna do this manually, you could try and find a program called
FastNet, which will scan your browser's bookmarks and history database
and automatically add every URL you visit to this database, and will also
let you add entries manually.
3 The end
3.1 Outro
You should be able to put up you own caching only nameserver. What else
is there to say, if you want to know something more about it, you can mail
to GoMoRRaH. This file was written for Blacksun
Research Facility
GoMoRRaH WiLL RiSe aGaiN