Install djbdns on Raspberry Pi
djbdns is a small, fast, and secure DNS server. Perfect for low resource systems. I also find it easier to configure than BIND (once you understand how).
I start with a raspbian image from http://www.raspberrypi.org/downloads
Install some packages that D. J. Bernstein says that we need.
apt-get install ucspi-tcp
apt-get install daemontools
Don't install tinydns. It includes a pop3 server.
Install djbdns following http://cr.yp.to/djbdns/install.html
Create some users and groups that we will need for executing the dnscache and multilog.
useradd svclog
useradd dnscache
Create the /etc/dnscache folder structure
dnscache-conf dnscache svclog /etc/dnscache
Setup /service directory, svscan looks at this directory to see which services to run.
mkdir /service
ln -s /etc/dnscache /service/dnscache
Add the following to /etc/rc.local so that the supervised services start on boot.
/usr/bin/svscanboot &
svscanboot also needs the following link to function correctly.
ln -s /service/ /etc/service
Optional Things
Update /etc/dnscache/env/IP to contain the ip address to listen on. Also create a file entries in /etc/dnscache/root/ip to specify the networks that the dns server should reply to.Edit /etc/dnscache/log/run adding s52428800 before ./main to set the log size to 50MB.
It should look something like
exec setuidgid svclog multilog t s52428800 ./main
You should update the root server list
wget http://www.internic.net/zones/named.root -O - | grep ' A ' | tr -s ' ' | cut -d ' ' -f4 > /etc/dnscache/root/servers/\@
Update /etc/resolv.conf to use your new dns server.
It is also a good idea to apply some cname patches. http://homepage.ntlworld.com/jonathan.deboynepollard/Softwares/djbdns/#dnscache-cname-handling
Change UDP packet size to accommodate big UDP packets. Many DNS servers require large UDP packets or djbdnscache will fail with drop # input / output errors. https://dev.openwrt.org/browser/packages/net/djbdns/patches/060-dnscache-big-udp-packets.patch
Resources
http://cr.yp.to/djbdns/dnscache.htmlhttp://cr.yp.to/daemontools/multilog.html
http://cr.yp.to/daemontools/supervise.html
http://tinydns.org/
Hello. If I might ask a question...
ReplyDeleteWhen I tried step 3: Create the /etc/dnscache folder structure, using the command:
sudo dnscache-conf dnscache svclog /etc/dnscache
I got:
sudo: dnscache-conf: command not found
Any thoughts?
Otherwise, THANKS for posting this! I spent a lot of time googling before I found this tutorial!
Hello. dnscache-conf should have been included in the djbdns-1.05.tar.gz source archive found at http://cr.yp.to/djbdns/install.html
DeleteI think it should have been installed when you did "make setup check" in the install instructions (after compiling the source).
I suppose you could always run it from the build directory.
Its been quite some time since I set it all up. Also, I recommend keeping djbdns logging to a minimum. It can be very noisy. I lost an SD card on a Pi once and I suspect that 6 months of noisy dns logs contributed to the card's failure.