Lighten Your DNS Load with TinyDNS

The Belly of the Beast

Now that you’ve had a cursory look at the main config file’s content, take a look at TinyDNS installed on an Ubuntu server. A whole host of documentation is available at http://cr.yp.to/djbdns.html, where you can check for any configuration nuances.

By running

apt-get install djbdns

you can see in Figure 1 that Bernstein’s other well-known packages, namely daemontools and ucspi-tcp, are pulled in at installation time. The daemontools package has tools to start and stop services under a directory called /service, a n improved alternative to inittab , and so forth. In an attempt to provide an alternative to the famous inetd ,  Bernstein’s ucspi-tcp handles client-server communications.

Figure 1: The packages pulled in at installation time.

Gotcha

The file /usr/share/doc/djbdns/README.Debian dutifully informs you about a critical difference on Ubuntu/Debian servers relative to other operating systems (OSs): “daemontools’ default directory for services on Ubuntu Server is /etc/service/ , not /service/ .”

If you use TinyDNS on other OSs and begin troubleshooting the installation, should you run into any problems, then bear that key change in mind. A standard install from source might include creating the /service directory, so don’t get caught out. When the majority of the software on a system places configuration files inside /etc ,  it’s easy to see why this choice was made. Just be aware that any mention in online documentation of symlinks to /service are incorrect in this OS’s case.

Forward and Reverse

TinyDNS can offer several services, but I’ll ignore the likes of a local DNS cache and instead look further at getting a domain name served correctly on a more straightforward configuration.

The first task is to let the highly useful installation tool know where it should install your services. When you run inydns-conf on its own, you are shown the parameters it expects to run successfully. After installation of the main .deb packages initiated in Figure 1, you can now look at creating the directory structures needed:

tinydns-conf tinydns tinydns /etc/tinydns 12.34.56.78

This command tells TinyDNS that you want to run it as user tinydns under group tinydns to keep security threats to a minimum. The mention of a directory path then instructs the authoritative name server’s directory structure on the file system to be under /etc/tinydns . This is then followed by the IP address on which the name server will listen for queries (look for the IP files under root/   if you need to change it in the future).

Believe it or not, that almost takes care of the installation.

As an example of how other services install, here’s how you would install the DNS Zone Transfer element of TinyDNS. Zone Transfers allow one name server to replicate its DNS database with another. Because DNS entries can be updated frequently, they need to be efficient and secure, so your name servers serve the vitally correct information. According to the man page : “axfrdns reads a zone-transfer request in DNS-over-TCP format from its standard input, and responds with locally configured information”:

axfrdns-conf axfrdns axfrdns /etc/axfrdns /etc/tinydns 12.34.56.78

As you can see, I’m using a different user and group to keep security risks separate and distinct, this time using user axfrdns and an identically named group. Obviously, you need to create them by hand if they don’t exist:

addgroup --system tinydns
adduser --no-create-home --disabled-login --shell /bin/false --system --ingroup tinydns tinydns

With the /etc/axfrdns command-line switch,  you inform TinyDNS where you want it installed on the filesystem. Then you need to point axfrdns to where on the filesystem TinyDNS resides and, finally, which IP address it should be listening on. As an aside, as well as Zone Transfers, running axfrdns allows you to answer DNS-over-TCP and SOA queries, too.

Finishing the Install

You’re almost up and running and only need to add the required services – just TinyDNS in this case and, optionally, axfrdns – to the /etc/service directory (not the more common /servicedirectory ), so you can stop and start them with daemontools . To achieve this, create symbolic links to their services with the following commands:

cd /etc/service
ln -sf /etc/tinydns .
ln -sf /etc/axfrdns .

Related content

comments powered by Disqus