Building Linux L3 switch/router on x86 - Part8 - DNS Cache Server Installation and Configuration

Posted on by Radovan Brezula

So far we have installed CentOS on x86 hardware, installed Open vSwitch and connected wireless and wired LAN users to our Linux Layer 3 switch. Then we connected the switch to the Internet, enabled NAT and packets filtering. We configured the switch to synchronize its time with public NTP servers and provide time to host on LAN. The switch was also configured to send update to public Dynamic DNS server in case of the change its public IP address.

Linux Layer 3 switch concept is introduced here.

We will continue building Linux L3 switch with DNS cache server configuration. DNS cache server caches IP addresses of commonly visited websites to RAM memory. The IP address is retrieved from a local DNS cache server so public DNS servers are not contacted. Having own cache DNS server brings two main benefits:

  • Improved speed of DNS lookups
  • Reducing overall traffic on link to ISP

1. Install bind caching DNS server

[root@swouter-x86 ~]# yum install bind bind-utils

2. Configure bind caching DNS server

We are going to configure /etc/named.conf to make DNS cache server working. Changes for this file are shown with green colour. We have to specify IP address and ports on which is DNS server listening. Also a range of source IP addresses requesting DNS lookup needs to be specified. The last step is configuration of public DNS server which have to be specified in forwarders list.

[root@swouter-x86 ~]# vi /etc/named.conf

//listen-on port 53 { 127.0.0.1; };
listen-on port 53 { 127.0.0.1; 172.18.100.150; };

//allow-query     { localhost; };
allow-query     { localhost; 172.18.0.0/16; };

//dnssec-enable yes;
dnssec-enable no;

//dnssec-validation yes;
dnssec-validation no;

//Add list of forwarders - public DNS of ISP
forwarders { 195.146.132.58; 195.146.128.62; };

3. Specify the cache DNS server

[root@swouter-x86 ~]# /etc/resolv.conf

nameserver 127.0.0.1

4. Start named daemon and make it started during the boot

[root@swouter-x86 ~]# /etc/init.d/named start
[root@swouter-x86 ~]# chkconfig named on

5. Iptables configuration

Allow router itself to send DNS request and receive replays:

[root@swouter-x86 ~]# iptables -A OUTPUT -o ppp0 -p udp --dport 53 -j ACCEPT
[root@swouter-x86 ~]# iptables -A INPUT -i ppp0 -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT

Allow DNS requests from hosts on  LAN to reach  Cache DNS server.

[root@swouter-x86 ~]# iptables -A INPUT -i vlan1 -p udp --dport 53 -j ACCEPT
[root@swouter-x86 ~]# iptables -A OUTPUT -o vlan1 -p udp --sport 53 -j ACCEPT

Allow DNS queries generated on router itself to be sent to public DNS servers

[root@swouter-x86 /]# iptables -A INPUT -i lo -p udp -j ACCEPT
[root@swouter-x86 /]# iptables -A OUTPUT -o lo -p udp -j ACCEPT

Allow rndc to listen on TCP 953

[root@swouter-x86 /]# iptables -A INPUT -i lo -p tcp -j ACCEPT
[root@swouter-x86 /]# iptables -A OUTPUT -o lo -p tcp -j ACCEPT

6. Avoid rewriting /etc/resolv.conf

In PPPoE tutorial configuration we had to add the line echo "cp /var/run/ppp/resolv.conf /etc/resolv.conf" > /etc/ppp/ip-up.local to the file /etc/ppp/ip-up.local. The lines copies the content of the file /var/run/ppp/resolv.conf to /etc/resolv.conf in order to get /etc/resolv.conf updated with the list of public DNS servers.

Now we have to delete this line from the file /etc/ppp/ip-up.local so the entry "nameserver 127.0.0.1" will not be rewritten in  /etc/resolv.conf

7. Change priority of starting named daemon at the boot time

To get our cache DNS server properly working, we have to start named server daemon as the last daemon in the order. Higher priority means that a daemon will be started later.  Edit file /etc/init.d/named and change S parameter from 13 to 99 for line starting with chkconfig.

a) Remove named daemon from chkconfig administration

[root@swouter-x86 ~]# chkconfig --del named

b) Edit /etc/init.d/named and find the line starting with #chkconfig: - 13 87

Change the number 13 to 99. It will make named daemon to be started as the last daemon during the boot of CentOS.

c) Add named daemon under management of chkconfig command and start it for all runleves

[root@swouter-x86 ~]# chkconfig --add named
[root@swouter-x86 ~]# chkconfig named on

End.

The following articles had been intensively used during writing of this tutorial.

http://www.lamolabs.org/blog/282/how-to-setup-a-dns-server-on-centos-5/
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Configuring_DNS
http://www.labtestproject.com/linnet/dns-server.html
http://www.zaphu.com/2007/09/10/ubuntu-dns-server-guide-bind-caching-name-server-setup/
http://www.zaphu.com/2007/09/14/ubuntu-dns-server-guide-bind-master-server-setup/
http://h30499.www3.hp.com/t5/System-Administration/iptables-is-blocking-rndc/td-p/3034191

Related Posts

Building Linux L3 switch/router on x86 - Part4 - Openvswitch Installation and Configuration

In a last tutorial we switched our Linux layer 3 switch to wireless Master mode in […]

Building Linux L3 switch/router on x86 - Part3 - Wireless Access Point Installation and Configuration

We will continue with building our Linux Layer 3 switch with another tutorial that explains […]

Building Linux L3 switch/router on x86 - Part2 - CentOS 6.0 installation

This is the second from the series of step-by-step tutorials that describe building Linux Layer […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.