| DIY DNS service |
Jan. 15, 2007
I have a problem with my ISP, Bell South. Its DNS (Domain Name System) service is slow, and there have been times that it just doesn't work. Since I make my living off non-stop Internet connectivity, this is bad news. Without DNS, using the Web and email becomes almost impossible.
What to do? Well, I could use BIND (Berkeley Internet Name Domain) 9.3 on any of my Linux systems. BIND is almost everyone's favorite DNS software, and I've installed and managed it before. But, and it's a big but, full-scale BIND can be a pain to run. So, for my small -- 19 PCs and 5 servers -- LAN it would be over-kill.
So, I looked for easier solutions that would speed up my Internet access. At the same time, with 24 systems in my house, having a centralized host file system makes a good deal of sense.
One approach is to use BIND, but to use it as a caching-only nameserver. With this, the first time someone on the network asks to be connected to Google, it goes out to BellSouth for the site's IP (Internet protocol) address, but then the next time someone looks for Google, the local caching nameserver will deliver the address.
How much of a difference is this? For me, on a "good" day, the time it takes for me to contact a site drops from 4/10ths of a second to a millisecond. That's a significant difference. On a bad day, at least I'm able to reach my most frequently visited sites, instead of getting an "unable to find site" error message.
On Fedora and Red Hat Enterprise Linux, you can set up a caching nameserver quite easily with "caching-nameserver," a set of config files for a simple caching nameserver and BIND. Shannon Hughes, a Red Hat Network engineer, gives full instructions on how to do this in her recent Red Hat Magazine article, "How to set up a Home DNS Server."
I decided to take another approach: dnsmasq. This is a small, but powerful, open-source application that's designed to provide DNS and, optionally, DHCP (dynamic host configuration protocol), addressing to a small network. You can also use it as a local DNS for your network systems. Since the DHCP server integrates with the DNS server, you can also use it to give DNS names to PCs with DHCP-allocated addresses. It also supports static and dynamic DHCP leases, and BOOTP for network booting of diskless machines.
Better still, for my purposes, dnsmasq was built for small networks that use a NAT (network address translation) firewall and are connected to the Internet via a single network interface such as a modem, cable-modem, or DSL connection. In my case, I use a 3Mbps down and 768Mbps up ADSL connection with NAT.
Dnsmasq is also widely available. It works on Linux, BSD, and Mac OS X. It's included in Gentoo, Debian, Slackware, SUSE, Fedora Linuxes, and many other Linux distributions. It's even used inside the Linksys WRT54G wireless router, on the stock firmware, and also in the dd-wrt and openwrt hacker firmware.
Since dnsmasq is a lightweight program, you can also use it on older, less capable systems. I decided to use it on an HP 521n mini-tower PC. This system still had its stock AMD Athlon XP 1.4 GHz processor, 256MB of RAM, and a 60GB hard drive. In short, it's no powerhouse.
The 521n has, however, more than enough horses to run Novell's openSUSE 10.2 and lightweight server applications like dnsmasq and an NTP (network time protocol) server. Since openSUSE is one of my favorite distributions for both servers and desktops, I decided to use it this time on a production server.
This server will need to have a fixed IP address. You can't let it be assigned a random address by the DHCP server. I run a typical Class C domain, and my LAN address range is 192.168.0.1 to 192.168.0.254. To help keep things straight, I always give servers that need fixed IP addresses an address that ends in a 0 and set the DHCP server to not assign out these reserved addresses. This time around, I gave the dnsmasq server the address, 192.168.0.250.
To start using dnsmasq, first you'll need to install it. With openSUSE, that means using the YaST Software Management tool. Once you have that window up, simply do a search for "dnsmasq" and you'll find it on your openSUSE DVD. Once you've dug it up, select and install the program.
With openSUSE 10.2's YaST, installing dnsmasq is a simple pick and click affair
(Click to enlarge)
Next, switch to root, and open up a console -- it's time to do a little old-fashioned editing. Change directory to /etc. Once you're there, use your favorite character-based editor to work on the file /etc/resolv.conf. This file should already contain a line like the one below, which points to your ISP's DNS servers or the local gateway to those DNS servers.
In my case, it points to the gateway and directly to a BellSouth DNS server, so it reads:nameserver 192.168.0.254
nameserver 205.152.37.23
If is is already pointing to the correct DNS server or servers, you can close it up and leave it untouched. You may also want to add more DNS servers to resolv.conf. For example, I include the address of a DNS server I use for my Practical Technology That way, if BellSouth's DNS goes south, so to speak, my PCs can still get their needed address information from the other DNS server. Don't go hog-wild with setting up DNS servers. Dnsmasq will only access the first three sites listed in the resolv.conf file.
Here, we see a typical resolv.conf file, which will work for dnsmsq
(Click to enlarge)
By default, according to the dnsmasq FAQ, dnsmasq treats all nameservers as equals. It picks the one to use using an algorithm designed to avoid nameservers that aren't responding. If you want to use the servers in the order you have them in the resolv.conf file, run dnsmasq with the "-o" flag.
Next, you need to start it up to make sure that it works. Like most Linux/Unix utilities, you can do this with an init script. So, from the shell, I start it with:# /etc/init.d/dnsmasq start
But, how do you know if it's actually doing anything? For that, you run the "dig" command. This DNS utility program gives you information about a site's address and how long it took to get its IP address from the DNS server.
With a query time of 0 millisecond after installing dnsmsq, finding Web sites suddenly got a lot faster
(Click to enlarge)
In my case, as you can see, it went from an awful 88 milliseconds to 0. I like that kind of speed boost!
Dig comes already set up in openSUSE. In other distributions you may need to install it. This program and its libraries are packaged within the bind-utils and bind-libs RPMs.
If dnsmasq doesn't give your DNS lookups a kick in the pants, try re-editing the resolv.conf file. Then, restart the program, which also makes it re-read resolv.conf, with the command:# /etc/init.d/dnsmasq restart
I've found dnsmasq to be very simple to use, but if you run into more problems, try the FAQ and the dnsmasq mailing list for more help.
Once you have it running properly, your next step is to set dnsmasq up so it runs automatically. In openSUSE, you do this using YaST. Go to the System/System Services (Runlevel) display. Once there, run down the alphabetical list of system services and enable dnsmasq. Once this is done, dnsmasq will start automatically every time you boot the server.
Once you're sure dnsmsq is working, making it a permanent network server service is easy again, thanks to openSUSE's YaST
(Click to enlarge)
Next, you need to set the other PCs in your LAN to use dnsmasq for their DNS needs. To do this, simply go to each of the systems and edit their resolv.conf files so that your new local dnsmasq server is listed. So, for my network, each now contains the line:On Windows systems, you set the PC up to use the dnsmasq server by going to the Control Panel and selecting the network display. At the Local Area Network display, select Properties. That will bring you to -- what a surprise -- the Local Area Network Properties display. Here you press the "properties" button for TCP/IP. This finally brings you to where you need to be. At the Internet Protocol display, click the radio button for "Use the following DNS server addresses" and enter the IP address of your dnsmasq server. It's a good idea to also add your ISP's default DNS address, in case something goes wrong with your local server.
Oddly enough, getting Windows XP to use the new local DNS service actually requires more steps than the entire installation of dnsmsq on Linux
(Click to enlarge)
With all this done, you're going to find that the 'net suddenly seems a lot more lively and reliable. For me, it's made the difference between barely being able to get my work done and enjoying doing my work again.
-- Steven J. Vaughan-Nichols
Do you have comments on this story?
Talkback here
NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed