Introduction
In this article I am going to walk you through the necessary steps to configure your Asus RT-AC66U as a caching dns server using bind. According to Wikipedia – “Caching name servers (DNS caches) store DNS query results for a period of time determined in the configuration (time-to-live) of each domain-name record. DNS caches improve the efficiency of the DNS by reducing DNS traffic across the Internet, and by reducing load on authoritative name-servers, particularly root name-servers. Because they can answer questions more quickly, they also increase the performance of end-user applications that use the DNS. Recursive name servers resolve any query they receive, even if they are not authoritative for the question being asked, by consulting the server or servers that are authoritative for the question. “
As you must already know, the Asus RT-AC66U runs Busybox, which is a very small but powerful embedded Linux distro. Because of this there are a lot of familiar commands available via the CLI. However, don’t get to comfortable, as this is still a very foreign land.
Note that this article assumes that you have ssh or telnet working and can log into your RT-AC66U via the CLI.
Installing Bind
First off we need to install Bind. You accomplish this using the ipkg command as shown below.
admin@RT-AC66U:/# ipkg install bind
You will then see output as shown below. Note that the output gives you some much needed information, such as where to stick your named.conf and how to start up named.
Installing bind (9.6.1.3-4) to /opt/…
Downloading http://ipkg.nslu2-linux.org/feeds/optware/oleg/cross/stable/bind_9.6.1.3-4_mipsel.ipk
Installing psmisc (22.13-1) to /opt/…
Downloading http://ipkg.nslu2-linux.org/feeds/optware/oleg/cross/stable/psmisc_22.13-1_mipsel.ipk
Configuring bind
Running post-install
You must now create your named.conf file
When it is installed in /opt/etc/named/named.conf, execute
/opt/etc/init.d/S09named start
to start service
—truncated—
Creating your named.conf
Below is the named.conf that I am using. Note that this file has been modified to use the directory structure of /etc/opt/named which is a symbolic link to a large USB drive that I have configured as a network share. Note, that I have also modified my named.conf to log all queries. Disk space is not an issue here as I am also using the USB drive to store my logs.
The named.conf file has also been modified to allow hosts on my specific networks to query named. Make sure that you modify the allow-query section below to match your network.
[code language=”css”]
#/opt/etc/named/named.conf
#named file for caching only nameserver on asus router
options {
// Set the port to 53 which is standard port for DNS.
// Add the IP address on which named will listen separated by semi-colons.
// It’ll be your own IP address.
listen-on port 53 {127.0.0.1; 192.168.0.1;};
// These have been modfied for the filesystem layout on the router
directory "/opt/etc/named";
dump-file "/opt/etc/named/data/cache_dump.db";
statistics-file "/opt/etc/named/data/named_stats.txt";
memstatistics-file "/opt/etc/named/data/named_mem_stats.txt";
// The machines which are allowed to query this nameserver.
// Normally you’ll allow only your machine. But you can allow other machines also.
// The address should be separated by semi-colons. To allow a network 172.16.31.0/24,
// the line would be
// allow-query {localhost; 192.168.0.0/24; 10.1.0.0/24};
// Don’t forget the semi-colons.
allow-query { localhost; 192.168.0.0/24; 10.0/8; };
recursion yes;
// Remote Name Servers: Currently using isp’s name servers, or you can use google
#forwarders { 75.75.75.75; 75.75.76.76; };
forwarders { 8.8.8.8; 8.8.4.4; };
forward first;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
#};
#{
channel querylog {
file "data/querylog";
severity debug 10;
print-category yes;
print-time yes;
print-severity yes;
};
category queries { querylog;}; };
zone "." IN {
type hint;
file "named.ca";
};
include "/opt/etc/named/named.rfc1912.zones";
include "/opt/etc/named/rndc.key";
controls {
inet 127.0.0.1
allow {localhost;} keys { "rndc-key"; };
};
[/code]
Additional Configuration Files
Before you can start named, you will need a couple of additional files. The first of which is the file, rndc.key. You generate this file with the command below.
rndc-confgen -a -r /dev/urandom -c /opt/etc/named/rndc.key
You will also need the files, named.ca and named.rfc1912.zones. You can grab both of these off any Linux box that has bind already installed. Since my desktop is running Fedora, I can easily scp them from my desktop to my router as shown below.
scp /etc/named.rfc1912.zones admin@192.168.0.1:/opt/etc/named
scp /var/named/named.ca admin@192.168.0.1:/opt/etc/named
You also need to create a directory called data, as this directory is configured as the log directory in my named.conf
mkdir /opt/etc/named/data
Below is the directory listing from /opt/etc/named on my router after all required files and directories are in place.
admin@RT-AC66U:# ls -ltr
rndc.key
named.rfc1912.zones
named.ca
data/
named.conf
Testing and Starting Named
The easiest way to test is to fire up named so that it runs in the foreground. This way you will quickly see any errors that occur when the process attempts to start up. It took me several attempts to get everything just right. If you follow this guide, you should not have that issue.
named -u admin -g -d 3
Now we go back to our desktop (or any other machine on our network) and attempt to query named on the router. The output below shows that everything is working as it should. If it was not, my query would either have hung, or failed.
[root@fedora19 ~]# nslookup woot.com
Server: 192.168.0.1
Address: 192.168.0.1#53Non-authoritative answer:
Name: woot.com
Address: 54.208.196.207
Once you have run a successful test, go ahead you may start named using the command below.
#/opt/etc/init.d/S09named start
You can verify that its running properly by using the status option.
#/opt/etc/init.d/S09named status
Now run the command below to configure bind to start at boot-time.
#app_set_enabled.sh bind yes
Wrapping things Up
Since I am sending my logs to a USB drive, which is shared out via NFS, I can view them remotely from my desktop. Might be interesting to point a splunk instance or some other log analyser to them.
# tail querylog
04-Dec-2014 19:57:54.328 queries: info: client 192.168.0.195#36490: query: http://www.google.com IN A +
04-Dec-2014 19:57:56.934 queries: info: client 192.168.0.183#50040: query: comcast.demdex.net IN A +
04-Dec-2014 19:57:56.937 queries: info: client 192.168.0.183#47556: query: cdn.doubleverify.com IN A +
Pingback: Disk I/O Monitoring on the Asus RT-AC66U Router | Fatmin.com
Pingback: Asus RT-AC66U – Installing the ipkg Command | Fatmin.com
Thats! Its helped me a lot!
But now it’s flodding a lot my syslog…
There’s a way to “make it silent”?
A big thank you !