Configure the Asus RT-AC66U Router as a Caching DNS Server with Bind

asus-rt-ac66u

Introduction

In this article I am going to walk you through the necessary steps to configure your Asus RT-AC66U as a caching dns server using bind. According to Wikipedia“Caching name servers (DNS caches) store DNS query results for a period of time determined in the configuration (time-to-live) of each domain-name record. DNS caches improve the efficiency of the DNS by reducing DNS traffic across the Internet, and by reducing load on authoritative name-servers, particularly root name-servers. Because they can answer questions more quickly, they also increase the performance of end-user applications that use the DNS. Recursive name servers resolve any query they receive, even if they are not authoritative for the question being asked, by consulting the server or servers that are authoritative for the question. “

As you must already know, the Asus RT-AC66U runs Busybox, which is a very small but powerful embedded Linux distro. Because of this there are a lot of familiar commands available via the CLI. However, don’t get to comfortable, as this is still a very foreign land.

Note that this article assumes that you have ssh or telnet working and can log into your RT-AC66U via the CLI.

Continue reading

Advertisements

RHEL6 – How to Setup a Caching-Only DNS Server


26868_1First off lets get this straight, all DNS Servers cache. However, some DNS Servers intended to only provide the caching function. Which is what we are going to configure today.

A Caching-only DNS server does not contain zone information or a zone database. Its cache only contains information based on the results of queries that it has already performed. In this case, the cache takes the place of the zone database file for the lookups that you are already doing.

Here’s how its done

First step you need to install bind via yum.

# yum install bind && chkconfig bind

Now configure named to start at boot and start it up

# chkconfig named on && service named start

Then modify /etc/named.conf and change these two lines

listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };

to this

listen-on port 53 { any; };
listen-on-v6 port 53 { any; };

then change this the dnssec-validation line to no as seen below.

dnssec-validation no;

Then configure named to accept lookups from its local network by changing the line below

allow-query     { localhost; };

To what you see below, note that 10.1.224.0 is my local network

allow-query     { localhost; 10.1.224.0/24; };

Now don’t forget to insert a forwarders entry to forward requests to your local dns server. Look in your resolv.conf for this info.

forwarders { 10.100.4.16; };

Then modify your /etc/resolv.conf so that your machine uses itself for name lookups, you do this by adding the line below as the first nameserver.

nameserver localhost

Now start named and do an nslookup, the server and address should point back to local host.

# nslookup fatmin.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   fatmin.com
Address: 64.202.189.170

Bind – Zone File Serial Number Reset

Lemo-the-worm Each and every zone file has a unique serial number and that serial number should increment with each subsequent revision

A serial number is traditionally in the format (YYYYMMDDSS) where SS the sequence number. For example, today is 1/21/2011, so the serial number in a zone file modfied today would be… 201101210.

So lets say that you pushed that zone today and when you went back to make an additional change, you accidentally added an additional number to your serials and instead of  201101211 you ended up with 2201101211.

In order to get everything back in order you will need to manually reset the zone file's serial number by setting it to the number below. Its highest number you can get using 32 bits.

4294967295

To to reset your serial number, update your zone file with the serial number listed above and push it out to the slaves. Then change your zone files serial number back to the correctserial number, which will be considered to be greater than the magic number above. Then push dns again.

Check your slave servers and verify the the zone file now has the correct serial.