Setting up DNS caching with Linux (and Windows)

Last update 3-12-1999 by GoMoRRaH
edited 26-11-2000 by snider

www.xxxxx.com is used as a non-existent site, as an example.

1 Good old dry theory

1.1 Introduction

The internet is going thru an evolution; faster pc's, more reliable connections etc... But the greatest evolution are the capacity of the lines. What were telephone line are now ISDN lines or cable modems. But there are still people (unfortunate people like me) who have such a sloppy telephone line, which is sloooooow. So people are beginning to search ways to speed up their connection. There are tools like download managers, tools that download the underlying pages of a visited web site in idle times. And so there are many ways that go to adjusting the hardware of your modem.

Like you all see the software is either Windows based or lets you fuck up your hardware. This way is for Linux and is so easy even a Windows user could do it :P
There is also an explanation on how to do the exact same thing under Windows.

1.2 Who should be reading this document, requirements

Everyone who wants to speed up their (modem) dial-up account by some seconds. And want to do this in five minutes (if not less).

If you have questions regarding this tutorial, please make sure you've already read at least some of the basic networking tutorials at blacksun.box.sk. Also, please do not Email any member of BSRF directly. There is a message board at blacksun.box.sk - use it.

Information on how to do the same thing under Windows can be found at the bottom of the tutorial.

Requirements

A computer
A connection to the internet
Linux up and running
named (1) installed *
5 minutes of time
Some spare change for me (*grin*)

* named is the nameserver package, this is standard and the most common Linux distrubutions should bring it.

1.3 What does a nameserver do?

What does a nameserver do ? Well, suppose you are dialed in with you ISP and you wish to go to www.xxxxx.com. You open up you browser and type in the address field http://www.xxxxx.com, you press enter and wait until xxxxx.com appears. Simple, isn't it ? Let's look behind the scenes to find out what's really going on in there.

[The flexibility of the Domain Name System is endless, and by all means this isn't supposed to be a complete study of it, so if you find anything specific you want to know about i suggest you can look through RFC-1034 and RFC-1035 for the answer -ed]

Your computer gets the request to connect to www.xxxxx.com, but what is www.xxxxx.com ? Well it the alias of a computer (which has an ip) and has an httpd daemon running (on port 80).
Your computers checks if that site isn't running on your own computer or on you local network. So it checks your /etc/hosts file (which has you local intranet information) or it checks a local nameservers referred to from /etc/resolv.conf. By the way, this is a good time to mention that DNS stands for Domain Name System.
The file /etc/resolv.conf should look something like this.

nameserver 123.123.123.123

This is the nameserver of you ISP. And when nothing can be found on the local intranet you computer will query this nameserver. (if this nameserver is unreachable the you'll get an error).
When this nameserver is reachable it will answer with an ip. If www.xxxxx.com is unknown to the nameserver it will query some other nameserver [In fact, there exists a large number of nameservers on the internet. For every domain there is (yahoo.com, box.sk), there are probably a couple of nameservers (a primary, and a secondary if not more). The root nameservers, the ones that hold all the information for .com's .org's .gov's and .net's etc. (Top Level Domains) are located at something called InterNIC, and this is where your query will end up if your ISP's nameserver doesnt have what you're asking for. The '.com' root nameserver at InterNIC will forward your query for www (.xxxxx.com) to the primary nameserver at xxxxx.com and from there you will get the correct ip address for www.xxxxx.com]
Once this ip (lets say 123.123.123.111) is known, you browser will try to establish a connection to 123.123.123.111:80 (this connection will be made by the standard routing procedure as can be viewed by typing route from a root shell.

Now the communication will be established, data will be transferred using the http protocol. So the nameserver simply translates www.xxxxx.com into an ip by quering its own database or querying other databases.

1.4 Whooow that sounds very cool!! So ?

Well suppose those seven steps take about 2 seconds (if you have a speedy connection and your ISP has a nameserver with almost no network traffic and if the ip is in the nameservers cache). So if this was an utopia it would take two seconds. So in these times it'll take a bit longer. In this tutorial we'll make something called 'a caching only nameserver'.

1.5 What is a caching only nameserver

Well, this is a special 'type' of nameserver. This is not intended to be the nameserver of your intranet. The only thing it does is to cache all names and ip's that are queried from the local network. The first time you query an ip, an other database has to be queried (isp). But any other time that query does not have to find place. It is on you own hard disk, so it doesn't consume any bandwidth, and site will come up some seconds faster on your screen which makes surfing a lot more FUN. You can say now what the hell are two seconds? Yes but how often do you go to a search engine ? How often do you go to you favorite site and further, how often doe you check your e-mail ? (once every 10 minutes is a Netscape default)

Here ends the theory, now you should be able to understand what a caching only nameserver does and how it can speed up you connection with a few seconds, now go ahead and type something.

2 Fuck that damned theory, let me type something

2.1 named.conf

First we edit the general config file of the nameserver. The file is called /etc/named.conf and it should look like:

options {
        directory "/var/named";
        /* Some shit */
};
....

This first part of the file is the one that needs changes. For this you need to know the nameserver of your ISP (NOT the name but the IP ofcourse), you change the file to:

options {
        directory "/var/named";
        forwarders {
                123.123.123.123;
                123.123.123.124;
                };
};
....

You've now simple said that an unknown query has to be forwarded to the ip's above. If the first is not reachable the second one will be tried.

2.2 Changing the nameserver

In fact you have now an up and (almost) running nameserver. There is just one little detail you have to take care of, that's the fact that your computer doesn't recognize / will use you nameserver yet. You have to edit /etc/resolv.conf . And you should edit the file so it'll look like:

# nameserver 321.321.321.321
nameserver 127.0.0.1

The first line was your original nameserver, just comment this (you never know ...) and then you add the line nameserver 127.0.0.1 this just says that queries no longer have to be forwarded but can be answered by you OWN local nameserver.

2.3 Up and running

Now you just have to (re)start your nameserver with killall -HUP named . Then you check you logs ( /var/log/messages ) and hope they'll look like

Nov 20 13:29:34 SaTaN named[692]: starting.  named 8.2.1 Fri Sep 24 14:52:24 EDT 1999 ^Iroot@porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.1/src/bin/named
Nov 20 13:29:34 SaTaN named[692]: hint zone "" (IN) loaded (serial 0)
Nov 20 13:29:34 SaTaN named[692]: Zone "0.0.127.in-addr.arpa" (file named.local): No default TTL set using SOA minimum instead
Nov 20 13:29:34 SaTaN named[692]: master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 1997022700)
Nov 20 13:29:34 SaTaN named[692]: listening on [127.0.0.1].53 (lo)
Nov 20 13:29:34 SaTaN named[692]: listening on [10.0.0.1].53 (eth0)
Nov 20 13:29:34 SaTaN named[692]: Forwarding source address is [0.0.0.0].1025
Nov 20 13:29:34 SaTaN named: named startup succeeded
Nov 20 13:29:34 SaTaN named[693]: Ready to answer queries.
Nov 20 13:29:34 SaTaN named[693]: sysquery: sendto([123.123.123.123].53): Network is unreachable

If you see a last line, like mine, don't worry about it. It means you are not yet connected to the internet. When you get some erros, it means that you have not edited you config file properly so you have check it again. (hint: check if all the ; are in place and every { is closed with an } )

2.4 You don't believe me ?

Ok, for everyone who doesn't believe me ...

[root@SaTaN /] nslookup www.iwanttoquerythis.com
Server: localhost
Address: 127.0.0.1

Name: www.iwanttoquerythis.com
Address: 123.123.123.321 ... other ip's ..
Aliases: If available ...

This was the first query and a request was sent to the nameserver mentioned in the config file. For this far you know you nameserver can forward addresses. It's a start.

[root@SaTaN /] nslookup www.iwanttoquerythis.com
Server: localhost
Address: 127.0.0.1

NON-AUTHORITIVE ANSWER
Name: www.iwanttoquerythis.com
Address: 123.123.123.321
Aliases: ...

Cool, it says Non-authoritive answer. What does it means ? Well, it just wants to say that for that answer there was no need to forward the request, cool huh ?

2.5 And here's another way to do it

You can also manage your local DNS database by yourself! Simply add lines to the /etc/hosts file that will look like this:
IP-address hostname #comment
For example:
1.2.3.4 www.some-website.com #just another stupid website

In case you're wondering, you don't HAVE to put the comment... :p
Oh, by the way, this method is inferior because you have to enter IPs and hostnames by yourself... ouch...

2.6 Local DNS cache under Windows

Hello, poor Windows users. Want to make yourself a nice local DNS cache? Too bad, 'cause you can only use the method described in chapter 2.5, only you will be using c:\windows\hosts (not to be confused with c:\windows\hosts.sam, which is a sample file for c:\windows\hosts) instead of /etc/hosts. If you don't wanna do this manually, you could try and find a program called FastNet, which will scan your browser's bookmarks and history database and automatically add every URL you visit to this database, and will also let you add entries manually.

3 The end

3.1 Outro

You should be able to put up you own caching only nameserver. What else is there to say, if you want to know something more about it, you can mail to GoMoRRaH. This file was written for Blacksun Research Facility

GoMoRRaH WiLL RiSe aGaiN