djbdns is a DNS server package that was created in response to BIND’s history of security holes. Whenever I setup a Linux or FreeBSD DNS server, I try to use djbdns rather than BIND. Here’s how to setup a DNS caching server using FreeBSD 6.x and djbdns’s dnscache mode. The following commands should be run with root, su or sudo:
- Install the djbdns port, and its dependencies.
- Enable the supervise service, which is used to start djbdns.
- Create djbdns’s cache and log accounts.
- Configure djbdns as a DNS caching server. In the examples below, 192.168.0.1 is the IP address of the interface that the djbdns DNS caching server will run on, and 192.168.0/24 is the network that I want to allow to access the server. Subsitute in the appropriate IPs and range(s) for your network.
cd /usr/ports/dns/djbdns
make install clean
rehash
echo 'svscan_enable="YES"' >> /etc/rc.conf
mkdir /var/service
usr/local/etc/rc.d/svscan.sh start
pw useradd Gdnscache -d /nonexistent -s /sbin/nologin
pw useradd Gdnslog -d /nonexistent -s /sbin/nologin
dnscache-conf Gdnscache Gdnslog /usr/local/etc/dnscache 192.168.0.1
ln -s /usr/local/etc/dnscache /var/service
touch /var/service/dnscache/root/ip/192.168.0
/usr/local/etc/rc.d/svscan.sh restart
Sources: