Building a cache DNS server
- wread
- Module Guard
- Posts: 1255
- Joined: 09 Jan 2011, 18:48
- Distribution: Porteus v5.0-kde-64 bits
- Location: Santo Domingo
- Contact:
Building a cache DNS server
@all
DNS is the Domain Name System. DNS converts machine names to the IP numbers , it maps from name to address and from address to the name of the machine.
Normally you don't need a name server, but if you are behind any kind of firewall that blocks name queries, you will be glad to have one. For this case you will need a special configuration. But having one speeds searching sites before connecting to them.
Try it yourself: I downloaded and installed from packages.slackware.com the packages "bind" and "libedit", then I edited the file /etc/resolv.conf by adding at the top "nameserver 127.0.0.1" -without the quotes- and that's all You only need to activate the name server daemon by typing "named"at the console prompt...
You can test it then by typing: "nslookup anydomain.com" once...and take note of the IP of the nameserver displayed...
Then do it again once more....you will notice the name server now is 127.0.0.1 = your local host number!
You will also notice the search time for the site is to a minimum reduced! You will notice the difference...
I will leave to the more advanced, how to generate the file /etc/resolv.conf at startup automatically and dynamically, so connecting to different dhcp servers, you still get the local nameserver listed first.
Enjoy!
DNS is the Domain Name System. DNS converts machine names to the IP numbers , it maps from name to address and from address to the name of the machine.
Normally you don't need a name server, but if you are behind any kind of firewall that blocks name queries, you will be glad to have one. For this case you will need a special configuration. But having one speeds searching sites before connecting to them.
Try it yourself: I downloaded and installed from packages.slackware.com the packages "bind" and "libedit", then I edited the file /etc/resolv.conf by adding at the top "nameserver 127.0.0.1" -without the quotes- and that's all You only need to activate the name server daemon by typing "named"at the console prompt...
You can test it then by typing: "nslookup anydomain.com" once...and take note of the IP of the nameserver displayed...
Then do it again once more....you will notice the name server now is 127.0.0.1 = your local host number!
You will also notice the search time for the site is to a minimum reduced! You will notice the difference...
I will leave to the more advanced, how to generate the file /etc/resolv.conf at startup automatically and dynamically, so connecting to different dhcp servers, you still get the local nameserver listed first.
Enjoy!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!
The Porteus Community never sleeps!
- Blaze
- DEV Team
- Posts: 3884
- Joined: 28 Dec 2010, 11:31
- Distribution: ⟰ Porteus current ☯ all DEs ☯
- Location: ☭ Russian Federation, Lipetsk region, Dankov
- Contact:
Building a cache DNS server
wread, in my OpenWrt router I use google DNS servers 8.8.8.8 and 8.8.4.4
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
- wread
- Module Guard
- Posts: 1255
- Joined: 09 Jan 2011, 18:48
- Distribution: Porteus v5.0-kde-64 bits
- Location: Santo Domingo
- Contact:
Building a cache DNS server
@Blaze
Not bad, they are never down, but these have the heaviest load one can imagine and are far away from my computer.
Try ping 8.8.8.8 without and with cache DNS
Without cache, nameserver 8.8.8.8 ist about 1 second away from my computer each query; with cache:
"64 bytes from 8.8.8.8: icmp_seq=12 ttl=58 time=36.2 ms"
You will feel the difference..
Regards!
Not bad, they are never down, but these have the heaviest load one can imagine and are far away from my computer.
Try ping 8.8.8.8 without and with cache DNS
Without cache, nameserver 8.8.8.8 ist about 1 second away from my computer each query; with cache:
"64 bytes from 8.8.8.8: icmp_seq=12 ttl=58 time=36.2 ms"
You will feel the difference..
Regards!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!
The Porteus Community never sleeps!
- Blaze
- DEV Team
- Posts: 3884
- Joined: 28 Dec 2010, 11:31
- Distribution: ⟰ Porteus current ☯ all DEs ☯
- Location: ☭ Russian Federation, Lipetsk region, Dankov
- Contact:
Building a cache DNS server
Code: Select all
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=10.7 ms
vs
64 bytes from 195.34.224.1: icmp_seq=1 ttl=59 time=3.14 ms
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
- wread
- Module Guard
- Posts: 1255
- Joined: 09 Jan 2011, 18:48
- Distribution: Porteus v5.0-kde-64 bits
- Location: Santo Domingo
- Contact:
Building a cache DNS server
@Blaze
You are comparing wrong...I compare so:
64 bytes from 8.8.8.8: icmp_seq=6 ttl=58 time=37.9 ms
and
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.063 ms
So my nameserver is 37.9/0.063 = ~600 times faster!!!
Make one for yourself!!
Regards!
You are comparing wrong...I compare so:
64 bytes from 8.8.8.8: icmp_seq=6 ttl=58 time=37.9 ms
and
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.063 ms
So my nameserver is 37.9/0.063 = ~600 times faster!!!
Make one for yourself!!
Regards!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!
The Porteus Community never sleeps!
- wread
- Module Guard
- Posts: 1255
- Joined: 09 Jan 2011, 18:48
- Distribution: Porteus v5.0-kde-64 bits
- Location: Santo Domingo
- Contact:
Building a cache DNS server
@all
Most of you, as I myself, have little experience with DNS. Only once I had to do with that...
I found in my bookshelf a print made by me about 20 years ago, as I wanted to connect to my office computer from outside. For that I needed a static IP to a not-affordable price, besides I should register a domain, I needed two nameservers,etc. etc. So I had to take a good look at this things first.
That print shows how to set up a cache DNS server as a first step - so that one understands how it works - before building a name server for a real domain. I remember having done that exercise and how pleased I was with the results.
It works so, that with each new query you make to the outside, your nameserver makes a copy of the IP, so for the next query to the site you do not have to dig in the DNS to find the IP.
Now the gain: filters must intercept queries at nameserver-level of the blocking link, and mostly react at domain names, not at IPs. With minor tweaks, you can hack your nameserver to bypass many filters. When I am more advanced with the matter I will post a little howto. Meanwhile you can download this folder and try yourself.
Happy hacking!
Most of you, as I myself, have little experience with DNS. Only once I had to do with that...
I found in my bookshelf a print made by me about 20 years ago, as I wanted to connect to my office computer from outside. For that I needed a static IP to a not-affordable price, besides I should register a domain, I needed two nameservers,etc. etc. So I had to take a good look at this things first.
That print shows how to set up a cache DNS server as a first step - so that one understands how it works - before building a name server for a real domain. I remember having done that exercise and how pleased I was with the results.
It works so, that with each new query you make to the outside, your nameserver makes a copy of the IP, so for the next query to the site you do not have to dig in the DNS to find the IP.
Now the gain: filters must intercept queries at nameserver-level of the blocking link, and mostly react at domain names, not at IPs. With minor tweaks, you can hack your nameserver to bypass many filters. When I am more advanced with the matter I will post a little howto. Meanwhile you can download this folder and try yourself.
Happy hacking!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!
The Porteus Community never sleeps!
- Blaze
- DEV Team
- Posts: 3884
- Joined: 28 Dec 2010, 11:31
- Distribution: ⟰ Porteus current ☯ all DEs ☯
- Location: ☭ Russian Federation, Lipetsk region, Dankov
- Contact:
Building a cache DNS server
wread, I think that than value of time is low, than better. I'am wrong?
My tests of DNS-servers in Windows
n0ctilucient, OpenDNS is very slowly for me - 194 ms
My tests of DNS-servers in Windows
n0ctilucient, OpenDNS is very slowly for me - 194 ms
I will tell you a secret - traffic is monitored by all.
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
- wread
- Module Guard
- Posts: 1255
- Joined: 09 Jan 2011, 18:48
- Distribution: Porteus v5.0-kde-64 bits
- Location: Santo Domingo
- Contact:
Building a cache DNS server
First Report on Bypassing Contents Filter at the University with Help of a Cache DNS Server
The net facilities of Educational Institutions are loaded with very intense traffic, so the administrations of the net facilities usually blocks the sites with streaming data to keep bandwidth within prudential limits. Administrative personal and students at my university complain they cannot see videos (youtube!) in their leisure moments.
Many months ago I made my first attempt; I did it using a proxy and a tunnel- with success!, but it was not so easy as you can imagine to set the tunnel and the proxy was kind of a doctor's dissertation. I thought there should be an easier way to get it done.
Later I came across Tor and made a second intent of bypassing the filters without success. Tor itself is somehow blocked too! No luck!
Today the first idea I had, was to try to get those blocked sites by "exchanging" the local DNS of the uni against mine. No luck either! Then I remembered tor! I activated it and launched vidalia and Hurra! it connected Started chromium and the streaming video came through to my computer!
Fine businness William I said, you did it!
...and without a doctor's dissertation!
Enjoy!
The net facilities of Educational Institutions are loaded with very intense traffic, so the administrations of the net facilities usually blocks the sites with streaming data to keep bandwidth within prudential limits. Administrative personal and students at my university complain they cannot see videos (youtube!) in their leisure moments.
Many months ago I made my first attempt; I did it using a proxy and a tunnel- with success!, but it was not so easy as you can imagine to set the tunnel and the proxy was kind of a doctor's dissertation. I thought there should be an easier way to get it done.
Later I came across Tor and made a second intent of bypassing the filters without success. Tor itself is somehow blocked too! No luck!
Today the first idea I had, was to try to get those blocked sites by "exchanging" the local DNS of the uni against mine. No luck either! Then I remembered tor! I activated it and launched vidalia and Hurra! it connected Started chromium and the streaming video came through to my computer!
Fine businness William I said, you did it!
...and without a doctor's dissertation!
Enjoy!
Last edited by wread on 28 Nov 2017, 11:06, edited 1 time in total.
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!
The Porteus Community never sleeps!
- Blaze
- DEV Team
- Posts: 3884
- Joined: 28 Dec 2010, 11:31
- Distribution: ⟰ Porteus current ☯ all DEs ☯
- Location: ☭ Russian Federation, Lipetsk region, Dankov
- Contact:
Building a cache DNS server
If who use OpenWrt firmware - settings with DNS of Google 8.8.8.8 and 8.8.4.4 looks like this:
Code: Select all
cat /etc/config/dhcp
Code: Select all
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option resolvfile '/tmp/resolv.conf.auto'
list server '8.8.8.8'
list server '8.8.4.4'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
list dhcp_option '6,8.8.8.8,8.8.4.4'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
- wread
- Module Guard
- Posts: 1255
- Joined: 09 Jan 2011, 18:48
- Distribution: Porteus v5.0-kde-64 bits
- Location: Santo Domingo
- Contact:
Building a cache DNS server
Last News Regarding Bypassing Contents Filter at the University with Help of a Cache DNS Server
After breaking through the contents filter at the uni, I was almost an hour looking at videos about UFOS. As usual, the security team, looks at the screens of all users randomly.
Well, next day I came to my officce and found out my internet connection was "broken". They said the connection was work of extraterrestrials so they disconnected my local IP from the IN
After breaking through the contents filter at the uni, I was almost an hour looking at videos about UFOS. As usual, the security team, looks at the screens of all users randomly.
Well, next day I came to my officce and found out my internet connection was "broken". They said the connection was work of extraterrestrials so they disconnected my local IP from the IN
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!
The Porteus Community never sleeps!
- Rava
- Contributor
- Posts: 5401
- Joined: 11 Jan 2011, 02:46
- Distribution: XFCE 5.01 x86_64 + 4.0 i586
- Location: Forests of Germany
Building a cache DNS server
wread is there an easy to follow step-by-step howto for trying out your unblock the internet and/or using an own cached DNS server?
Cheers!
Yours Rava
Yours Rava