Building a cache DNS server

Post tutorials, HOWTO's and other useful resources here.
Post Reply
User avatar
wread
Module Guard
Module Guard
Posts: 1118
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Building a cache DNS server

Post#1 by wread » 21 Nov 2017, 20:52

@all
DNS is the Domain Name System. DNS converts machine names to the IP numbers , it maps from name to address and from address to the name of the machine.

Normally you don't need a name server, but if you are behind any kind of firewall that blocks name queries, you will be glad to have one. For this case you will need a special configuration. But having one speeds searching sites before connecting to them.

Try it yourself: I downloaded and installed from packages.slackware.com the packages "bind" and "libedit", then I edited the file /etc/resolv.conf by adding at the top "nameserver 127.0.0.1" -without the quotes- and that's all :Yahoo!: You only need to activate the name server daemon by typing "named"at the console prompt...

You can test it then by typing: "nslookup anydomain.com" once...and take note of the IP of the nameserver displayed...

Then do it again once more....you will notice the name server now is 127.0.0.1 = your local host number! B)

You will also notice the search time for the site is to a minimum reduced! You will notice the difference...

I will leave to the more advanced, how to generate the file /etc/resolv.conf at startup automatically and dynamically, so connecting to different dhcp servers, you still get the local nameserver listed first.

Enjoy!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
Blaze
DEV Team
DEV Team
Posts: 1556
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus 3.2 Cinnamon x86_64
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Building a cache DNS server

Post#2 by Blaze » 22 Nov 2017, 17:18

wread, in my OpenWrt router I use google DNS servers 8.8.8.8 and 8.8.4.4
Image
Linux porteus 4.13.3-porteus #1 SMP PREEMPT Sat Sep 23 18:22:13 x86_64 Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Tobago PRO [Radeon R7 360 / R9 360 OEM] (rev 81) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

User avatar
wread
Module Guard
Module Guard
Posts: 1118
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Building a cache DNS server

Post#3 by wread » 22 Nov 2017, 19:27

@Blaze
Not bad, they are never down, but these have the heaviest load one can imagine and are far away from my computer.
Try ping 8.8.8.8 without and with cache DNS :D

Without cache, nameserver 8.8.8.8 ist about 1 second away from my computer each query; with cache:
"64 bytes from 8.8.8.8: icmp_seq=12 ttl=58 time=36.2 ms" :celebrate3:

You will feel the difference..

Regards!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
Blaze
DEV Team
DEV Team
Posts: 1556
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus 3.2 Cinnamon x86_64
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Building a cache DNS server

Post#4 by Blaze » 23 Nov 2017, 16:58

Code: Select all

64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=10.7 ms
vs
64 bytes from 195.34.224.1: icmp_seq=1 ttl=59 time=3.14 ms
but DNS 195.34.224.1 and 195.34.224.2 from my provider is not stable.
Linux porteus 4.13.3-porteus #1 SMP PREEMPT Sat Sep 23 18:22:13 x86_64 Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Tobago PRO [Radeon R7 360 / R9 360 OEM] (rev 81) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

User avatar
wread
Module Guard
Module Guard
Posts: 1118
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Building a cache DNS server

Post#5 by wread » 23 Nov 2017, 23:46

@Blaze
You are comparing wrong...I compare so:

64 bytes from 8.8.8.8: icmp_seq=6 ttl=58 time=37.9 ms
and
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.063 ms

So my nameserver is 37.9/0.063 = ~600 times faster!!! B)

Make one for yourself!!

Regards!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
n0ctilucient
Samurai
Samurai
Posts: 141
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Building a cache DNS server

Post#6 by n0ctilucient » 24 Nov 2017, 11:16

I use google DNS servers
Blaze... I use OpenDNS (Cisco Systems) @ 208.67.220.220

It's also free... but faster... more secure and it doesn't spy on you.

Google (NSA?) monitors traffic. :shock:

.
:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should consider.

User avatar
wread
Module Guard
Module Guard
Posts: 1118
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Building a cache DNS server

Post#7 by wread » 24 Nov 2017, 13:32

@all
Most of you, as I myself, have little experience with DNS. Only once I had to do with that...

I found in my bookshelf a print made by me about 20 years ago, as I wanted to connect to my office computer from outside. For that I needed a static IP to a not-affordable price, besides I should register a domain, I needed two nameservers,etc. etc. So I had to take a good look at this things first.

That print shows how to set up a cache DNS server as a first step - so that one understands how it works - before building a name server for a real domain. I remember having done that exercise and how pleased I was with the results.
It works so, that with each new query you make to the outside, your nameserver makes a copy of the IP, so for the next query to the site you do not have to dig in the DNS to find the IP.

Now the gain: filters must intercept queries at nameserver-level of the blocking link, and mostly react at domain names, not at IPs. With minor tweaks, you can hack your nameserver to bypass many filters. When I am more advanced with the matter I will post a little howto. Meanwhile you can download this folder and try yourself. :happy62:

Happy hacking!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
Blaze
DEV Team
DEV Team
Posts: 1556
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus 3.2 Cinnamon x86_64
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Building a cache DNS server

Post#8 by Blaze » 24 Nov 2017, 15:04

wread, I think that than value of time is low, than better. I'am wrong?

My tests of DNS-servers in Windows
Image
Image

n0ctilucient, OpenDNS is very slowly for me - 194 ms
n0ctilucient wrote:
24 Nov 2017, 11:16
Google (NSA?) monitors traffic.
I will tell you a secret - traffic is monitored by all.
Linux porteus 4.13.3-porteus #1 SMP PREEMPT Sat Sep 23 18:22:13 x86_64 Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Tobago PRO [Radeon R7 360 / R9 360 OEM] (rev 81) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

User avatar
n0ctilucient
Samurai
Samurai
Posts: 141
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Building a cache DNS server

Post#9 by n0ctilucient » 24 Nov 2017, 23:46

:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should consider.

User avatar
wread
Module Guard
Module Guard
Posts: 1118
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Building a cache DNS server

Post#10 by wread » 25 Nov 2017, 01:04

First Report on Bypassing Contents Filter at the University with Help of a Cache DNS Server

The net facilities of Educational Institutions are loaded with very intense traffic, so the administrations of the net facilities usually blocks the sites with streaming data to keep bandwidth within prudential limits. Administrative personal and students at my university complain they cannot see videos (youtube!) in their leisure moments. :evil:

Many months ago I made my first attempt; I did it using a proxy and a tunnel- with success!, but it was not so easy as you can imagine to set the tunnel and the proxy was kind of a doctor's dissertation. I thought there should be an easier way to get it done.

Later I came across Tor and made a second intent of bypassing the filters without success. Tor itself is somehow blocked too! No luck!

Today the first idea I had, was to try to get those blocked sites by "exchanging" the local DNS of the uni against mine. No luck either! Then I remembered tor! I activated it and launched vidalia and Hurra! it connected :Bravo: Started chromium and the streaming video came through to my computer!

Fine businness William I said, you did it!
...and without a doctor's dissertation!

Enjoy!
Last edited by wread on 28 Nov 2017, 11:06, edited 1 time in total.
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
n0ctilucient
Samurai
Samurai
Posts: 141
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix
Location: 127.0.0.1
Contact:

Building a cache DNS server

Post#11 by n0ctilucient » 25 Nov 2017, 01:56

Yep... Tor gets the job done.

On Android I use Orbot/Orfox (Tor) with Polipoid (http/s cache) and Sandroproxy (DNS proxy).
:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should consider.

User avatar
Blaze
DEV Team
DEV Team
Posts: 1556
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus 3.2 Cinnamon x86_64
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Building a cache DNS server

Post#12 by Blaze » 25 Nov 2017, 13:58

If who use OpenWrt firmware - settings with DNS of Google 8.8.8.8 and 8.8.4.4 looks like this:

Code: Select all

cat /etc/config/dhcp

Code: Select all

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option resolvfile '/tmp/resolv.conf.auto'
	list server '8.8.8.8'
	list server '8.8.4.4'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	list dhcp_option '6,8.8.8.8,8.8.4.4'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
Linux porteus 4.13.3-porteus #1 SMP PREEMPT Sat Sep 23 18:22:13 x86_64 Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Tobago PRO [Radeon R7 360 / R9 360 OEM] (rev 81) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

User avatar
wread
Module Guard
Module Guard
Posts: 1118
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Building a cache DNS server

Post#13 by wread » 01 Dec 2017, 23:26

Last News Regarding Bypassing Contents Filter at the University with Help of a Cache DNS Server

After breaking through the contents filter at the uni, I was almost an hour looking at videos about UFOS. As usual, the security team, looks at the screens of all users randomly.
Well, next day I came to my officce and found out my internet connection was "broken". They said the connection was work of extraterrestrials so they disconnected my local IP from the IN :shock:
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

Post Reply