Saturday, October 31, 2009

Rock Solid Ultra Fast & Light Caching DNS with Unbound

Okie,  Today we are going to make a caching dns to do all DNS query handling instead of our ISP's sicko DNS servers. 
Why caching DNS?


Why not caching DNS where the queries can get resolved at my network itself instead every time I open a site the dns queries traverse all the way from my network to ISP DNS Servers?
Dont you think its gona save some time and make my browsing faster?


Small doubt??? Ok lets try dns query with ISP DNS servers and our local caching DNS and see the time it can take once we have the local caching DNS server ready 


So ingredients for this local caching DNS are as follows


As usual all my notes are FreeBSD specific


My gateway -> FreeBSD 7.2 running squid and pf for basic firewalling and transparent proxying


my /etc/resov.conf
search  .com
nameserver




Now that ISP DNS ip address will be changed to 127.0.0.1 once  our caching dns starts


Ok Now the actual dns cache software that is Unbound
Now why unbound???


All we needed to run was a caching DNS and I don’t want an heavy full DNS server to implement just a small feature i.e. caching


Ok now lets get out hand dirty
My way of installation is always starts with compiling my own instead of installing from binary
Now custom compiling? 
Ans: I love to see my system churning out some crap compiling msgs LOL
Ok leave it there


Lets go to the ports and install from there


#cd /usr/ports/dns/unbound
make install clean


wait for some time to get it compiled and installed


Ok time to get configuration modified for our requirement
# cd /usr/local/etc/unbound
# cp unbound.conf.sample unbound.conf
#vi unbound.conf


Modify the following

  • Interface
  • eg. Interface 192.168.1.1
  • Outgoing-interface:
  • Cache-min-ttl
  •  Do-ip6 set if want ip 6
  • Access-control: 192.168.0.0/16 allow
  • Private-address: <192.168.0.0/16>
  • Private-domain:





Ok that must be enough to get the unbound working


Lets modify the /etc/rc.conf to get unbound loads every time when we restart the system


add at the end of /etc/rc.conf


unbound_enable="YES"


save and quit
Now lets check how much time our crapy ISP takes to resolve our dns query
#dig freebsd.org


note the Query time in msec it takes


Lets modify the /etc/resolv.conf
Remove the name server enrty and add
nameserver 127.0.0.1


Save and Quit
Lets start the unbound manually for the first time


/usr/local/etc/rc.d/unbound start


Ok if that starts without an error message then we are successful with unbound


Ok Here we go lets dig again 
#dig netbsd.org
See the time it took? Not happy? How about querying again
#dig netbsd.org 
See the Query Time it took????


So thats all for now
Enjoy and safe computing
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)