Mar
16

Crib notes for setting up DJBDNS on Debian Lenny

Lawrence Sheed // 16 Mar 2009 // 2 Comments

This is a bit boring for non-techies, but useful for me as reference when I install a new server.

Sets up a a DNS caching server for the computer in question in order to speed up apache lookup, mail resolving etc.
Below assumes that server has no daemontools yadda yadda installed.

Setup in a shell script, and run as root. (If you trust me.)

Note, mostly filched from here – http://hydra.geht.net/tino/howto/linux/djbdns/ (Thanks!)

mkdir -p /downloads
cd /downloads

wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz

# Unpack patches
wget http://www.qmail.org/netqmail-1.05.tar.gz
tar xfz netqmail-1.05.tar.gz

# Compile the easy stuff

rm -rf djbdns-1.05
tar xfz djbdns-1.05.tar.gz
( cd djbdns-1.05; patch < ../netqmail-1.05/other-patches/daemontools-0.76.errno.patch; )
( cd djbdns-1.05; make; )

rm -rf ucspi-tcp-0.88
tar xfz ucspi-tcp-0.88.tar.gz
patch -p0 < netqmail-1.05/other-patches/ucspi-tcp-0.88.errno.patch
( cd ucspi-tcp-0.88; make; )

# Install the easy stuff

( cd djbdns-1.05; make setup check; )
( cd ucspi-tcp-0.88; make setup check; )

# Now compile and install daemontools.
# As this is run from /sbin/init this must live in root /

HERE="`pwd`"

mkdir -p /package
chmod 1755 /package
cd /package

rm -rf admin/daemontools-0.76
tar xfz "$HERE"/daemontools-0.76.tar.gz
( cd admin; patch -p0 <"$HERE"/netqmail-1.05/other-patches/daemontools-0.76.errno.patch; )
cd admin/daemontools-0.76
package/install

# Restart init to let init execute svscanboot

init q

# Add the resolver

groupadd dnscache
useradd -g dnscache dnscache
useradd -g dnscache dnslog

/usr/local/bin/dnscache-conf dnscache dnslog /var/dnscache

ln -s /var/dnscache /service
svc -u /service/dnscache

# Fix the nameservers to point to current ICANN structure
# This assumes you have dig installed

{
echo "nameserver 127.0.0.1"
cat /etc/resolv.conf
} >/etc/resolv.conf.new
mv --backup=t /etc/resolv.conf.new /etc/resolv.conf

# Patch in the current list of root servers
for a in a b c d e f g h i j k l m
do
dig +short $a.root-servers.net.
done > /var/dnscache/root/servers/\@

svc -d /service/dnscache
svc -u /service/dnscache

March 16, 2009 // Technical Mumbo Jumbo // 2 Comments //

2 Comments to “Crib notes for setting up DJBDNS on Debian Lenny”

Derek Bush says:

December 5, 2009 at 2:00 am

Lenny includes package djbdns (permitted by the license change).

You still have to manually create the group and users though.
And you don’t get the handy init scripts that djbdns-installer installed.

Package dbndns (DeBiaN DNS) is a fork that includes the IPv6 patch.

Reply
Lawrence Sheed says:

December 5, 2009 at 2:16 am

I’ve looked, but its not packaged as an easy replacement, it has other services and bit and bobs attached it wants to install, and those will fight with my existing setup.

My way is slightly harder, but infinitely more customizable for my needs, so I consider the extra 10 minutes spent worth it.

I usually build new servers every now and then with different methods just to see if I can improve.

Quite happy with my software choices though from a security and maintenance perspective. From an install perspective, not great, but not too onerous. Automation is the issue though, and I have been looking at solutions. eg Puppet, although also with the aim of giving myself a project with that for the experience.

Phew, long answer!

Reply