Monday, October 09, 2006

Local DNS cache in Kubuntu using pdnsd

I have a little wireless network (802.11g) in my house to connect to the Internet. The hub I use provides me with NAT addressing, DHCP server and DNS server all in a little package. The NAT and DHCP servers work flawlessly but I cannot say the same of the DNS.

The DNS is very slow (100ms) to give me a query response using dig and I have found that every three requests if fails to give me a response at all. This is very annoying when using a web search engine as every third click the browser would complain that could not resolve the hostname.

To solve this I decided to install a local DNS cache and googling I found this blog . In this blog the author recommends Dnsmasq as a local cache server. I tried it and works perfectly but I found out that the cache is not persistent which means that every time I restart the Dnsmasq service (i.e. reboot the pc) the cache is erased. Also Dnsmasq is not only a DNS cache server but also a full DNS and DHCP server that feels a little overkill for what I needed.

In between the comments to the blog post above the commenter's provided two alternatives to Dnsmasq. One was nscd and the other was pdnsd. I only overlooked nscd that seemed too simple and decided to try pdnsd that has persistent cache and is only a DNS Proxy and nothing more.

The steps are simple in Kubuntu. First we install the pdnsd package:

sudo aptitude install pdnsd

If the installation cannot find the pdnsd package make sure you have enabled the universe repository in your sources.list file. Next we edit the pdnsd configuration file:

/etc/pdnsd.conf

make sure the listen-address is set to the loop interface:


global {
perm_cache=512;
cache_dir="/var/cache/pdnsd";
max_ttl=604800;
run_as="pdnsd";
paranoid=on;
status_ctl=on;
# server_port=53;
server_ip="127.0.0.1";
}


server {
ip="your_isp_dns_ip_address";
timeout=30;
interval=30;
uptest=ping;
ping_timeout=50;
purge_cache=off;
}


# if you installed resolvconf, and status_ctl=on
server {
label="resolvconf";
}

source {
ttl=86400;
owner="localhost.";
# serve_aliases=on;
file="/etc/hosts";
}


I simply modified the default configuration that came with the pdnsd package. Simply pay attention to the blue parts above. Make sure the server is listening to the loop interface (i.e. 127.0.0.1) and that you configure the DNS server ip address of your ISP.

Now we must tell the DHCP client in our machine to add the loop interface as a nameserver. Without this we would require to edit the resolv.conf file every time we get a new lease from the DHCP server.

/etc/dhcp3/dhclient.conf

make sure this file looks like this:

#supersede domain-name "fugue.com home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope;

Now make sure you get a new dhcp lease by restarting the network and start the pdnsd service (i.e. /etc/init.d/pdnsd start).

In my machine now a dns query using dig takes ~4ms.

[~]> dig www.kde.org

; <<>> DiG 9.3.2 <<>> www.kde.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44676
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.kde.org. IN A

;; ANSWER SECTION:
www.kde.org. 8801 IN A 62.70.27.118

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 9 14:45:16 2006
;; MSG SIZE rcvd: 45


I must also note that the performance problems I had due to my DNS server failing were not present in Firefox. This is because Firefox implements it's own DNS caching. Since I use KDE applications mostly (Kmail, Akregator, Konqueror, Kopete) the bad performance of my DNS server was causing a pronounced degradation on my Internet experience (i.e. Akregator would fail to fetch every third feed or Kmail would fail to fetch emails from my gmail account if I had three or more pages loading in Konqueror at the time.). With the local DNS cache now everything works just perfect.

No comments:

Post a Comment