As a follow up to my last post on installing and configuring a sample pdnsd setup for cache only dns server, I wanted to share the context I made my setup in.
In our scenario we have a windows AD environment supporting all windows workstations and domain authentication. We also have a bind dns server on the side where we update all other local dns server entry for various servers.
We have placed couple of pdnsd server to process all dns requests from the local network
All dns requests are served by pdnsd server, while pdnsd server forwards appropriate requests to appropriate server and cache the data as per the systems configuration.
pdnsd Server: 192.168.XXX.99 Active directory dns1: 192.168.XXX.X1 Active directory dns2: 192.168.XXX.X2 Bind dns: active directory dns1: 192.168.XXX.X2
Configuration file template for the above case, download this pdnsd.conf copy the content and save it as /etc/pdnsd.conf in your pdnsd server
// pdnsd configuration file by http://tektab.com. // read more on how to use this file @ https://tektab.com/2013/03/21/pdnsd-with-internal/ //Must be customized to obtain a working pdnsd setup! // Read the pdnsd.conf(5) manpage for an explanation of the options. global { perm_cache=20480; cache_dir=”/var/cache/pdnsd”; # pid_file = /var/run/pdnsd.pid; run_as=”pdnsd”; server_ip = 127.0.0.1; server_ip = eth0; # Use eth0 here if you want to allow other status_ctl = on; # paranoid=on; query_method=tcp_udp; # pdnsd must be compiled with tcp # query support for this to work. min_ttl=3d; # One day, Retain cached entries at least 15 minutes. max_ttl=1w; # One week. timeout=20; # Global timeout option (10 seconds). proc_limit=150; procq_limit=200; debug = off; } # The following section is most appropriate for fixed connections to the Internet. server { label= “ourdomain.com”; #UPDATE THE LABEL #UPDATE ip = 192.168.XXX.X3; # Your bind server address #UPDATE # proxy_only=on;# Do not query any name servers beside your ISP’s. timeout=15; # Server timeout; this may be much shorter # that the global timeout option. uptest=if; interface=eth0; interval=10m; # Check every 10 minutes. purge_cache=off; # Keep stale cache entries in case the ISP’s # DNS servers go offline. exclude = .ads.ourdomain.com; #UPDATE } server { label= “ads.ourdomain.com”; #UPDATE THE LABEL #UPDATE ip = 192.168.XXX.X1; # Primary DNS of windows ADS #UPDATE ip = 192.168.XXX.X2; # Secondery DNS of windows ADS. #UPDATE proxy_only=on; # Do not query any name servers beside your ISP’s. timeout=15; # Server timeout; this may be much shorter # that the global timeout option. uptest=if; interface=eth0; #UPDATE interval=10m; # Check every 10 minutes. purge_cache=off; # Keep stale cache entries in case the ISP’s # DNS servers go offline. } # This section is meant for resolving from root servers. server { label = “root-servers”; root_server=on; ip = 198.41.0.4 , 192.228.79.201 , 192.33.4.12 , 128.8.10.90 , 192.203.230.10 , 192.5.5.241 , 192.112.36.4 , 128.63.2.53 # , 192.36.148.17 # , 192.58.128.30 # , 193.0.14.129 # , 198.32.64.12 # , 202.12.27.33 ; timeout = 15; uptest = query; interval = 30m; # Test every half hour. ping_timeout = 300; # 30 seconds. purge_cache = off; exclude = .localdomain; exclude = .ourdomain.com; #UPDATE policy = included; preset = off; } source { owner=localhost; # serve_aliases=on; file=”/etc/hosts”; } rr { name=localhost; reverse=on; a=127.0.0.1; owner=localhost; soa=localhost,root.localhost,42,86400,900,86400,86400; }Configuration file template for the above case, download this pdnsd.conf copy the content and save it as /etc/pdnsd.conf in your pdnsd server After saving the config tile to /etc/pdnsd.conf reload the pdnsd config file
services pdnsd reloadCheck the local dns lookup
dig @192.168.XXX.99 XXXX.mydomain.com dig @192.168.XXX.99 XXXX.ads.mydomain.com dig @192.168.XXX.99 google.comIf you need help with seeting up a pdnsd server, please lookup my blog post on how to setup a pdnsd server for cache only dns server https://tektab.com/2013/03/21/howto-pdnsd-on-redhatcentos-from-source/
Technology Tab 