These instructions also assume that you have taken the recommended approach of using different IP addresses for DNS caches (listed in /etc/resolv.conf) and DNS servers (listed in NS records). Otherwise you will have to use strategy 1 or strategy 2. Strategy 3 is simpler than strategy 2, and it avoids the strategy 1 requirement to change /etc/resolv.conf.
For concreteness, let's say you have BIND caches running on two computers: dnscache1.panic.mil with IP address 1.8.7.33, and dnscache2.panic.mil with IP address 1.8.7.55. Your client computers have nameserver 1.8.7.33 and nameserver 1.8.7.55 in /etc/resolv.conf.
These instructions assume that you have already installed daemontools and djbdns, and that svscan is already running, on both computers.
1. On the first computer, as root, create UNIX accounts named Gdnscache and Gdnslog.
2. On the first computer, as root, create an /etc/dnscache service directory for IP address 1.8.7.33:
dnscache-conf Gdnscache Gdnslog /etc/dnscache 1.8.7.33
3. On the first computer, as root, create entries in /etc/dnscache/root/ip showing which client IP addresses are authorized to use this cache. For example,
touch /etc/dnscache/root/ip/1.8.7
authorizes all clients with IP address 1.8.7.* to use this cache.
4. On the first computer, as root, put
options {
interface-interval 0;
listen-on { 1.8.7.91 };
};
into named.conf.
This tells BIND to stop listening on the 1.8.7.33 address.
5. On the first computer, as root, restart BIND. At this point there is no cache running on the first computer; your clients are relying on the second computer.
6. On the first computer, as root, tell svscan about the new caching service:
ln -s /etc/dnscache /service/dnscache
dnscache will start running on the first computer within five seconds.
7. Check whether you can look up addresses of some Internet hosts through the new cache:
env DNSCACHEIP=1.8.7.33 dnsip www.cnn.com
env DNSCACHEIP=1.8.7.33 dnsip www.fsf.org
Then try surfing the web from your client computers.
If you want to see what dnscache is doing behind the scenes,
read /service/dnscache/log/main/current.
8. Repeat steps 1 through 7 on the second computer, using 1.8.7.55 instead of 1.8.7.33, and using 1.8.7.92 instead of 1.8.7.91.
9. Set up a public web page saying that your DNS cache is powered by djbdns, so that a Google search for powered djbdns will find your page in a few months. These public statements will encourage other people to deploy djbdns, provide djbdns support services, and develop djbdns-related tools. Please also consider making a donation to the Bernstein Writing Fund.