D. J. Bernstein
Internet publication
djbdns

How to run a forwarding cache on a home computer

Here is how to set up your computer so that it uses another computer to find addresses of Internet hosts, and remembers the addresses for future use. The other computer is set up by your Internet service provider to run an external DNS cache. These instructions are more complicated than the workstation instructions, but they provide better performance if your computer has a slow Internet connection.

If your computer is running a DHCP client to obtain a dynamically assigned IP address from your ISP, and if your DHCP client cannot be configured to make external DNS cache information available to dnscache, you will have to use the workstation instructions instead of these instructions.

These instructions assume that you have already installed daemontools and djbdns (version 1.03 or above), and that svscan is already running.

1. As root, create UNIX accounts named Gdnscache and Gdnslog.

2. As root, create an /etc/dnscache service directory: 

     dnscache-conf Gdnscache Gdnslog /etc/dnscache
This directory contains logs and a few configuration files that you can change later.

3. If your computer is running a DHCP client to obtain a dynamically assigned IP address from your ISP, configure the DHCP client to make external DNS cache information available to dnscache, and skip to step 7.

4. Find out the IP address of the external DNS cache. Many ISPs call this the ``DNS server address.''

5. Check that your computer can talk to the external DNS cache. For example, if the IP address of the external DNS cache is 10.53.0.1: 

     env DNSCACHEIP=10.53.0.1 dnsqr a www.aol.com
Normally dnsqr will instantly print various lines such as ``answer: www.aol.com 3600 CNAME www.gwww.aol.com.'' If dnsqr instead pauses for a minute and prints ``timed out,'' your computer is not properly attached to your ISP's network (or the DNS cache is down). You may have a firewall interfering with your computer's Internet access; if so, tell your firewall to allow UDP and TCP from this computer's ports 1024 through 65535 to the external DNS cache's port 53.

6. As root, put the IP address of the external DNS cache into /etc/dnscache/root/servers/@, replacing the previous contents of that file. For example, if the IP address of the external DNS cache is 10.53.0.1: 

     echo 10.53.0.1 > /etc/dnscache/root/servers/@

7. As root, create /etc/dnscache/env/FORWARDONLY: 

     echo 1 > /etc/dnscache/env/FORWARDONLY

8. As root, tell svscan about the new service, and use svstat to check that the service is up: 

     ln -s /etc/dnscache /service/dnscache
     sleep 5
     svstat /service/dnscache

9. As root, put 

     nameserver 127.0.0.1
into /etc/resolv.conf, replacing any previous nameserver lines. You can skip this step if there are no nameserver lines or if /etc/resolv.conf doesn't exist.

10. Check whether you can look up addresses of some Internet hosts: 

     dnsip www.cnn.com
     dnsip www.fsf.org
Then try surfing the web. If you want to see what dnscache is doing behind the scenes, read /service/dnscache/log/main/current.

11. Set up a public web page saying that your DNS cache is powered by djbdns, so that a Google search for powered djbdns will find your page in a few months. These public statements will encourage other people to deploy djbdns, provide djbdns support services, and develop djbdns-related tools. Please also consider making a donation to the Bernstein Writing Fund.