Configuring a caching only DNS server on Solaris hosts

While investigating a performance issue a few weeks back, I noticed that a couple of our Solaris hosts were sending 10s of thousands of DNS requests to our authoritative DNS servers. Since the application was broken and unable to cache DNS records, I decided to configure a local caching only DNS server to reduce load on our DNS servers.

Creating a caching only name server on a Solaris host is a piece of cake. To begin, you will need to create a directory to store the bind zone files:

$ mkdir -p /var/named/conf

After this directory is created, you will need to place the 127.0.0.1, localhost and root.hints file in the conf directory. You can grab the 127.0.0.1 and localhost files from my site, and the root.hints file can be generated with the dig utility:

$ dig @a.root-servers.net . ns > /var/named/conf/root.hints

Next you will need to create a BIND configuration file (a sample bind configuration file is also available on my site). The BIND packages that ship with Solaris check for this file in /etc/named.conf by default, so it’s easiest to create it there (you can also hack the SMF start script, but that can get overwritten in the future and wipe out your changes). To start the caching only DNS server, you can enable the dns/server SMF service:

$ svcadm enable dns/server

If things started up properly, you should see log entries similar to the following in /var/adm/messages:

Jun 18 10:26:57 server named[7819]: [ID 873579 daemon.notice] starting BIND 9.6.1-P3
Jun 18 10:26:57 server named[7819]: [ID 873579 daemon.notice] built with –prefix=/usr –with-libtool –bindir=/usr/sbin –sbindir=/usr/sbin –libdir=/usr/lib/dns –sysconfdir=/etc –localstatedir=/var –with-openssl=/usr/sfw –enable-threads=yes –enable-devpoll=yes –enable-fixed-rrset –disable-openssl-version-check -DNS_RUN_PID_DIR=0

To test the caching only DNS server, you can use our trusty friend dig:

$ dig @127.0.0.1 a cnn.com

If that returns the correct A record, it’s a safe bet that the caching only name server is doing its job! To configure the server to query the local DNS server, you will need to replace the nameserver entries in /etc/resolv.conf with the following:

nameserver 127.0.0.1

This will force resolution to the DNS server bound to localhost, and allow the local machine to cache query responses. DNS caching is good stuff, and setting this up on a Solaris machine is a piece of cake!

1 thought on “Configuring a caching only DNS server on Solaris hosts”

  1. No need to hack the SMF start script. You can change the configuration file path using svccfg and the ‘options/configuration_file’ property on the svc:/network/dns/server:default service.

Leave a Reply

Your email address will not be published. Required fields are marked *