Configuring a caching only DNS server on Solaris hosts


While investigating a performance issue a few weeks back, I noticed that a couple of our Solaris hosts were sending 10s of thousands of DNS requests to our authoritative DNS servers. Since the application was broken and unable to cache DNS records, I decided to configure a local caching only DNS server to reduce load on our DNS servers.

Creating a caching only name server on a Solaris host is a piece of cake. To begin, you will need to create a directory to store the bind zone files:

$ mkdir -p /var/named/conf

After this directory is created, you will need to place the 127.0.0.1, localhost and root.hints file in the conf directory. You can grab the 127.0.0.1 and localhost files from my site, and the root.hints file can be generated with the dig utility:

$ dig @a.root-servers.net . ns > /var/named/conf/root.hints

Next you will need to create a BIND configuration file (a sample bind configuration file is also available on my site). The BIND packages that ship with Solaris check for this file in /etc/named.conf by default, so it’s easiest to create it there (you can also hack the SMF start script, but that can get overwritten in the future and wipe out your changes). To start the caching only DNS server, you can enable the dns/server SMF service:

$ svcadm enable dns/server

If things started up properly, you should see log entries similar to the following in /var/adm/messages:

Jun 18 10:26:57 server named[7819]: [ID 873579 daemon.notice] starting
BIND 9.6.1-P3
Jun 18 10:26:57 server named[7819]: [ID 873579 daemon.notice] built
with --prefix=/usr --with-libtool --bindir=/usr/sbin --sbindir=/usr/sbin
--libdir=/usr/lib/dns --sysconfdir=/etc --localstatedir=/var
--with-openssl=/usr/sfw --enable-threads=yes --enable-devpoll=yes
--enable-fixed-rrset --disable-openssl-version-check
-DNS_RUN_PID_DIR=0

To test the caching only DNS server, you can use our trusty friend dig:

$ dig @127.0.0.1 a cnn.com

If that returns the correct A record, it’s a safe bet that the caching only name server is doing its job! To configure the server to query the local DNS server, you will need to replace the nameserver entries in /etc/resolv.conf with the following:

nameserver 127.0.0.1

This will force resolution to the DNS server bound to localhost, and allow the local machine to cache query responses. DNS caching is good stuff, and setting this up on a Solaris machine is a piece of cake!

This article was posted by Matty on 2010-07-14 18:07:00 -0400 -0400