Configuring cache only DNS server on Solaris 10 
Introduction
Caching only DNS server is a DNS server that not holding any zones. It only forwards DNS requests to external DNS servers. External DNS servers may be an ISP or ROOTS HINT servers.
Also caching DNS server caches all queries locally, so it will speed up the resolving for internal LAN clients.
I’m going to use BIND9 as DNS server.
Prerequisites
Make sure to open in firewall port 53/UDP to outside word, so our caching DNS server can query external DNS servers.
Make sure to open in firewall port 53/UDP from Local LAN to our caching DNS server, so internal LAN clients can query caching DNS server.
Make sure that BIND is installed, see the note below…
NOTE:
Bind is installed by default on Solaris 10, but it is disabled, you can see it by typing this command:
# svcs –a | grep dns
Output should be similar to this:
disabled Jan_16 svc:/network/dns/server:default
online Jan_16 svc:/network/dns/client:default
Next, we will configure BIND and then enable the DNS server service.
Configuring BIND (named) daemon
BIND will look for zone files in “/var/named”, will create a PID file named “/var/named/named.pid”, and will not allow zone transfers.
Create Zones Directory:
# mkdir –p /var/named/db
# mkdir /var/named/cache
# chown –R root:sys /var/named
Create BIND configuration file:
# vi /etc/named.conf
Copy & Paste this text to the file:
// This is the primary configuration file for the BIND DNS server named.
//
options {
directory "/var/named/cache";
pid-file "/var/named/named.pid";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no;
listen-on-v6 { none; };
listen-on { any; };
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/var/named/db/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/var/named/db/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/var/named/db/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/var/named/db/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/var/named/db/db.255";
};
Configure BIND for control with rndc:
# /usr/sbin/rndc-confgen -a
Create default zones
Create root servers zone (“.”), located in “/var/named/db/db.root”, just type in terminal:
# dig @a.root-servers.net . ns > /var/named/db/db.root
Next, you need to create forward and reverse zones for loopback interface, and for broadcast zones, be authoritative for them as described in RFC 1912.
Zone “localhost”, located in “/var/named/db/db.local”:
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
Reverse lookup zone “127.in-addr.arpa”, located in “/var/named/db/db.127”:
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.
Reverse lookup zone “0.in-addr.arpa”, located in “/var/named/db/db.0”:
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
Reverse lookup zone “255.in-addr.arpa”, located in “/var/named/db/db.255”:
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
Enable DNS Server service, and check that resolving is working
Enable DNS Server service:
# svcadm enable svc:/network/dns/server:default
Check that the service started successfully:
# tail /var/adm/messages
Output should be similar to this:
Jan 14 07:22:39 ns-cache named[17971]: [ID 873579 daemon.notice] starting BIND 9.2.4
Jan 14 07:22:39 ns-cache named[17971]: [ID 873579 daemon.notice] command channel listening on 127.0.0.1#953
Jan 14 07:22:39 ns-cache named[17971]: [ID 873579 daemon.notice] couldn't add command channel ::1#953: address not available
Jan 14 07:22:39 ns-cache named[17971]: [ID 873579 daemon.notice] running
Also you may check the service status, by typing the command:
# svcs –a | grep dns
Output should be similar to this:
online Jan_16 svc:/network/dns/server:default
online Jan_16 svc:/network/dns/client:default
Check resolving:
# dig @127.0.0.1 planetit.ws
Output should be similar to this:
; <<>> DiG 9.2.4 <<>> @127.0.0.1 planetit.ws
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 911
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;planetit.ws. IN A
;; ANSWER SECTION:
planetit.ws. 3600 IN A 89.208.43.39
;; AUTHORITY SECTION:
planetit.ws. 3600 IN NS ns1.depohost.ru.
planetit.ws. 3600 IN NS ns2.depohost.ru.
;; ADDITIONAL SECTION:
ns1.depohost.ru. 3600 IN A 89.208.43.40
ns2.depohost.ru. 3600 IN A 82.146.32.109
;; Query time: 512 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 20 11:28:25 2008
;; MSG SIZE rcvd: 124