D. J. Bernstein
Internet publication
DNScache
Frequently asked questions

Local DNS cache


How do I configure a local cache? Right now my machine has a nameserver line in /etc/resolv.conf telling it to send DNS queries to a cache on another host. I'd like to run dnscache on this machine to handle future queries.

Answer: This answer assumes that your boot scripts are already running svscan in a /service directory. dnscache relies on svscan to start it and to restart it at boot time.

You will have to make three decisions:

Create the service directory by running the dnscache-conf program:
     dnscache-conf dnscache dnslog /etc/dnscache
Tell svscan about the new service:
     ln -s /etc/dnscache /service
svscan will start the service within one minute. Finally, replace the nameserver line in /etc/resolv.conf with
     nameserver 127.0.0.1

Now test! Use your web browser. Send some email. Check the logs in /service/dnscache/log/main. If you're familiar with DNS querying tools such as nslookup and dig, you can use them to test dnscache before you replace your nameserver lines; simply send queries to server 127.0.0.1.


How do I tell my cache to consult internal DNS servers? Our network has internal servers at IP addresses 10.1.2.5 and 10.1.2.6 providing information about the corp.local and 10.in-addr.arpa domains.

Answer: Put

     10.1.2.5
     10.1.2.6
into /service/dnscache/root/servers/corp.local and into /service/dnscache/root/servers/10.in-addr.arpa. Make sure that both files are readable by the DNS cache account. Restart dnscache:
     svc -t /service/dnscache

Note that this feature is very different from BIND's forwarding. BIND sends recursive queries to the target servers; dnscache sends normal iterative queries. If the corp.local servers have delegated sub.corp.local, BIND puts the burden on them to contact the sub.corp.local servers, and fails if the corp.local servers don't support recursion; in contrast, dnscache contacts the sub.corp.local servers directly.


Can I use a local cache and a separate DNS server on the same host?

Answer: Yes. dnscache is designed to work alongside a separate DNS server. If your IP address is 1.2.3.4, you can run a DNS server such as tinydns on IP address 1.2.3.4 to handle incoming DNS queries, and dnscache on IP address 127.0.0.1 to handle outgoing DNS queries.

You can configure BIND version 8 to listen to IP address 1.2.3.4, leaving 127.0.0.1 alone, by adding

     options {
       interface-interval 0;
       listen-on { 1.2.3.4; };
     };
to /etc/named.conf and restarting named. Beware that BIND is a security disaster and a reliability disaster.
How fast is dnscache? Can it handle a huge number of outgoing queries?

Answer: Here are some case studies.