DJBDNS
From Ye Ole Stash
Contents |
Tools/Addons
Core Files
- /service/dnscache/run
#!/bin/sh ulimit -n 45000 #NOT DEFAULT exec 2>&1 exec <seed #NOTE the removal of -o 200 this allows for a larger number of connections. exec envdir ./env sh -c ' exec envuidgid Gdnscache softlimit -d "$DATALIMIT" /usr/local/bin/dnscache '
- /service/dnscache/log/run
#!/bin/sh #The s variable is set higher to allow for MRTG to work properly exec setuidgid Gdnslog multilog t s16777215 ./main
- /etc/dnscache/
- env
- CACHESIZE -see http://cr.yp.to/djbdns/cachesize.html and http://thedjbway.rayservers.com/djbdns/cachesize.html
- IPSEND - dnscache sends outgoing packets from high ports of $IPSEND. This can be set to 0.0.0.0 or to a set IP (this is what we do in our environment).
- ROOT - The path to the ROOT folder for DNS cache. Recommend leaving this default.
- DATALIMIT -see http://cr.yp.to/djbdns/cachesize.html and http://thedjbway.rayservers.com/djbdns/cachesize.html. I have this set high on servers with the RAM to spare.
- FORWARDONLY - This sets the cache to be a forwarder to remote caches. To turn this off just echo "0" > /etc/dnscache/env/FORWARDONLY. If $FORWARDONLY is set, dnscache treats servers/@ as a list of IP addresses for other caches, not root servers.
- root
- IP - all files in here are 'touched' and represent IPs allowed to connect /24s are done like 216.37.64
- servers - This stores IPs to use for lookup. The default is root servers (@) only but anything can be put here with the format $domainname and the content of the file being IPs of DNS servers to use to look up that name.
- uribl.com - This directs requests to 64.24 or the URIBL cache server
- in-addr.arpa (optional) used to pass reverse off to remote DNS servers when FORWARDONLY=1
- @
- IPs of local caches go here if FORWARDONLY=1
- root severs go here (Default) to get a current list of root servers do this command
- dnsip `dnsqr ns . | awk '/answer:/ { print $5 ; }' | sort`
Logging
- tail -f /etc/dnscache/log/main/current | grep stats
- stats 2438673 56300269 187 0
- stats query-count cache-motion udp-active tcp-active http://dqd.com/~mayoff/notes/djbdns/dnscache-log.html#stats
- tail -f /etc/dnscache/log/main/current | grep stats
Loadbalancer Setup
- We run a forward cache on $FRONTEND. This is to keep load down, response times high, and RBLs happy as requests will come from several IPs vs the one like we have currently setup.
- Server Setup (Role - Server Name - IP)
- Front End - filter03 - 216.37.64.23
- cache - $BACKEND1 - $IP1
- cache - $BACKEND2 - $IP2
- cache - $BACKEND3 - $IP3
- Changes to code :
- UDPMAX changed to max total 1000 ($FRONTEND) with each node having a max of 1000.
- Code is UDPMAX in dnscache.c
- To see current UDP connections :
- tail -f /service/dnscache/log/main/current | grep stats | awk '{print $5}'
- To see history of Connections (total based on protocol)
- sar -n SOCK
MRTG Integration
- Client
- In the file /etc/snmp/snmpd.conf the following line is added
- exec .1.3.6.1.4.1.2021.61 dnscachestats1 /usr/local/bin/qmailmrtg7 Q /service/dnscache/log/main
- This is part of the Inter7 QmailMRTG package which is installed on all DJBDNSCache systems
- Server
- In /etc/mrtg/mrtg-config/core-servers/$SERVER/custom/custom.inc
- Add
Target[dnscache]: 1.3.6.1.4.1.2021.61.101.1&1.3.6.1.4.1.2021.61.101.2:$COMMUNITY@$SERVER Title[dnscache]: Dnscache Queries - Filter03 PageTop[dnscache]: <B>FQDN - $SERVER-Dnscache Queries</B><BR> ShortLegend[dnscache]: MaxBytes[dnscache]: 100000000 AbsMax[dnscache]: 1000000000 Options[dnscache]: gauge YLegend[dnscache]: Queries/hour Legend1[dnscache]: Queries LegendI[dnscache]: Cached LegendO[dnscache]: Queries WithPeak[dnscache]: ymwd
Useful links
- http://code.dogmap.org/djbdns/
- Stats setup for Cacti and others http://jeremy.kister.net/code/djbdns-stats/
- Logging
