Link to Squid Guide http://www.pcformat.co.za/modules.php?n ... ight=squid
I typed this up in 30min, let me know it anything is unclear or wrong so I can expand on it. I have a Bind/Squid server running with this configs serving about 700(I guess) people. I took the configs directly from that server, both for Bind and Squid.
Beta1.0
I had some requests to do a guide on Bind after the Squid Guide. Bind is a small and fast DNS server for Linux. DNS is pretty much the core of the internet, and many times a DNS server will increase the speed you feel when you browse more than a faster internet connection. In the end we will combine it so that Squid can look up from the local DNS server.
I'm not going to write a guide on how DNS works for that google is your friend. DNS is a massive field on its own, we just want to built a quick DNS caching server.
Like for Squid I will use Ubuntu server, this time 8.04.
First begin installing Bind9.
root@dns-proxy:~# apt-get update
root@dns-proxy:~# apt-get install bind9
Next to edit the config files on Bind. In Ubuntu server its only needed to edit /etc/bind/named.conf.options . In other distro it may be needed to add it under /etc/bind/named.conf.
root@dns-proxy:~# vim /etc/bind/named.conf.options
You will get something that looks like this:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
0.0.0.0;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Now edit so that it look like this.
options {
directory "/var/cache/bind";
allow-query {0.0.0.0/0;};
forwarders {
168.210.2.2; 196.43.1.11; 196.25.1.11;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
I adited out all that info that was nod needed and added the following lines:
allow-query {0.0.0.0/0;} Means that it will allow any device to use it as a DNS server. If you do not add it, in a lot of cases it will do nothing wrong. But if you add a second IP range on your internal network(not going to happen often on a home network) it will deny all DNS querys from that range. I added it because someone may use this guide for a company network's DNS that then it may be needed most likely.
forwarders { 168.210.2.2; 196.43.1.11; 196.25.1.11; }; Is the DNS servers you want it to look to. Its most likely going to be those your ISP gave you. The are going to be used in the order they are in your list. 168.210.2.2 will be used first then 196.43.1.11 etc.
168.210.2.2 is Internet Solutions DNS server an at this stage in time the Fastest and most reliable in South Africa in my opinion. The catch is you need an IS account to use it.(We keep one just for DNS)
196.43.1.11 is Telkoms Rosebank sites DNS server and 196.25.1.11 is in Capetown. Had problems with those in the past.
Someone else to use may be www.opendns.com with server Ips of 208.67.222.222 and 208.67.220.220. I never used that in the past, but I hear good thing from them. The can be used anyplace in the world.
Exit Vim with Shift-zz and reload bind.
root@dns-proxy:~# /etc/init.d/bind9 restart
This command may differ on different Linux distros, But this one works for Ubuntu 7 and 8. On 6 it was # /etc/init/bind9 restart
Bind should be running by now. Do a ps ax | grep bind. You need to see something like this:
root@dns-proxy:~# ps ax | grep bind
15441 ? Ssl 5:55 /usr/sbin/named -u bind
17320 pts/0 S+ 0:00 grep bind
root@dns-proxy:~#
The first one is the bind process, if its not there, bind is not running.
Go to your DNS settings on your PC and set the IP of the DNS server to the IP of the Linux box. The first time you open a site it will be a little slower that usual, but after that it will be much faster.
If you have a Squid proxy on the same linux box, you can do the following to speed up the internet even more.
Edit the /etc/resolv.conf file and the /etc/network/interfaces and change the nameserver to be 127.0.0.1.(with vim like always) Now restart squid with /etc/init.d/squid restart . It will apply all the settings and let the Squid look to the local PC for its DNS, that is a lot faster. Squid also do a DNS lookup for every page you visit.
