The DNSCache package is not a straightforward all-in-one nameserver package. Each function of the name server is its own process, and lives in its own directory with its own configuration; there is a separate program for zone transfers (axfrdns), caching servers (dnscache), and a name server (tinydns). Some othr tools included with the DNSCache package are dnswall (handy when you run split dns. This supplies generic hostnames for reverse/in-addr.arpa queries), pickdns (a load balancing dns server), and rbldns.

The DNSCache program relies on two other packages; daemontools which is a collection of tools for managing processes, ucspi-tcp which are command line tools (tcpserver/tcpclient) used to build TCP client-server apps If you are going to use DNSCache, I suggest you also look at (not necessary but useful) cdb Dan's fast platform independent database format which many of his tools use for storing data.

For my scenario, I wanted to publish a set of zones, provide zone transfers for my secondary name servers, and act as a caching server for my local network. Howerver, I wanted to do this all on one box, like I could with BIND. This is definitely possible, however, the design of DNSCache does not allow for all of this to happen on the same IP address. For example; dnscache (the caching server) allows both tcp and udp lookups, thus it listens to both tcp:53 and udp:53 ports. Thus you cannot run both dnscache and either axfrdns (the zone transfer process) or tinydns (the name server) on the same IP address. In order to do this, I had to set up an aliased IP address on my ethernet interface. Once I had all the software ready to be configured, I took the following steps to get DNSCache working on my machine:

• Downloaded, compiled and installed each of the packages (dnscache, daemontools, ucspi-tcp). After unpacking, just type:
  make ; make setup check
  inside each package directory.
• Next, I set up an aliased IP address on my ethernet interface (x.x.x.y).
• As the documentation suggests, I created the tinydns, dnscache, axfrdns, and dnslog users and groups.
• Next, install the dns services:
  

  tinydns-conf tinydns dnslog /var/dnscache/tinydns x.x.x.x
  axfrdns-conf axfrdns dnslog /var/dnscache/axfrdns /var/dnscache/tinydns x.x.x.x
  dnscache-conf dnscache dnslog /var/dnscache/dnscache x.x.x.y
  

  Note: x.x.x.x is the ip address you would normally register with the domain registrar, and its the same address you supply to your secondary DNS servers. x.x.x.y is the ip address of your caching server, and all your clients will point to this server (x.x.x.y). The clients should not be configured to resolve from x.x.x.x (the tinydns server IP address) since tinydns is not a caching server, and will only resolve records configured in its database.
• After installing the service directories, make the following changes to the configuration:
  • For tinydns, change to /var/dnscache/tinydns/root and modify the data file. Make sure you add PTR (reverse) record entries for x.x.x.x and x.x.x.y, as well as any zones or A (forward) record entries. When done modifying, run make
  • For dnscache, change to /var/dnscache/dnscache/root/servers and create a file for each domain your tinydns server is responsible for (having one file and using symlinks to that file works as well). This is also necessary if your organization uses a private internal domain structure not registered with a domain registrar or not registered with your internal root servers (such as if you use split dns).

    You'll also want to change to /var/dnscache/dnscache/root/ip and touch the ip address of the clients you wish to grant access to name resolution. If you want to open dnscache to the world, just touch the numbers 1 through 255.

  • For axfrdns, you'll want to change to /var/dnscache/axfrdns and modify the tcp file, then run make. This file contains a list of servers you will allow as well as what domains you will allow the servers to transfer. For example:
    z.z.z.z:allow,AXFR="domain1/domain2/reverse.in-addr.arpa" will let server z.z.z.z transfer the specified zones.
• After you've properly configured each of the services, you need to set up daemontools to supervice and start these processes. To do so:

  mkdir /service
  ln -s /var/dnscache/tinydns /service
  ln -s /var/dnscache/dnscache /service
  ln -s /var/dnscache/axfrdns /service
  cd /service
  csh -cf "svscan /service &"
  

  You'll most likely want to add that last command to your system startup sequence.

• Modify your local name resolution to look at your dnscache ip address (the IP alias, x.x.x.y), and try to resolve some addresses. If this doesnt work, you can check the status of these programs by looking at /var/*/log/main/current.
• At this point, your name servers should be fully operational. Test this out the functionality:

  dig @x.x.x.y yahoo.com soa
  dig @x.x.x.x mydomain soa
  *dig @x.x.x.x mydomain axfr
  

  *Note: you'll need to add 127.0.0.1 to your tcp file in axfrdns' configuration for this to work.

Now your DNS servers should be fully operational. Thanks to the following people for advice, support, and in some cases, a great deal of patience.

• Kimmo Suominen
• Jeremey Rauch