djbdns dnscache

General Information

This guide will walk you through setting up a DJB dnscache resolver.


You will need the following items to be able to complete this guide:

  1. Root access to a FreeBSD machine
  2. FreeBSD install with ports up-to-date
  3. Installed and running daemontools (svscan)


Here is where your up-to-date ports tree comes in handy, this we are just going to compile the djbdns package. From the options that show up, pick those that you wish to apply, the standards should suffice, unless you wish to host ipv6 IP addresses using tinydns, in which case you might want to select that.

# cd /usr/ports/dns/djbdns
# make install

<>If you want to change what you compiled djbdns with next time, but it says that you have a saved config, type “mpake rmconfig” to remove the saved options and the next time you compile again you will once again be asked for the options.

Adding required users/groups

We are adding the following groups/users to be used when configuring dnscache. If you do not add these users, you can’t use dnscache!

# pw groupadd nofiles -g 800
# pw useradd dnslog -u 810 -g 800 -c "Logging for dns" -d /usr/local/djbdns/ -s /sbin/nologin
# pw useradd dnscache -u 811 -g 800 -c "dnscache" -d /usr/local/djbdns/ -s /sbin/nologin

Look at “pw userdel help” for info on removing these users if you decide to undo this entire install.

Setting up dnscache

You can install dnscache anywhere. My personal place to put all of my tinydns/dnscache instances is in /usr/local/djbdns, so if you want yours elsewhere, please modify the following commands.

# mkdir /usr/local/djbdns
# dnscache-conf dnscache dnslog /usr/local/djbdns/dnscache

This tells dnscache it should create the directory with everything in it at /usr/local/djbdns/dnscache, use dnscache as the user to run under when started with svnscan, and to use dnslog as the user to write the log files to the HD with. The IP address on the end is the IP it has to bind to when it starts up. If you want to let other clients connect to your dnscache server to resolve their stuff, then you need to bind it to an outward facing IP.

Starting dnscache

Tell svnscan about dnscache. Then wait 5 seconds, and dnscache should be running.

# ln -s /usr/local/djbdns/dnscache /var/service

Well, since it is now hopefully running, we should test if it works.

# dig @

If you get an answer, pat yourself on the back as dnscache is properly running, unless of course BIND answered that. But unless you enabled BIND, it should not be running. To set your dnscache as your nameserver for the entire OS, add an entry to /etc/resolv.conf


Now do the test with dig again, this time leave out the @ symbol and look for ;; SERVER:

# dig

That’s it!

Speak Your Mind