Surfing Economically: Adding a Local DNS Server to Ubuntu Gnu/Linux & Hooking up a Caching Proxy

This is a cleaned up Ubuntu 11.04 specific HowTo version of a Debian 6.0 (Squeeze) article I previously wrote.

Getting this working on Ubuntu was so simple that I messed it up and almost pulled my hair out before realizing how simple it really was. The key is to not mess about with the proxy or network managers, as you have to on OS X.

Install pertinent software

# apt-get install pdnsd dnsutils resolvconf polipo

If you’re installing using the Software Center, make sure to install Polipo first.

You must specify resolvconf when prompted to during the installation of pdnsd.

Make sure pdnsd starts as a daemon

# nano /etc/default/pdnsd

Line 2 should read:

START_DAEMON=yes

Test your local DNS server

$ dig  @localhost example.com mx | grep time

Perform the command again. The download time should be considerably shorter.

$ dig  @localhost example.com mx | grep time

Configure browser with their own port direction (Firefox & SeaMonkey)

Set up browsers (Firefox/Iceweasel, SeaMonkey/Iceape) to connect to localhost (or 127.0.0.1) on proxy port 8123 (Polipo), all protocols. Make sure to list 127.0.0.1 and localhost under “No Proxy for” under Preferences/Advanced/Proxies in the browser settings.

You can also just configure these browsers to use the system settings (the “Use system proxy settings” button).

Double checking things are running

There are two things you can check to make sure things are working properly.

Make sure Ubuntu points to your local install of pdnsd (127.0.0.1).

$ cat /etc/resolv.conf

In a browser, the following Polipo specific URL,

http://localhost:8123/polipo/config?

should have 127.0.0.1 listed under dnsNameServer.

Confirm pdnsd is working (again)

Perform the following command twice. The second time around should illustrate a shorter dig time.

$ dig google.ca

$ dig google.ca

Make sure you get a “status: NOERROR”, rather than a “status: SERVFAIL”, which suggests a misconfiguration (unless the target web-site server is down). In the misconfiguration case –if you’re still getting connectivity– the requests are getting passed onto an external DNS server.

$ dig google.ca | grep status

Ordinarily, if a “status: SERVFAIL” message appears, suspect the /etc/pdnsd.conf file. In this case, load and unload the service between editing, using the following commands.

As root,

# service pdnsd restart

or as sudo,

$ sudo service pdnsd restart

In case Polipo doesn’t show 127.0.0.1 under dnsNameServer, edit /etc/dhcp/dhclient.conf to reflect (take the hash out/uncomment it):

prepend domain-name-servers 127.0.0.14, 208.67.220.220, 208.67.222.222;

The last two IPs are OpenDNS, just in case the local DNS fails.

On boot-up from now on, /etc/reolv.conf, pdnsd, and Polipo should all be on the same “page” and “just work”.

Security concerns

Arch wiki details a security concern that revolves around pdnsd being run as nobody. This could lead to a malicious corruption of your local DNS registry. The fix is to add pdnsd as its own user.

Debian seems to have taken care of it. Running

$ cat /etc/pdnsd.conf

reveals that pdnsd is being run as user pdnsd, as in …

run_as=”pdnsd”;

Enjoy your surfing!

Maurice Cepeda

All rights reserved on the article, defined as the text and any original material and medium –including photographs when specifically mentioned in at least one of the following corresponding elements: caption, alternate text, or title. Quoted texts, and other material not copyrighted by Maurice Cepeda, are used under the concept of fair use and are the properties of their respective owners –including photographs, audio recordings, videos, or any other products in any form or fashion– as are all brands mentioned. If copyrighted videos and/or audio recordings should make themselves into articles, note that they are not hosted herein; if you are the copyright holder of any such material (and have a problem with fair use), approach the appropriate hosting site. Note that any audio or visual material incorporated under fair use, either hosted locally (if that should come to be) or otherwise, will most likely be of lesser quality, thus, “fair use”. By reading this article, the reader forgoes any accountability of the writer. The reading of this article implies acceptance of the above stipulations.

Advertisement