Surfing Economically: Adding a Local DNS Server to Debian Gnu/Linux & Hooking up a Caching Proxy

UPDATE: Sept. 11th, 2011

There’s a cleaned up version of this article here, and a Ubuntu 11.04 one here.

UPDATE: Sept. 6th,  2011.

I’ve realized that the localhost setting (127.0.0.1) doesn’t stick in /etc/resolv.conf. The only way I could make it permanent (using a stripped down Debian install I use on this machine) is to edit /etc/dhcp/dhclient.conf to reflect (take the hash out/uncomment it):

prepend domain-name-servers 127.0.0.14, 208.67.220.220, 208.67.222.222;

The last two IPs are OpenDNS, just in case the local DNS fails. My /etc/dhcp3/dhclient.conf also reflects the same information, so don’t confuse the two files

This works so well that upon boot-up, /etc/reolv.conf, pdnsd, and Polipo are all on the same page and “just work”. Thus, there no longer is a need for the service restart script below, if you want to always run off of pdnsd. By the way, the last two IPs are OpenDNS, just in case the local DNS fails.

This is the Debian 6.0 (Squeeze) article that I promised in my OS X posting on how to install, configure and run a local DNS server with a persistent registry, accompanied by a caching proxy –thus improving Internet responsiveness. I won’t go into a long explanation about why it’s good to do this as my previous article details those points.

Install pertinent software

# aptitude install pdnsd dnsutils resolvconf polipo

If you’re using Ubuntu 11.o4 Natty Narwhal (first release with Unity), and are installing using the Software Center, make sure to install Polipo first.

You must specify resolvconf when prompted to during the installation of pdnsd.

Make sure pdnsd starts as a daemon

# nano /etc/default/pdnsd

Line 2 should read:

START_DAEMON=yes

Security concerns

Arch wiki details a security concern that revolves around pdnsd being run as nobody. This could lead to a malicious corruption of your local DNS registry. The fix is to add pdnsd as its own user. See the linked page for more information.

Debian seems to have taken care of it. Running

cat /etc/pdnsd.conf

reveals that pdnsd is being run as user pdnsd, as in …

run_as=”pdnsd”;

Test your local DNS server

$ dig  @localhost example.com mx | grep time

Perform the command again. The download time should be considerably shorter.

$ dig  @localhost example.com mx | grep time

Configure browser with their own port direction (Firefox & SeaMonkey)

Set up browsers (Firefox/Iceweasel, SeaMonkey/Iceape) to connect to localhost (or 127.0.0.1) on proxy port 8123 (Polipo), all protocols. Make sure to list 127.0.0.1 and localhost under “No Proxy for” under Preferences/Advanced/Proxies in the browser settings.

You can also just configure these browsers to use the system settings (the “Use system proxy settings” button).

Configure your system

Note to Ubuntu users: There’s no need to use the Proxy manager on Ubuntu 11.04 to tune the following specs, if you installed pdnsd, dnsutils, resolvconf, and Polipo. It won’t work if you mess with it –probably due to resolvconf autoconfiguring settings. In fact it’ll make downloaders fail with a “403 Forbidden port” error message.

Use the GConf Editor to redirect traffic through Polipo.

  • Under system/http_proxy/port specify the 8123 port.
  • Nearby and under use_http_proxy, make sure there’s a check.
  • The host setting should state 127.0.0.1
  • ignore_hosts should have all the domains that give you problems when going through a proxy, ie., facebook.com, wordpress, youtube.com, https://mail.google.com, https://docs.google.com, https://www.google.com/accounts/ServiceLoginAuth, mail.google.com.
  • I like to put 127.0.0.1 and localhost into the ignore_hosts too. After all, you need an open pathway to the net, after the traffic is directed to Polipo and pdnsd.

Debian autoconfigures itself (thanks for resolvconf) in that pdnsd and the rest of the network settings know to talk to each other. The software just needs to be installed and running. You still need to configure your system and/or your browser/s (see below).

Configure your network manager to use your local DNS server.

Note to Ubuntu users: There’s no need to configure the Network manager (on Ubuntu 11.04) to the following specs, if you installed pdnsd, dnsutils, resolvconf, and Polipo. It’ll fail if you change things –probably due to resolvconf autoconfiguring.

If you like, you can also detail other DNS servers as fallback.

I use the Wicd network manager (on Debian).

  • (Gerenal) Preferences: Check Use Global DNS servers
  • DNS doamin: opendns.com
  • DNS server 1: 127.0.0.1
  • DNS server 2: 208.67.220.220
  • DNS server 3: 208.67.222.222

208.67.220.220 208.67.222.222 are OpenDNS servers. They’re reliable and fast, but remote.

Still in Wicd, selecting “Always show a wired interface”, and “Always switch to a wired connection when available”, might be good ideas as “Automatically reconnect on network connection loss” is, too.

  • Press Accept.
  • In the main window, under the main interface,
  • press “Properties”.
  • Check “Use static DNS” and “Use Global DNS servers”.

Make sure you accept, and always do so when you enter that dialog (or any pertaining to Wicd).

In the above, you’ve identified your local DNS as global. It works for me, but that’s not what those preferences were for. Alternatively, you can put your settings in the individual nick preference. Just make sure to not activate “Use Global DNS”.

Everyday connectivity

My connection automatically connects me to the Internet just fine, only without my local DNS server. On Squeeze, automatic startup of pdnsd is broken (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617644), so you’ll do it by hand. I run a script to enable it post-boot-up.

In that script, I also like to restart Polipo, so that Polipo takes notice of the change. You can name it startpdnsdpolipo.sh and it should contain the following.

$ sudo service pdnsd restart

$ sudo service polipo restart

Start pdnsd

$ sh startpdnsdpolipo.sh

It’ll ask for a password. If your account is associated with sudo, give it the corresponding password.

Putting it all together/Running the setup

When I want to use my own local DNS server, at times when the service lags (such as when inconsiderate children and teenagers come home and start to download massive amounts of material), I find I have to …

  • first cycle my connection with Wicd (disconnect/connect, if your connection connects on boot-up), followed by
  • running the script in terminal (see above).

Double checking things are running

There are two things you can check to make sure things are working properly.

Make sure Debian points to your local install of pdnsd (127.0.0.1).

$ cat /etc/resolv.conf

In a browser, the following Polipo specific URL,

http://localhost:8123/polipo/config?

should have 127.0.0.1 listed under dnsNameServer.

Confirm pdnsd is working (again)

Perform the following command twice. The second time around should illustrate a shorter dig time.

$ dig google.ca

$ dig google.ca

Make sure you get a “status: NOERROR”, rather than a “status: SERVFAIL”, which suggests a misconfiguration (unless the target web-site server is down). In the misconfiguration case –if you’re still getting connectivity– the requests are getting passed onto an external DNS server.

Ordinarily, if a “status: SERVFAIL” message appears, suspect the /etc/pdnsd.conf file. In this case, load and unload the service between editing, using the following commands.

As root,

# service pdnsd restart

or as sudo,

$ sudo service pdnsd restart

The manual script (to kick start pdnsd) will not be necessary in the future, as its start script is fixed (Debian) testing onwards.

The only problem I found was with the ISP entel in Chile. Entel kicks you off as soon as you use your own DNS server. There’s something fishy about that, in my mind. Sneaky, for sure.

Enjoy your surfing!

Maurice Cepeda

All rights reserved on the article, defined as the text and any original material and medium –including photographs when specifically mentioned in at least one of the following corresponding elements: caption, alternate text, or title. Quoted texts, and other material not copyrighted by Maurice Cepeda, are used under the concept of fair use and are the properties of their respective owners –including photographs, audio recordings, videos, or any other products in any form or fashion– as are all brands mentioned. If copyrighted videos and/or audio recordings should make themselves into articles, note that they are not hosted herein; if you are the copyright holder of any such material (and have a problem with fair use), approach the appropriate hosting site. Note that any audio or visual material incorporated under fair use, either hosted locally (if that should come to be) or otherwise, will most likely be of lesser quality, thus, “fair use”. By reading this article, the reader forgoes any accountability of the writer. The reading of this article implies acceptance of the above stipulations.

Advertisements

4 thoughts on “Surfing Economically: Adding a Local DNS Server to Debian Gnu/Linux & Hooking up a Caching Proxy

  1. Pingback: Surfing Economically: Adding a Local DNS Server to OS X Tiger & Hooking up a Caching Proxy « Le Blog de Maurice

  2. Pingback: Surfing Economically: Adding a Local DNS Server to Debian Gnu … | DNS Internet

  3. Pingback: Surfing Economically: Adding a Local DNS Server to Debian Gnu/Linux & Hooking up a Caching Proxy II « Le Blog de Maurice

  4. Pingback: Surfing Economically: Adding a Local DNS Server to Ubuntu Gnu/Linux & Hooking up a Caching Proxy « Le Blog de Maurice

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s