Surfing Economically: Adding a Local DNS Server to Debian Gnu/Linux & Hooking up a Caching Proxy II

This is a cleaned up Debian 6.0 (Squeeze) only version of my previous article on economical surfing, as with updates and Ubuntu 11.04 pertinent information, it started to look confusing. There is now a separate Ubuntu 11.04 article, too, since the setup is different (even simpler) from that of Debian.

Install pertinent software

# aptitude install pdnsd dnsutils resolvconf polipo

You must specify resolvconf when prompted to during the installation of pdnsd.

Make sure pdnsd starts as a daemon

# nano /etc/default/pdnsd

Line 2 should read:

START_DAEMON=yes

Security concerns

Arch wiki details a security concern that revolves around pdnsd being run as nobody. This could lead to a malicious corruption of your local DNS registry. The fix is to add pdnsd as its own user. See the linked page for more information.

Debian seems to have taken care of it. Running

$ cat /etc/pdnsd.conf

reveals that pdnsd is being run as user pdnsd, as in …

run_as=”pdnsd”;

Test your local DNS server

$ dig  @localhost example.com mx | grep time

Perform the command again. The download time should be considerably shorter.

$ dig  @localhost example.com mx | grep time

Edit /etc/dhcp/dhclient.conf to reflect (take the hash out/uncomment it):

prepend domain-name-servers 127.0.0.14, 208.67.220.220, 208.67.222.222;

The last two IPs are OpenDNS, just in case the local DNS fails. My /etc/dhcp3/dhclient.conf also reflects the same information, so don’t confuse the two files.

Configure browser with their own port direction (Firefox & SeaMonkey)

Set up browsers (Firefox/Iceweasel, SeaMonkey/Iceape) to connect to localhost (or 127.0.0.1) on proxy port 8123 (Polipo), all protocols. Make sure to list 127.0.0.1 and localhost under “No Proxy for” under Preferences/Advanced/Proxies in the browser settings.

You can also just configure these browsers to use the system settings (the “Use system proxy settings” button).

Configure your system

Use the GConf Editor to redirect traffic through Polipo.

  • Under system/http_proxy/port specify the 8123 port.
  • Nearby and under use_http_proxy, make sure there’s a check.
  • The host setting should state 127.0.0.1
  • ignore_hosts should have all the domains that give you problems when going through a proxy, ie., facebook.com, wordpress, youtube.com, https://mail.google.com, https://docs.google.com, https://www.google.com/accounts/ServiceLoginAuth, mail.google.com.
  • I like to put 127.0.0.1 and localhost into the ignore_hosts too. After all, you need an open pathway to the net, after the traffic is directed to Polipo and pdnsd.

Debian autoconfigures itself (thanks for resolvconf) in that pdnsd and the rest of the network settings know to talk to each other. The software just needs to be installed and running. You still need to configure your system and/or your browser/s (see below).

Configure your network manager to use your local DNS server.

If you like, you can also detail other DNS servers as fallback.

I use the Wicd network manager (on Debian).

  • (Gerenal) Preferences: Check Use Global DNS servers
  • DNS doamin: opendns.com
  • DNS server 1: 127.0.0.1
  • DNS server 2: 208.67.220.220
  • DNS server 3: 208.67.222.222

208.67.220.220 208.67.222.222 are OpenDNS servers. They’re reliable and fast, but remote.

Still in Wicd, selecting “Always show a wired interface”, and “Always switch to a wired connection when available”, might be good ideas as “Automatically reconnect on network connection loss” is, too.

  • Press Accept.
  • In the main window, under the main interface,
  • press “Properties”.
  • Check “Use static DNS” and “Use Global DNS servers”.

Make sure you accept, and always do so when you enter that dialog (or any pertaining to Wicd).

In the above, you’ve identified your local DNS as global. It works for me, but there’s another way.

You could also put your settings in the individual nic preference. Just make sure to not activate “Use Global DNS”. If you use more than one nic and want to use the same DNS for all of them, you could use the global preferences as just that, global preferences for all the nics, otherwise configure each card to have its own.

Double checking things are running

There are two things you can check to make sure things are working properly.

Make sure Debian points to your local install of pdnsd (127.0.0.1).

$ cat /etc/resolv.conf

In a browser, the following Polipo specific URL,

http://localhost:8123/polipo/config?

should have 127.0.0.1 listed under dnsNameServer.

Confirm pdnsd is working (again)

Perform the following command twice. The second time around should illustrate a shorter dig time.

$ dig google.ca

$ dig google.ca

Make sure you get a “status: NOERROR”, rather than a “status: SERVFAIL”, which suggests a misconfiguration (unless the target web-site server is down). In the misconfiguration case –if you’re still getting connectivity– the requests are getting passed onto an external DNS server.

Ordinarily, if a “status: SERVFAIL” message appears, suspect the /etc/pdnsd.conf file. In this case, load and unload the service between editing, using the following commands.

As root,

# service pdnsd restart

or as sudo,

$ sudo service pdnsd restart

On boot-up, /etc/reolv.conf, pdnsd, and Polipo are all on the same page and “just work”.

Enjoy your surfing!

Maurice Cepeda

All rights reserved on the article, defined as the text and any original material and medium –including photographs when specifically mentioned in at least one of the following corresponding elements: caption, alternate text, or title. Quoted texts, and other material not copyrighted by Maurice Cepeda, are used under the concept of fair use and are the properties of their respective owners –including photographs, audio recordings, videos, or any other products in any form or fashion– as are all brands mentioned. If copyrighted videos and/or audio recordings should make themselves into articles, note that they are not hosted herein; if you are the copyright holder of any such material (and have a problem with fair use), approach the appropriate hosting site. Note that any audio or visual material incorporated under fair use, either hosted locally (if that should come to be) or otherwise, will most likely be of lesser quality, thus, “fair use”. By reading this article, the reader forgoes any accountability of the writer. The reading of this article implies acceptance of the above stipulations.

Advertisements

2 thoughts on “Surfing Economically: Adding a Local DNS Server to Debian Gnu/Linux & Hooking up a Caching Proxy II

  1. Pingback: Surfing Economically: Adding a Local DNS Server to Debian Gnu/Linux & Hooking up a Caching Proxy « Le Blog de Maurice

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s