RU DNS¶

Info on dnsmasq for Ubuntu 12.04 http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/

1. If you are on Ubuntu 12.04, you will need to disable the local DNS caching in dnsmasq. I'm not sure how to get it properly to redirect queries, unfortunately.
   

   sudo gedit /etc/NetworkManager/NetworkManager.conf

2. Put a "#" in front of the line that says dns=dnsmasq
3. Restart network manager
   

   sudo invoke-rc.d networkmanager restart

DJBDNS¶

There is a new standard in secure DNS servers under the package djbdns

http://cr.yp.to/djbdns.html

We have ActiveDirectory DNS servers at RU, which means that all 10.*.*.* addresses must be reverse resolved through them. Also, the internal DNS names (mostly hir.is, but some ru.is including mail.ru.is) must be queried there. To complicate things, there is an external presence for hir.is, which gives different responses. Remember that MS DNS assumes that all computers are only stub resolvers that always ask the AD DNS for all queries.

Install on Ubuntu 12.04¶

Based upon directions:

• DJBDNS External Cache Config: http://cr.yp.to/djbdns/run-cache-x-home.html
• DJBDNS FAQ "How does split horizon DNS work with tinydns?" http://www.fefe.de/djbdns/#cidr

Of note, Ubuntu installs everything in /etc/dnscache. Also, this configuration will break when you are not on the RU network.

1. Disable the dnsmasq as mentioned at the beginning of the page
2. Install the packages
   

   apt-get install djbdns daemontools dnscache-run

3. Now add the special cases for the RU/HIR hosts and the reverse resolve. These files will tell djbdns to ask only the RU servers for 10.*.*.*, *.ru.is, and *.hir.is If the RU DNS servers change, substitute the IP addresses. These must be the internal DNS servers
   

   sudo su
   cd /etc/dnscache/root/servers
   echo "10.11.1.2" > hir.is
   echo "10.12.1.3" >> hir.is
   ln -s hir.is ru.is
   ln -s hir.is 10.in-addr.arpa
   exit
   

4. Restart using daemontools
   

   sudo svc -t /etc/dnscache

DNS when outside of the RU network¶

When you go outside of the RU network, you just need to delete the ru.is file so that it gets the external addresses

sudo rm /etc/dnscache/root/servers/ru.is

. Yes, this is ugly.

Alternatively, you can set to never cache and run off /etc/resolve.conf as per http://cr.yp.to/djbdns/run-cache-none.html

Another option is this perl script that dumps changes from /etc/resolve.conf into the appropriate place: http://www.thismetalsky.org/projects/dhcp_dns