Daniel J. Bernstein wrote a DNS server so thoroughly well that he offers $1000 to the first person to publicly report a verifiable security hole in the latest version of it.
The only problem is that setting it up is a pain. It is as though every Linux distribution has to change things just for the sake of changing them… constantly, so following the djbdns installation instructions line-by-line isn’t always an option under Linux.
Here are the steps I took to run djbdns on Debian 8 “Jessie”:
A Few Prerequisites
Official steps are in green, broken steps are in red, modified steps are in yellow.
The following commands will need to be issued as root.
You will need build essentials and wget:
apt-get update apt-get install build-essential wget
Step 1: Install daemontools
mkdir -p /package chmod 1755 /package cd /package wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz gunzip daemontools-0.76.tar tar -xpf daemontools-0.76.tar rm -f daemontools-0.76.tar cd admin/daemontools-0.76
This next command will fail, so hold off on it for now:
package/install
package/install
Step 2: Install ucspi-tcp
cd ~ wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz gunzip ucspi-tcp-0.88.tar tar -xf ucspi-tcp-0.88.tar cd ucspi-tcp-0.88
These next commands will fail, so hold off on them for now:
make make setup check
make make setup check
Step 3: Install djbdns
This will go smoothly since he has already accounted for the errno issue.
cd ~ wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz gunzip djbdns-1.05.tar tar -xf djbdns-1.05.tar cd djbdns-1.05 echo gcc -O2 -include /usr/include/errno.h > conf-cc make make setup check
Step 4: Load daemontools on Init
Create /lib/systemd/system/daemontools.service with the following contents:
[Unit] Description=DJB daemontools After=sysinit.target [Service] ExecStart=/command/svscanboot Restart=always [Install] WantedBy=multi-user.target
Save, change permissions, create symbolic link, then start:
chmod 644 /lib/systemd/system/daemontools.service ln -s /lib/systemd/system/daemontools.service /etc/systemd/system/multi-user.target.wants/daemontools.service service daemontools start
Step 5: djbdns Server Configuration
Create users:
useradd --no-create-home --shell /bin/false Gtinydns useradd --no-create-home --shell /bin/false Gdnslog
Create initial base configuration:
tinydns-conf Gtinydns Gdnslog /etc/tinydns [HOST IP] ln -s /etc/tinydns /service/tinydns
Check to ensure that the service has been loaded:
sleep 5 svstat /service/tinydns
It should respond with something along the lines of:
/service/tinydns: up (pid 2979) 7 seconds
Management
STOP: svc -d /service/tinydns
START: svc -u /service/tinydns
DNS DATA FILE: /etc/tinydns/root/data
RUN `make` IN SAME DIRECTORY TO UPDATE,
NO RESTART/RELOAD REQUIRED
The data file is in tinydns-data format which can be referred to here: http://cr.yp.to/djbdns/tinydns-data.html.