This HOWTO is meant to show you how to setup your InterWorx-CP server to serve recursive DNS queries for other servers. This tutorial is recommended as the map to get recursive resovlers working in an InterWorx-CP friendly manner. If you set it up differently it will work fine but if we ever add this functionality to InterWorx-CP your implementation won’t be “seen” by InterWorx-CP.
Recursive resolvers are setup on an IP by IP basis and they CANNOT live on the same IP as a iterative DNS resolver (i.e. the kind that server DNS for your sites from the IWorx-CP box).
- 1 IP with port 53 TCP/UDP unbound
- Run the following command to create the base dir structure for the recursive resolver:
dnscache-conf dnscache dnslog /var/djbdns/dnscachex-x.x.x.x x.x.x.x
Where x.x.x.x is the IP that is bound to the system, has TCP/UDP 53 open and that you’d like to use for the resolver.
dnscache-conf dnscache dnslog /var/djbdns/dnscachex-126.96.36.199 188.8.131.52
- Symlink this new directory (/var/djbdns/dnscachex-x.x.x.x) into the /services directory so that svscan will see it and start the service… and so that it will start on subsequent boots.
cd /service ln -fs /var/djbdns/dnscachex-x.x.x.x dnscachex-x.x.x.x
cd /service ln -fs /var/djbdns/dnscachex-184.108.40.206 dnscachex-220.127.116.11
Check with “netstat -lnp” that there is now a service on TCP and UPD port 53 for the x.x.x.x IP.
- The resolver will only work for those IPs you allow. To allow an IP you have to create a few with the prefix of the IP block or IP itself that you’d like to allow to use the recursive services. You do this in the /var/djbdns/dnscachex-x.x.x.x/root/ip directory
cd /var/djbdns/dnscachex-x.x.x.x/root/ip touch 1.2.3 touch 18.104.22.168
The above will allow any IP in the 1.2.3 block and IP matching 22.214.171.124 to do recursive lookups.
If you add an IP to be used as a recursive resolver via the IP Management page you need to remove the iterative resolver that IWorx-CP puts on it automatically before doing this HOWTO. Simply go to the DNS Management page and remove the iterative services from the IP.
Make sure port 53 UDP/TCP is open on the firewall
Hope this helps