Now that djbdns is public domain it can be included in Debian-based distributions. Gerrit Pape has done the hard work of packaging everything up and submitting to the ftpmasters at Debian, and it looks to have been accepted into sid.

I, however, run Ubuntu, which hasn’t imported this package yet. Ideally, I’d also like to avoid running daemontools, as upstart does a similar job and already comes with Ubuntu.

Install the prerequisites

sudo apt-get install build-essential

Grab the source files

mkdir djbtmp
cd djbtmp
wget http://ftp.de.debian.org/debian/pool/main/d/djbdns/djbdns_1.05-3.dsc
wget http://ftp.de.debian.org/debian/pool/main/d/djbdns/djbdns_1.05.orig.tar.gz
wget http://ftp.de.debian.org/debian/pool/main/d/djbdns/djbdns_1.05-3.diff.gz

Unpack the source and build

dpkg-source -x djbdns_1.05-3.dsc
cd djbdns-1.05
sudo dpkg-buildpackage
cd ..
sudo dpkg -i dbndns_1.05-3_i386.deb # djbdns with Debian improvements

Great! Now we have the binaries installed, you can do a dpkg -L to check everything is there.

We’ll need to create a user for dnscache to run as, and a directory to run from. Replace 192.168.1.1 with your own IP below.

Create user and directory

sudo useradd dnscache
sudo dnscache-conf dnscache dnscache /var/lib/dnscache 192.168.1.1
id dnscache

This has created a directory suitable for running from daemontools, which is not what we’re doing. Off to upstart! Create the following file in /etc/event.d/dnscache. You’ll need to gid and uid that id dnscache returned earlier to fill in below (in place of 1, which is daemon). Once again, replace 192.168.1.1 with your own IP address.

start on stopped rc2
start on stopped rc3
start on stopped rc4
start on stopped rc5

stop on runlevel 1
stop on runlevel 6

respawn
script
	UID=1
	GID=1
	CACHESIZE=1000000
	DATALIMIT=3000000
	IP=192.168.1.1
	IPSEND=0.0.0.0
	ROOT=/var/lib/dnscache/root
	export UID GID CACHESIZE DATALIMIT IP IPSEND ROOT
	cd /var/lib/dnscache
	exec <seed
	dnscache 2>&1 | logger -t dnscache
end script

At this point, you may be best carrying on using DJB’s own instructions. If you’re setting up for a small internal network, you will probably want to do the following to allow local clients to do recursive lookups:

sudo touch /var/lib/dnscache/root/ip/192.168.1

I’m eager to hear people’s success and failure stories; this post is motivated by my pain in upgrading BIND instances to protect them from the latest round of DNS exploits.

When looking at the vendor status I saw that, despite not having had an update in years, djbdns was not affected - I’d like to see more djb-ware in use, and perhaps integrating with the environment (in this case Debian / Ubuntu) will help that.

Update: Yes, I forgot to say, you must do sudo start dnscache before the service will start.