Build DNS Cache

Roll your own DNS cache - Bypass your ISPs and Googles.

Using Root Servers

If you are having issues with DNS resolving and you don’t want to use googles. Try this.
I used Ubuntu Server 16.04 for this.

I’m not going though the whole Ubuntu install, but I just enable SSH and went from there.
Also my is IPv4 Only as we don’t have a need for IPv6 and also that was causing issues with DNS timeouts.

Lets Begin
SSH in to your server

I called my dns1

Do the updates first by “sudo apt-get update && sudo apt-get upgrade -y”

sudo apt-get update && sudo apt-get upgrade -y

Make sure you set a static IP address
done by “sudo nano /etc/network/interfaces”

sudo nano /etc/network/interfaces

change this line from “iface eth0 inet dhcp” to iface eth0 inet static
then add the following lines

iface eth0 inet static
address <ip you want the Machine to be >
netmask <Network Subnet Mask>
Gateway <Network Gateway>

I have had to implement a DNS-nameserver otherwise, I can’t install and update packages

Now we will want disable IPv6 this is done by
editing “sudo nano /etc/sysctl.conf” and add the following lines to the bottom of the file

sudo nano /etc/sysctl.conf

#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Lets Install the DNS server, it BIND

sudo apt-get install bind9 bind9utils bind9-doc

Now lets configure BIND

so by default BIND accepts requests form all IP address, we want to tighten it up
I have add my OPENVPN clients and the local subnets

so we will need to edit named.conf.options found in /etc/bind/

sudo nano /etc/bind/named.conf.options

We will need to add the following section at the top.- Modify for your networks

//acl for good clients

acl goodclients{; //local subnet; //LAN; //Wi-Fi Clients; // OPENVPN Clients

Now in the options section add

 recursion yes;
    allow-query { goodclients; };

comment out   // listen-on-v6 { any; };

Lets check the config is correct by running

sudo named-checkconf

If all is good it shouldn’t return anything

Change the dns-name server on the local machine to point to localhost (
sudo nano /etc/network/interfaces

Reboot and this should disable IPv6 and change it to the IP address you set.
Connect back to it on the IP address you set at the start, it should be resolving now.
you can do a “dig [domainname]” this will be slow for the first time.


took 23ms

i dig it again

0ms, so it is now cached

Now now you will need to update your host on the network to use this dns server.

1 Like