Pfsense cache only DNS server



  • I am new to this still digging and learning about only cache only DNS server I have certain questions in my mind

    1. What will be the hardware on calculation of queries relating to only cache only DNS. ( Do guide me If i am wrong )

    2. Can PfSense be used as full fledged DNS server ?

    3)  Any one who has used or like to comment and like to share the notes with cache only DNS server.



  • 1.  DNS is usually lightweight so you don't need a supercomputer, if I'm understanding your question correctly.

    2.  Yes of course.  pfSense includes two different DNS daemons, and you can install Bind as a package and use that instead.

    3.  I use Bind on Linux for external DNS and Windows for internal DNS, but others have been using pfSense DNS for ages.

    https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

    https://doc.pfsense.org/index.php/DNS_Forwarder



  • @KOM:

    1.  DNS is usually lightweight so you don't need a supercomputer, if I'm understanding your question correctly.

    Well if having around 15K to 20K nodes  (clients) looking at power consumption CPU RAM how much it will be with a Intel server NIC how it could be calculated per query  (hope i am right on this again )

    2.  Yes of course.  pfSense includes two different DNS daemons, and you can install Bind as a package and use that instead.

    As I researched googling more of BIND notes I am able to find but reading it  they say Bind have limitation  looking at a future as By default unbound is so I am thinking to learn on it as configure is simple compare to bind reading on googling but I was not able to find much on it. ( I don't mean to spark on which is best ) .

    3.  I use Bind on Linux for external DNS and Windows for internal DNS, but others have been using pfSense DNS for ages.

    Good to know about it as pfsense is build on freebsd 10.3 so bsd people might find it easy to configure with gui or for noob like me (reading doc).I just want to check on only cache DNS server for above as point 1.

    Thanks for your reply
    KOM

    https://doc.pfsense.org/index.php/Unbound_DNS_Resolver

    https://doc.pfsense.org/index.php/DNS_Forwarder


  • LAYER 8 Global Moderator

    So you want to run pfsense as JUST dns caching server?  Is it going to forward or resolve?

    I don't get these people that want to run pfsense as their proxy, dns, file server, etc.  Yes pfsense can do those via packages.  But if what you need is a DNS server, then fire up a VM and install whatever caching dns software you think is best.  Unbound is not the only caching resolver out there.

    Or put it on some hardware..  Pfsense is a firewall/router distro - that yes has some other features that come in handy on a firewall/router like dhcp, proxy even, dns server.  But I would not fire it up to work as only what a package adds..  That just seems insane to me..  If you want to run something that pfsense does, and or provides as a package.. Then run that - run it on freebsd if you want, or net/freebsd or pick your fav linux distro, debian, centos, ubuntu, etc..

    If you need a router/firewall that can also do some other services for your network then yeah pfsense is the best choice on the planet ;)

    20k nodes - doing what exactly?  Are they going to be just random clients surfing the internet, are they doing queries for your local stuff? Are they clients only doing queries for normal work hours in 1 time zone, or are they spread across multiple time zones.  Is it something that runs 24/7? and you have 3 shifts of 1/3 of your total number over each shift?  A typical query for A record is about 100 bytes.  I would suggest you take a look at the sort of traffic your generating now for dns over a sample period and then do the math, etc.  BTW Unbound is not a good choice as an authoritative type name server.  What are these clients using now for dns?

    If you want to quick comparison of different dns software
    https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software



  • @johnpoz:

    So you want to run pfsense as JUST dns caching server?  Is it going to forward or resolve?

    for only caching server i think it wont be forwarding or resolving it.

    I don't get these people that want to run pfsense as their proxy, dns, file server, etc.  Yes pfsense can do those via packages.  But if what you need is a DNS server, then fire up a VM and install whatever caching dns software you think is best.  Unbound is not the only caching resolver out there.

    Alright unbound is not only one but distros like openbsd uses unbound as default as i think.

    Or put it on some hardware..  Pfsense is a firewall/router distro - that yes has some other features that come in handy on a firewall/router like dhcp, proxy even, dns server.  But I would not fire it up to work as only what a package adds..  That just seems insane to me..  If you want to run something that pfsense does, and or provides as a package.. Then run that - run it on freebsd if you want, or net/freebsd or pick your fav linux distro, debian, centos, ubuntu, etc..

    Sorry about linux distro I am tired with change and learning always new I am non IT guy trying to learn with update but not shifting as a linux distro I will go with slackware or BSD as quite good notes are there and good community.Well running on headless server  and configuring it takes time and learning I dont mind but i wanna head with pfsense at the movement at least it starts working and let me learn with gui and time saving.

    If you need a router/firewall that can also do some other services for your network then yeah pfsense is the best choice on the planet ;)

    Is it better then Mikrotik ? Dont want to start war just informative and in terms of advantage etc I seen some comments a cisco person switching cisco router to Pfsense :)

    20k nodes - doing what exactly?  Are they going to be just random clients surfing the internet, are they doing queries for your local stuff? Are they clients only doing queries for normal work hours in 1 time zone, or are they spread across multiple time zones.  Is it something that runs 24/7? and you have 3 shifts of 1/3 of your total number over each shift?  A typical query for A record is about 100 bytes.  I would suggest you take a look at the sort of traffic your generating now for dns over a sample period and then do the math, etc.  BTW Unbound is not a good choice as an authoritative type name server.  What are these clients using now for dns?

    20k + nodes for  which will be random client having local queries 24*7 (they are users surfing internet)
    I am using it only to cache dns server.
    What will be best choice then UNBOUND if you suggest ? (just thinking why then openbsd people placing unbound as dns then bind)

    If you want to quick comparison of different dns software
    https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software

    Thank you I already seen it but finding it what can be easy to install configure and learn for long run with freebsd


  • LAYER 8 Global Moderator

    "for only caching server i think it wont be forwarding or resolving it."

    WTF it going to cache then??  How it is going to get stuff into its cache??

    How exactly are you involved in working out dns for 20k+ nodes when seems you don't have clue one to even the basics of dns??

    And you state "I am non IT guy"  So how exactly would you be involved in a 20k+ node network and having anything to do with its dns??

    I am more than happy to help someone learn… But for gosh sake lets not make up shit to ask a simple question.



  • You can't have a DNS cache unless the DNS records come from somewhere. The source of the DNS records can be the authoritative DNS servers directly (for example the Unbound in resolver mode) or from a forwarder (Unbound or some other resolver in forwarding mode). A "cache only DNS server" is really a "cache only resolver". Note that a DNS cache (the stored database) is useless without the controlling application that understands the stored cache in its own format, for example DNSMasq has its own format that can not be used in Unbound.


  • LAYER 8 Global Moderator

    This guy is some troll that BS has some 20+ node network..  Prob has some homework ? he is trying to figure out..



  • @johnpoz:

    "for only caching server i think it wont be forwarding or resolving it."

    WTF it going to cache then??  How it is going to get stuff into its cache??

    How exactly are you involved in working out dns for 20k+ nodes when seems you don't have clue one to even the basics of dns??

    And you state "I am non IT guy"  So how exactly would you be involved in a 20k+ node network and having anything to do with its dns??

    I am more than happy to help someone learn… But for gosh sake lets not make up shit to ask a simple question.

    Sorry about it nodes I mean client and about this stuff is learning and reason I selected pfsense it is based on bsd and it has a gui and rest that dont need to go deep on command way.



  • @kpa:

    You can't have a DNS cache unless the DNS records come from somewhere. The source of the DNS records can be the authoritative DNS servers directly (for example the Unbound in resolver mode) or from a forwarder (Unbound or some other resolver in forwarding mode). A "cache only DNS server" is really a "cache only resolver". Note that a DNS cache (the stored database) is useless without the controlling application that understands the stored cache in its own format, for example DNSMasq has its own format that can not be used in Unbound.

    Thanks for patiently replying I am bit getting confused with bind as i seen some bind on other OS  where very less things need to be done (config).


  • LAYER 8 Global Moderator

    Dude are you going to answer the question?  Does not matter if you have 10 or 1000 or 10, 000 or 100,000 what do you want to do forward or resolve?

    To setup bind to be a caching forwarder takes all of 1 minute of config.  Maybe even don't have to config if you just install the bind package on pretty much any linux distro it comes up as forwarding cache.

    here is a step by step tutorial on setting up bind as caching forwarder..
    https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04


Log in to reply