I deleted the previous message, which was wrong. I have not been successful getting dns-server to work as a forwarding cache.
I'm a little confused about how to set up the dns-server package (tinyDNS) as a DNS cache (or forwarder). Understand, I don't want to serve DNS requests from outside or serve as an authority for any domain. All I want to do (in effect) is increase the size of the DNS forwarding cache in pfSense.
I just upgraded to pfSense 1.2-RC4 and installed the dns-server package. In the DNS Cache-Server: Settings screen in the Web configuration tool, I checked the "Enable DNScache forwarder" box and set the IP Address to 192.168.1.1, which is my LAN address.
LAN is using DHCP, by the way.
In the pfSense General Setup screen, I left the DNS Servers the same as they were before I installed the dns-server package.
Now, if I disable the pfSense DNS forwarder ("DNS forwarder" under services), then when do an ipconfig /release and /renew on my Windows box and check the DNS servers, I get my ISP's servers. I can resolve domains, of course, but I'm not talking to tinyDNS.
If I enable the pfSense DNS forwarder, then ipconfig /all tells me that the server is 192.168.1.1, as I would expect, but am I talking to the tinyDNS forwarder, or to the pfSense forwarder? How can I tell the difference?
I've rebooted and confirmed (I think) that tinyDNS is running. If I do "ps -aux | grep tiny", I get three lines: one for "supervise tiny", one that starts with "Gtinydns", and of course my "grep tiny".
But I don't think it's working. If I look at the tinydns log, there are repeated lines that say it was unable to bind to the UDP port because it's already in use. That makes sense, considering that the DNS forwarder probably has it.
So … color me confused. Where did I go wrong?
TinyDNS will not do DNS caching as far as I know. It will do a query each time a request comes in so it is not exactly a good DNS cache. Might stick with DNS Forwarder in the meantime.
Thanks for setting me straight.
I misunderstood the tinydns documentation. Now that I've re-read the web site, I see that dnscache is a separate program rather than part of tinydns.
The cache in DNS Forwarder is too small for my application. Since it appears that I can't run the cache on the same box as pfSense, I'll set up dnscache on a separate machine. It's not the ideal solution, but I'll make do.
Unless there's some way to install dnscache on the same box as pfSense and have pfSense see it . . .?
No, you did not mis-understand for the most part. You are just failing to see that DJBDns is in 2 parts: TinyDNS and DNSCache. We only run TinyDNS in the dnsserver and use dnsmasq for the DNS Forwarder.