networking - Is it possible to set up a dedicated global DNS server locally or on a VPS?

07
2014-07
  • JTApps

    I'm interested in setting up a DNS server under my possession that is able to resolve hostnames on the web, in the same way as a public DNS such as 8.8.8.8 would do. My priority here is speed, followed by privacy.

    Setting up a local DNS server, whether it be on a Linux/Windows based machine or somehow within the wireless router itself would seem like the best option to fulfill these requirements, as it would be both fast (0ms resolve times?) and private. Alternatively, I own a remote Linux-based VPS that is fairly close-by, which would account primarily for the privacy factor, but also would not use my home bandwidth to operate.

    If it is possible to do locally (on my home network), what equipment, operating system, and software should I look into in order to make it happen? Is it viable (because I suspect it takes some bandwidth in order to keep up-to-date)?

    Alternatively, would setting up this DNS server on a VPS be the better option? If so, what software or packages should I look into in order to make it work?

    I also understand it may not be possible to do at all, in which case just let me know and I'll explore other DNS options.

    • Answers
  • HopelessN00b

    Based on our discussion in the comments, yes, this is possible, but no, it will not behave as you want/need it to.

    If you were to set up a local DNS server (or set one up on a VPS), it would essentially act as a proxy server for your DNS requests. There is not "DNS database" to download, so it would perform DNS lookups in response to client requests, cache them just as your clients would, and really provide you ne benefit. Your DNS lookups would still be [theoretically] publicly viewable, and you wouldn't get any speed benefits, because the DNS lookups would still occur as you need them, they'd just be shifted to a server from your client computer... but either way, you'd have to send your requests out into the internet to find a DNS server that can answer your request.

  • Quijote Shin

    I don't think a home network will be enough but...

    I have two VPS as TWO DNS server, and i'm happy with them. 8 one over Debian , the other ubuntu server.

    Thinking in a very small infrastructure as was with my job ( a hosting) Devices.

    1. You will need more upload speed than download speed ( home network will not match this )
    2. refrigeration system ( dns query don't heat that much )
    3. Two main DNS servers ( at least)
    4. Two backup server ( at least)
    5. An enterprise router
    6. A nice firewall
    7. A load balancer

    HW: Any subsystem will be ok. my two DNS have:

    1. only 1024 MB of memory. and its ok for me.
    2. Intel, dual core 2.4hgz

    They are relatively small, but have been working about 4 years and have never failed

    Software I prefer Linux. so you will consume less memory and nice control over your system.

    OS: You can go with Centos or Debian based systems whichever goes better with you I have been testing ubuntu 14.04 LTS. and I like it, its very fast don't suggest you go into it already. lets wait a bit bugs appear.

    DNS server * BIND is the most common

    *PowerDNS you can try is which if I'm not wrong support dns registry via mysql. so you can create other subsystems easily

    Others securities software's


    • Related Question

    networking - How do preferred and alternate or multiple DNS servers work?
  • Tanner

    I was considering adding 8.8.8.8 to the end of my adapter's list of DNS servers as a backup in case everything fails, when it occurred to me that I don't really know how secondary and tertiary DNS servers are treated.

    • Under what conditions is the next DNS server used?
    • Will the next server be checked if the name isn't resolved?
    • Can I configure my machine to query multiple servers if a name is not resolved?

    I'm also worried that by adding a DNS server not on my intranet, I may not be able to resolve local names.

    • If the first DNS server fails, how long will the secondary DNS server be used?
    • When my machine checks to see if the primary DNS server is up, does it stall my current DNS query?
    • How do multiple DNS servers affect performance? If I have four DNS servers on my adapter's list and three of them are dead, will it wait for three timeouts before getting an answer?

    I'm not sure if this question is OS specific either. Do different operating systems treat this differently?

    My goal is to append 8.8.8.8 to the DNS servers on top of what DHCP hands out with a script. I keep running in to stupid DNS problems where my machines wind up with a bogus/unreachable/simply no DNS server due to errors in DHCP configuration that I have no control over. I'm getting sick of it, but I'm wondering if adding this fail safe would cause more problems than it solves.


    • Related Answers
  • allquixotic

    The answer is certainly operating system-specific in the sense that nothing is preventing a certain operating system from behaving differently. There is nothing necessary about DNS client querying of multiple servers that would prevent an operating system implementation from treating DNS queries differently than I'm describing here.

    That said, the example of how Linux looks up DNS names should be representative of how most operating systems in common use today do it.

    Here is a good post describing the behavior in detail, as well as a way to set up something like what you've asked for.

    The general idea is that, by default, secondary/tertiary DNS servers are only used in sequence if the primary DNS server times out or points to a non-routable IP address. Even if the primary DNS server says "that domain does not resolve", it will not move on to ask the next nameserver. It treats any valid response to the query as a reason not to move to the next DNS server in the list.

    One possible sane way of setting it up so that local addresses will resolve first, but still use Google DNS or OpenDNS instead of your ISP's DNS server, is to configure your router or LAN box (whichever box is the Internet gateway) to use 8.8.8.8 as its primary nameserver. Of course, the gateway box should itself be running a nameserver, and should be configured to answer DNS queries for local hostnames on the private subnet -- but if it fails to resolve against the local subnet, it should immediately punt to Google DNS. This is kind of the best of both worlds.

    Another way to do it is to set up different nameservers for different network interfaces. Windows lets you do that by default; the article in the link above describes a way to do it by configuring the BIND9 DNS server implementation using the forward and forwarders directives.