服务器使用 pdnsd 部署 DNS forwarder 的方法

Assume that you use Ubuntu.

Download & Install pdnsd:

apt-get install pdnsd

1	apt-get install pdnsd

At the setup configuration step, choose manual. Then modify the config file: /etc/pdnsd.conf

At the global section, change server_ip, add server_port, increase or decrease the perm_cache, change min_ttl & max_ttl at your own need, just like:

global {
	perm_cache=4096;   //cache size,KB
	cache_dir="/var/cache/pdnsd";  //cache file position
	run_as="pdnsd";     //just leave default
	server_ip = 0.0.0.0;  // Use your interface name, or your IP address
				// or 0.0.0.0
	server_port = 1212;   //bind port, just do not use port 53
	status_ctl = on;
  	paranoid=on;
//	query_method=tcp_udp;	// pdnsd must be compiled with tcp
				// query support for this to work.
	min_ttl=1d;       // Retain cached entries at least 1 day.
	max_ttl=1w;	   // One week.
	neg_ttl=120s;
	timeout=5;        // Global timeout option (10 seconds).
}

global {

perm_cache=4096; //cache size,KB

cache_dir="/var/cache/pdnsd"; //cache file position

run_as="pdnsd"; //just leave default

server_ip = 0.0.0.0; // Use your interface name, or your IP address

// or 0.0.0.0

server_port = 1212; //bind port, just do not use port 53

status_ctl = on;

paranoid=on;

// query_method=tcp_udp; // pdnsd must be compiled with tcp

// query support for this to work.

min_ttl=1d; // Retain cached entries at least 1 day.

max_ttl=1w; // One week.

neg_ttl=120s;

timeout=5; // Global timeout option (10 seconds).

}

Then add the upstream DNS server, just like:

server {
	label = "mydns";
	ip = 	1.2.3.4
	,	1.2.3.5
	,	1.2.3.6
	;
	timeout = 3;
	uptest = none;
	purge_cache = off;
	edns_query = on;
	exclude = .localdomain;
}

server {

label = "mydns";

ip = 1.2.3.4

, 1.2.3.5

, 1.2.3.6

;

timeout = 3;

uptest = none;

purge_cache = off;

edns_query = on;

exclude = .localdomain;

}

Comment out the unnecessary sections, such as root-servers & resolvconf:

/*
server {
    label="resolvconf";
}
*/

/*
server {
	label = "root-servers";
	root_server=on;
...
...
	policy = included;
	preset = off;
}
*/

server {

label="resolvconf";

}

server {

label = "root-servers";

root_server=on;

...

policy = included;

preset = off;

}

Here’s an example for pdnsd.conf

To see more details of pdnsd, just look at pdnsd Documents

Modify the file /etc/default/pdnsd, change START_DAEMON=no to START_DAEMON=yes and save the file. Finally start pdnsd:

service pdnsd start

1	service pdnsd start

Add firewall rule if neccessary (Assume that you use UFW):

ufw allow 1212

1	ufw allow 1212

Check it on your PC:

dig @X.X.X.X -p 1212 www.youtube.com

; <<>> DiG 9.9.5-3-Ubuntu <<>> @X.X.X.X -p 2121 www.youtube.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64845
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1024
;; QUESTION SECTION:
;www.youtube.com.               IN      A

;; ANSWER SECTION:
www.youtube.com.        86400   IN      CNAME   youtube-ui.l.google.com.
youtube-ui.l.google.com. 86400  IN      A       173.194.117.232
youtube-ui.l.google.com. 86400  IN      A       173.194.117.231
youtube-ui.l.google.com. 86400  IN      A       173.194.117.233
youtube-ui.l.google.com. 86400  IN      A       173.194.117.238
youtube-ui.l.google.com. 86400  IN      A       173.194.117.224
youtube-ui.l.google.com. 86400  IN      A       173.194.117.227
youtube-ui.l.google.com. 86400  IN      A       173.194.117.225
youtube-ui.l.google.com. 86400  IN      A       173.194.117.230
youtube-ui.l.google.com. 86400  IN      A       173.194.117.229
youtube-ui.l.google.com. 86400  IN      A       173.194.117.228
youtube-ui.l.google.com. 86400  IN      A       173.194.117.226

;; Query time: 80 msec
;; SERVER: X.X.X.X#1212(X.X.X.X)
;; WHEN: Sun Nov 16 10:13:39 UTC 2014
;; MSG SIZE  rcvd: 254

dig @X.X.X.X -p 1212 www.youtube.com

; <<>> DiG 9.9.5-3-Ubuntu <<>> @X.X.X.X -p 2121 www.youtube.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64845

;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1024

;; QUESTION SECTION:

;www.youtube.com. IN A

;; ANSWER SECTION:

www.youtube.com. 86400 IN CNAME youtube-ui.l.google.com.

youtube-ui.l.google.com. 86400 IN A 173.194.117.232

youtube-ui.l.google.com. 86400 IN A 173.194.117.231

youtube-ui.l.google.com. 86400 IN A 173.194.117.233

youtube-ui.l.google.com. 86400 IN A 173.194.117.238

youtube-ui.l.google.com. 86400 IN A 173.194.117.224

youtube-ui.l.google.com. 86400 IN A 173.194.117.227

youtube-ui.l.google.com. 86400 IN A 173.194.117.225

youtube-ui.l.google.com. 86400 IN A 173.194.117.230

youtube-ui.l.google.com. 86400 IN A 173.194.117.229

youtube-ui.l.google.com. 86400 IN A 173.194.117.228

youtube-ui.l.google.com. 86400 IN A 173.194.117.226

;; Query time: 80 msec

;; SERVER: X.X.X.X#1212(X.X.X.X)

;; WHEN: Sun Nov 16 10:13:39 UTC 2014

;; MSG SIZE rcvd: 254

pve物理机启用IPv6

DNS，pdnsd

88 条评论

tom 2016-11-30 于 14:08 回复

请问一下，vps上的pdnsd是以转发还是以代理的方式工作的？我的需求是 “要让目标服务器认为 vps （pdnsd装在上面，接受来自于国内的dns查询）是请求的发起人，目标服务器登记的是国外vps的ip而不是登记的国内dns client所在的国内ip。
dover 2017-02-10 于 13:42 回复

[….] Starting pdnsdError in config file (line 36): invalid option for server section: edns_query
failed!

请问，edns_query这参数没有了么？
1. cokebar 文章作者 2017-02-10 于 14:10 回复
  
  pdnsd版本多少？
  1. dover 2017-02-10 于 21:56 回复
    
    pdnsd-1.2.8-par
2. cokebar 文章作者 2017-02-10 于 23:00 回复
  
  更新到1.2.9,最后一版。
引用: 服务器使用 pdnsd 部署 DNS forwarder 的方法 – 飞羽博客 – 龙的小站