djbdns: Be an open relay for one zone with dnscache

Question

Is it possible to configure dnscache (from djbdns) to act as a public dns cache, but only for one zone?

The documentation suggests how to configure dnsdjb to act as a forwarder, but does not touch on this.

This is possible with BIND:

zone "example.com." IN {
   type forward;
   forward only;
   forwarders { 4.2.2.2; };
   allow-query { any }; 
};

See this post on serverfault.

`0.0.0.0/0` does not actually mean "everyone" (it means everyone on IPv4) and it is not the default. `any` means everyone. — Håkan Lindqvist, Jan 17 '15 at 11:29

score 0 · Accepted Answer · answered Jan 17 '15 at 11:31

I don't believe that dnscache in the standard djbdns version has this functionality. There is a patch at http://skarnet.org/software/djbdns-fwdzone/index.html which looks like it may provide the functionality that you desire.

However, I would still suggest considering using for instance Unbound or BIND instead.

Both of these have the concept of forward zones (and have more of the feature set one would expect in general) and unlike djbdns these projects are alive.

The djbdns software has not received much attention for a long time (the last actual release was made in 2001). There are forks as well as separate patches (like the one above) that fix some bugs and add some much needed functionality but it's not exactly on par with other alternatives anymore.

I'm not hellbent on using djbdns/dnscache. It's just what we happen to use right now. I will probably switch to BIND or Unbound like you suggest. — benedikt, Jan 17 '15 at 14:19
`dnscache` actually has the concept of forward zones, as seen in this rosetta-style faq: http://cr.yp.to/djbdns/blurb/easeofuse.html But it seems to be missing a feature to be able to define whom the zone should answer queries from. — benedikt, Jan 17 '15 at 14:25

djbdns: Be an open relay for one zone with dnscache

1 Answers1