Deadwood DNS forwarding cache

Deadwood is a working DNS forwarding cache. This is a UDP-only server with the following features:

• Small size and memory footprint suitable for embedded systems
• Simple and clean codebase
• Secure design
• Spoof protection: Strong cryptography used to determine the Query ID and source port
• Ability to read and write the cache to a file
• Dynamic cache that deletes entries not recently used
• Ability to use expired entries in the cache when it is impossible to contact upstream DNS servers.
• Ipv6 support can be compiled in if desired

Let’s install it on Bebop, my CPU is an AMD64, so I use -march=k8:

  cd /usr/src
  wget http://maradns.org/deadwood/deadwood-2.3.04.tar.bz2
  tar jxvf deadwood-2.3.04.tar.bz2
  cd deadwood-2.3.04
  export FLAGS='-march=k8 -O2 -pipe'
  cd src
  make -f Makefile.centos5
  nano /etc/dwood2rc
  cp DwMain /usr/sbin
  cd ../doc
  cp DwMain.1 /usr/share/man/man1/
  cd /usr/sbin
  ln -s DwMain DwTcp

nano /etc/dwood2rc

  bind_address="10.1.1.139" # IP we bind to
  chroot_dir = "/etc/maradns" # Directory we run program from (not used in Win32)
  upstream_servers["."]="10.1.1.140" # Servers we connect to
  recursive_acl = "10.1.1.0/24" # Who is allowed to use the cache
  maxprocs = 8 # Maximum number of pending requests
  handle_overload = 1 # Send SERVER FAIL when overloaded
  maradns_uid = 99 # UID Deadwood runs as
  maradns_gid = 99 # GID Deadwood runs as
  maximum_cache_elements = 60000
  cache_file = "dw_cache"

nano /etc/init.d/deadwood

  #!/sbin/runscript
  depend() {
          need net
          provide dns
  }
  start() {
          ebegin "Starting deadwood"
          start-stop-daemon --start --quiet --name deadwood \
                  --exec /usr/bin/duende /usr/sbin/DwMain
          eend $?
  }
  stop() {
          ebegin "Stopping deadwood"
          killall DwMain
          eend $?
  }