Roll your own DNS cache - Bypass your ISPs and Googles.
Using Root Servers
If you are having issues with DNS resolving and you don't want to use googles. Try this.
I used Ubuntu Server 16.04 for this.
I'm not going though the whole Ubuntu install, but I just enable SSH and went from there.
Also my is IPv4 Only as we don't have a need for IPv6 and also that was causing issues with DNS timeouts.
Lets Begin
SSH in to your server
I called my dns1
Do the updates first by "sudo apt-get update && sudo apt-get upgrade -y"
sudo apt-get update && sudo apt-get upgrade -y
Make sure you set a static IP address
done by "sudo nano /etc/network/interfaces"
sudo nano /etc/network/interfaces
change this line from "iface eth0 inet dhcp" to iface eth0 inet static
then add the following lines
iface eth0 inet static
address <ip you want the Machine to be >
netmask <Network Subnet Mask>
Gateway <Network Gateway>
Now we will want disable IPv6 this is done by
editing "sudo nano /etc/sysctl.conf" and add the following lines to the bottom of the file
sudo nano /etc/sysctl.conf
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
Lets Install the DNS server, it BIND
sudo apt-get install bind9 bind9utils bind9-doc
Now lets configure BIND
so by default BIND accepts requests form all IP address, we want to tighten it up
I have add my OPENVPN clients and the local subnets
so we will need to edit named.conf.options found in /etc/bind/
sudo nano /etc/bind/named.conf.options
We will need to add the following section at the top.- Modify for your networks
//acl for good clients
acl goodclients{
192.168.254.0/24; //local subnet
10.196.89.0/24; // OPENVPN Clients
localhost;
localnets;
};
Now in the options section add
recursion yes;
allow-query { goodclients; };
Lets check the config is correct by running
sudo named-checkconf
If all is good it shouldn't return anything
Reboot and this should disable IPv6 and change it to the IP address you set.
Connect back to it on the IP address you set at the start, it should be resolving now.
you can do a "dig [domainname]" this will be slow for the first time.
dig l1teches.com
i dig it again
Now now you will need to update your host on the network to use this dns server.