My Private DNS Relay Server is Better Than Yours

Hai folks! Today we’re taking a closer look at two items I’ve been playing with recently, namely Namecoin and Raspbian.

Everything will start making sense at 1:56 …

On our last Namecoin adventure we learned how to leverage the system for the purposes of registering and browsing ‘.bit’ domains like wikileaks.bit. To do so we needed to install Namecoin-QT on our workstation and maintain a complete copy of the blockchain there, costing us a fair bit in time and disk space.

What if I told you we could just set this up once and then EVERY workstation on our network (or even all of the Interwebz!) could have .bit FQDN resolving powers?

via MemeGenerator.org
via MemeGenerator.net

Duh, let’s just put the software somewhere else on the network and make sure everyone can send name requests its way. We just received two more RPi3’s in the mail… Let’s put it on one of those!

The Pi

For this and most any other custom pi project (piject?) in the near future I will be using the official Raspbian 8 Jesse-Lite image. No need to expend excess system resources with an X Window System like PIXEL here.

Never again will a post go 100% cat free :3
Never again will a post go 100% cat free :3

As you can see I’ve already gone ahead and configured a static IP on my pi, given it a nifty hostname, run a sudo apt-get update && sudo apt-get upgrade, changed the default pi:raspberry credentials and added a new user account to work with.

If you recall from last time the very first thing we’ll need is a copy of the Namecoin blockchain to read name assignments from. Now I’ll show you Windows folks what us *nix peeps get up to all day.

via
via

Prerequisites

We’re going to need a few things in order to manage code and compile our binaries. Some of these should already be installed and if we’re concerned about storage space we can replace libboost-all-dev with a longer string of just the libbboost packages we need.

sudo apt-get install git build-essential libtool autotools-dev automake pkg-config nodejs npm libssl-dev libevent-dev libcap-dev bsdmainutils libminiupnpc-dev libboost-all-dev

Unlike our previous project (if we’d used namecoin-core rather than the pre-compiled QT back then) we do not need to include Berkeley DB in our build because we are not interested in the wallet functionality this time, just the blockchain.

Or maybe you are but that is beyond the scope of this project.

Compile Wallet

Ok, first we’ll need to get our hands on the namecoin-core codebase …

cd

git clone https://github.com/namecoin/namecoin-core.git

cd namecoin-core

./configure with enough memory so our compiler doesn’t crap out …

./autogen.sh

./configure –disable-wallet –without-gui –enable-hardening CXXFLAGS=”–param ggc-min-expand=1 –param ggc-min-heapsize=32768″

… compile and install!

make

sudo make install

Obligatory - via https://www.explainxkcd.com/wiki/index.php/303:_Compiling
… obligatory – explainxkcd.com

Download Blockchain

Before we run the program we’ll need to set up our namecoin.conf in ~/.namecoin/ such that we can connect to it later. Notice how we generate a fairly secure password with openssl‘s ‘rand’ function. Make note of the value we get here as we’ll need it once more later on.

printf “rpcuser=yourusername\nrpcpassword=$(openssl rand -hex 20)\nrpcport=8336\ndaemon=1\nserver=1” > ~/.namecoin/namecoin.conf

vi ~/.namecoin/namecoin.conf

I only just started picking up vi. *nix newbies may wish to use nano to read/edit docs instead. In this case we could also just use cat since we're not looking to edit anything, just verify. If you just got stuck and are cursing at me, please hit ESC, type :q! and hit ENTER. You're welcome.
*nix newbies may wish to use nano to read/edit docs instead. In this case we could also just use cat since we’re not looking to edit anything, just verify. If you just got stuck and are cursing at me, please hit ESC, type :q! and hit ENTER. You’re welcome.

With all of that out of the way we can start our node daemon with the command namecoind and see that it is running with namecoin-cli getinfo. Enter namecoin-cli help for a list of all the commands you may wish to mess with.

daemonstart
Weeeeeeeeeeee!

To check our progress in verifying the blockchain we can evaluate the “blocks” value output from “getinfo” against the top block shown on any Namecoin explorer.

getinfo
Don’t worry about that error. There is a way to remove it if it really bothers you.

I passed some of the waiting time by writing a collection of management scripts that will restart namecoind regularly in case it gets stuck or crashes (the poor little pi’s hardware did NOT like this project :D), all while looping the getinfo command for my monitoring pleasure.

Later I realized that with some light configuration systemd negates half of the work I did on that… But the monitoring script is still good!

dotslash-watch
*BASH!*

Now that we have our blockchain management solution in place let’s start setting up our DNS relay server while we wait for our copy of the database to populate.

PowerDNS

I have chosen to use PowerDNS to handle our requests from the network however any recursive DNS server should work for us.

sudo apt-get install pdns-recursor

We’ll edit the file at /etc/powerdns/recursor.conf to tell it where to forward incoming requests with .bit domains …

# /etc/powerdns/recursor.conf

config-dir=/etc/powerdns/
daemon=yes
forward-zones=bit.=127.0.0.1:5333
allow-from=0.0.0.0/0
local-address=0.0.0.0
local-port=53

… restart the recursor to apply our new configuration …

sudo service pdns-recursor restart

… make sure the server is alive by with rec_control ping

pingpong

… and verify that it can resolve legacy domains using dig.

Yay!
Yay!

Now we just need the one last piece of the puzzle that will tie PowerDNS and Namecoin-Core together to provide the decentralized domain resolution goodness we seek.

ncdns

ncdns is yet another daemon that will act as an authoritative nameserver; receiving requests from PowerDNS, accessing namecoind via JSON-RPC calls to resolve each domain and spitting them back out to our recursor.

This program is written in Go so we’ll need to grab the latest set of tools from golang.org/dl and add it to our PATH environment variable.

cd

wget https://storage.googleapis.com/golang/go1.7.3.linux-armv6l.tar.gz

sudo tar -C /usr/local -xzf go1.7.3.linux-armv6l.tar.gz

export PATH=$PATH:/usr/local/go/bin

Then simply download the source code and compile that bad larry!

git clone https://github.com/hlandau/ncdns.git

cd ncdns

make

That was easy!
That was easy!

Finally we’ll create a configuration at /etc/ncdns/ncdns.conf using the developer’s example as a template. We’ll just un-comment and modify a few fields to fit our setup.

Make sure the username and password match what we entered into ~/.namecoin/namecoin.conf wayyy back at the beginning.

bind=”127.0.0.1:5333″
namecoinrpcaddress=”127.0.0.1:8336″
namecoinrpcusername=”yourusername”
namecoinrpcpassword=”yourpassword”

Now we can fire it up with a ./ncdns/bin/ncdns -service.fork from our home directory and…

Holy crap, I think we’re finally done!

Once our copy of the blockchain is up to date we can test our dot-bit resolving capabilities and everything should work now.

Winning!
Winning!

If you enjoyed this post but somehow didn’t already know about xkcd then I’m sorry but there is something very seriously wrong with you.

The good news is there’s a cure for your horrific condition at xkcd.com

via
via XKCD

1 thought on “My Private DNS Relay Server is Better Than Yours”

Leave a Reply

Your email address will not be published. Required fields are marked *