Living, as I do, in rural France, I suffer from rather slow internet connectivity.

My normal line speed is only 512Kbs and sometimes I struggle to achieve even this.

My solution is to use an Internet Acceleration Appliance, the building and configuration of which is detailed at….

www.InternetAccelerationAppliance.com

Now, whilst that works very well, the server that it runs on needs an upgrade (I’m going to add some more memory and another couple of SCSI disks) and will then be used for a number crunching/data processing project that I am about to embark on.

Now, I was resigned to losing the speed increase that the server gave me but today, over a cup of coffee in a little bar in the nearest village, I wondered to myself whether I could just install the functionality of the server onto my local PC.

I couldn’t see any reason why not and, less than an hour later, it was done.

Caching DNS Proxy Server

I started off by installing PDNSD as a local caching DNS server.

The instructions and reasons for doing this are detailed at www.internetaccelerationappliance.com – installing pdnsd so I’ll just offer a brief recap here….

What is DNS?

Imagine, if you will, that you want to send a letter to your friend Joe Bloggs. If you were just to address that letter to Joe Bloggs, it would almost certainly never arrive.

If, however, you were to address that letter to Joe’s address… 24 Staunton Court, Streatham, London, England then, sooner or later, it will be delivered.

The internet is similar. We know sites by their names (i.e. www.google.com) but the delivery service needs the address (in this case the IP address – 74.125.77.104)

When we type www.google.com into our browser, that information goes up the line to our Service Provider (in my case Orange.fr)

Now, the server(s) at Orange don’t know who Google.com is so they have to look up an address for it. For this, they request the information from their DNS servers. These are basically just servers that contain lists of names and their associated IP addresses. A bit like telephone directories except there can only be one Google.com whereas in a telephone directory there may be many entries for Joe Bloggs.

If the local DNS servers at Orange.fr don’t have an address, then the request is forwarded to the national DNS servers and then, finally, the root DNS servers (which, for .COM addresses are in Singapore.)

All this can take time. What we are going to do here is make this process local so that every time we get an IP address from the Service Provider, it is going to be noted here in a local caching DNS server so that the next time we want to visit Google.com we don’t have to wait for Orange.fr to supply the address – we’ll already have it.

Hopefully this will speed up my effective internet speed.

pdnsd installation

1).  On my Debian system the installation was simple….

apt-get install pdnsd dnsutils

2). Once this is complete we need to edit one file…

nano /etc/default/pdnsd and press Enter. This will load the file in the nano text editor.

Change line 2 so that it reads… START_DAEMON=yes

Ctrl & O – to save file and press Enter

3).  Now we need to edit the pdnsd configuration file (/etc/psdnd.conf)

My /etc/pdnsd.conf now looks like this….

global {
perm_cache=1024;
cache_dir=”/var/cache/pdnsd”;
run_as=”pdnsd”;
server_ip = 127.0.0.1;
server_port=53;
status_ctl = on;
paranoid=on;
query_method=udp_tcp;
max_ttl=1w; # One week.
timeout=10;
}
server {
label=OpenDNS;
ip=208.67.222.222;
ip=208.67.220.220;
timeout=30;
uptest=ping;
interval=30;
ping_timeout=300;
purge_cache=off;
caching=on;
preset=off;
}
source {
owner=localhost;
serve_aliases=on;
file=”/etc/hosts”;
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}
global {perm_cache=1024;cache_dir=”/var/cache/pdnsd”;run_as=”pdnsd”; server_ip = 127.0.0.1; server_port=53;status_ctl = on;paranoid=on; query_method=udp_tcp;max_ttl=1w; # One week.timeout=10; }server {label=OpenDNS;ip=208.67.222.222;ip=208.67.220.220;timeout=30;uptest=ping;interval=30; ping_timeout=300;purge_cache=off;caching=on;preset=off;}
source {owner=localhost;serve_aliases=on;file=”/etc/hosts”;}
rr {name=localhost;reverse=on;a=127.0.0.1;owner=localhost; soa=localhost,root.localhost,42,86400,900,86400,86400;}

4). Now we must resolv.conf - nano /etc/resolv.conf and press Enter

Change the file so that it contains just one line which reads exactly as follows….. nameserver 127.0.0.1

5). Because my machine already used a fixed IP address I didn’t have to do the following, you may have to if you use DHCP…

Edit dhclient.conf - nano /etc/dhcp3/dhclient.conf and press Enter

Find the line that starts #prepend domain-name-servers (about 20 lines down) and remove the # so that the line reads as follows… prepend domain-name-servers 127.0.0.1;

Ctrl & O – to save file and press Enter

Ctrl & X – to quit nano

6).  Finally, Edit interfaces - nano /etc/network/interfaces

Edit the line that starts… dns-nameservers so that it reads….. dns-nameservers 192.168.1.2

Ctrl & O – to save file and press Enter

Ctrl & X – to quit nano

Reboot the machine.

7). Log into the rebooted machine, open a terminal and type in the command…

dig Google.com

Note the Query time: (this is the time spent to retrieve Google’s IP address from the OpenDNS servers) – on my machine it was 316 msec.

Now run the same command again (arrow up will redisplay the last command.)

Note the Query time: (the address should be resolved locally by pdnsd) – it should now be about 3 msec.

Squid Caching Proxy Server

Now it’s time to install the squid caching proxy server – this is even easier!

What is a caching Proxy Server?

Now that pdnsd knows the IP Address of Google, we are saving some time everytime we wish to visit Google (by not having to look up the IP Address at Orange.fr’s DNS servers.)

But, we are still downloading logo.gif (the Google logo) from the site and even at only 8Kb large, it is using up some of our bandwidth.

What our caching proxy server does is keep a copy of that logo (and a whole hosts of other HTTP Objects) and, according to a complex set of rules, doesn’t bother going to the originating site the next time the object is requested – it delivers it from its local cache.

This can dramatically reduce bandwidth.

Now, Google is a well designed site with a minimum of logos and graphics to download – not all sites are as austere as Google. Over a period of time, a store of HTTP objects (graphics/webpages etc.) will be built up in the cache and these will be served to any machines on the network that are accessing the cache.

Squid installation

1).  Start off by installing Squid.  On my Debian system all I have to do was type apt-get install squid.

2).  Now we need to stop squid - /etc/init.d/squid stop and press Enter

3).  We need to edit /etc/squid/squid.conf

This is my squid.conf

# Access Control Lists
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl apache rep_header Server ^Apache
acl mydomain src 192.168.1.1-192.168.1.24/255.255.255.255
acl purge method PURGE
acl CONNECT method CONNECT

# Refresh patterns
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 50% 40320
refresh_pattern -i \.jpg$ 3600 90% 40320 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.jpeg$ 3600 90% 40320 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.gif$ 3600 90% 40320 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.html 300 50% 10 ignore-reload
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow mydomain
http_access deny all

# Denying non-necessary access
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all

# Stopping stuff we don’t need
log_fqdn off
log_icp_queries off
buffered_logs on
emulate_httpd_log off
client_db off
cache_store_log none
memory_pools off
forwarded_for off

#General config stuff
http_port 3128
visible_hostname brahms-squid
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
cache_mgr squid@brahms.com
access_log /var/log/squid/access.log squid

# Caching stuff
cache_mem 64 MB
cache_dir diskd /var/spool/squid 4000 16 256
maximum_object_size_in_memory 32 KB
maximum_object_size 128 MB
request_body_max_size 8 MB

# DNS Stuff
hosts_file /etc/hosts
dns_testnames 127.0.0.1
dns_nameservers 127.0.0.1

4). Now we only need to restart squid by typing /etc/squid/squid start and then forcing it to re-read the config file by typing squid -k reconfigure

5).  You will need to set up your browser to use the local proxy server.

To do this just find the configuration screen (this will vary from one browser to another) and set the broser to access the internet via a proxy server.  Use an IP address of 127.0.0.1 and a port of 3128.  Now tick the box that says Use this proxy server for all protocols and click on the OK button.

Conclusion

It’s difficult to tell how much this has speeded up my internet access as I was using a separate caching proxy server before.

I know that it’s very rare for me to wait for a website to be found (a function of the DNS server) and once I have visited a site once, the following time the graphics just snap into place (no waiting at all!)

Overall, this has proven to be an extremely simple way to improve my internet access without resorting to additional hardware.

My pdnsd.conf and squid.conf files are available at http://www.kmeckstein.com/data/pdnsd.conf and http://www.kmeckstein.com/data/squid.conf

To download them you just need to use…

wget http://www.kmeckstein.com/data/pdnsd.conf and

wget http://www.kmeckstein.com/data/squid.conf

All the best

If you liked this article, why not share it with your friends on Facebook

Reddit Twitter Digg Share on Facebook Stumble Bookmark Email this page to a friend