Is there a simple dns proxy for centos 8 that can cache requests?
I am running a .net core app on linux and it sends http request to a Web server.
Currently name resolution take 300ms.
I would like to cut it down to 1ms. Can it be achieved with a dns proxy and which one requires minimum setup?
Sounds like a good use case for either unbound or dnsmasq, both of which are caching DNS servers by design. I personally have the most experience with unbound, so I'll describe that here but guides for installing and configuring dnsmasq are widely available as well.
Installation is as simple as running yum:
sudo yum install unbound
Then, configure unbound by editing /etc/unbound/unbound.conf. A reasonable default would be the following:
server:
access-control: 127.0.0.0/8 allow
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/12 allow
access-control: 192.168.0.0/16 allow
aggressive-nsec: yes
cache-max-ttl: 14400
cache-min-ttl: 1200
hide-identity: yes
hide-version: yes
interface: 0.0.0.0
prefetch: yes
rrset-roundrobin: yes
so-reuseport: yes
use-caps-for-id: yes
verbosity: 1
num-threads: 2
private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
forward-zone:
name: "."
forward-addr: 1.0.0.1@53 # Cloudflare
forward-addr: 1.1.1.1@53 # Cloudflare
forward-addr: 8.8.4.4@53 # Google
forward-addr: 8.8.8.8@53 # Google
This configures unbound to be accessible from all RFC1918 (private) addresses, and forwards all requests to Cloudflare and Google DNS servers. Once configured, restart unbound:
sudo systemctl restart unbound
And you should be good to go!
A DNS proxy would be a device that accepts DNS requests for another device and forwards them on the behalf of that device. DNS proxy is not really a real thing in the definition of a proxy you are referring to. It would be the same functions as a recursive DNS server.
That aside though, the DNS client on your Centos machine would already be handling what you are trying to solve. If it is constantly reaching out to an external nameserver for an address, the TTL for the record is likely lower than it should be. It should reach out to the name server once, then use cache until the TTL expires. If that isn't happening, it sounds like the DNS record.
