Posadis can act as a caching DNS server for your local network; it can act as a forwarder, too. Posadis has caching enabled by default, so there’s nothing you need to do, either: Posadis will act as a caching DNS server by default.

If you’re not running Posadis as a caching DNS server, or if you want to limit who Posadis does resolving for (which is probably a good idea since resolving takes up valuable network and computing resources), you can use the recursion_acl configuration setting to control who Posadis does resolving for. For example, use

recursion_acl 127.0.0.1, 192.168.1.*

to make Posadis answer queries for the local host and local network only. If you’re not going to use caching at all, use recursion_acl none to completely disable it.

Note that, even if Posadis is configured not to do recursion for internet clients, they can still find out what websites are in your cache. This means that anyone can (to some extent) see what webpages are visited on your local network, and when. To prevent this DNS cache snooping, you can use the listen setting of Posadis to make Posadis only answer queries coming from local network, e.g.

listen 127.0.0.1, 192.168.1.1

As you will understand from the caching discussion, Posadis needs some initial contents of its cache (particularly, the names and addresses of the root nameservers) to operate. Populating the cache is also useful to override its contents. For example, you can add some bogus IP number for the ad.doubleclick.net domain name to your cache to block all content from that domain name. Feeding custom data to caches is also used for spam-checking purposes; e.g. see here.

There are two methods to feed data into the Posadis cache on startup.

The first one is by using the cache-ns construct. After the cache-ns line, where is the domain name to set the nameservers of, a number of indented lines follow, with a domain, optionally followed by a @ and an IP number. For example, the addresses of the root nameservers as they are now, can be written as follows:

cache-ns .
  
  
  
  
  
  
  
  
  
  
  
  
  

You can specify initial nameserver lists for other domains as well, though in most cases that’s not really useful. It could be useful, for example, if you want to use some custom TLDs from PacificRoot in combination with the normal root nameservers. The example Posadisrc has a list of root nameservers; you can also use the posadis-getroots tool to get a fresh list for various root nameserver providers. See Alternate root nameservers for more information.

The cache-ns method obviously has its limitations, since only NS-A1)-combinations can be added to the cache. This is why Posadis supports so-called initial cache files with the initial_cache_files configuration option. With initial cache files, you can add any type of data to the cache – you can even save the non-existence of domain names or record types!

By default, no forwarding is done and Posadis will act as a resolving DNS server. If you want to forward DNS queries to another caching DNS server (as discussed in the caching article), you can use the cache-forward construction. Similar to the cache-ns constuction, cache-forward is followed by the domain name to set forwarding for, and the next indented lines are IP numbers of DNS servers to forward queries to. Each DNS server in the forwarding list has equal preference2). For example, to forward queries for . and all its subdomains (i.e., all domains) to 192.168.1.102, use:

cache-forward .
  192.168.1.102

The cache-forward statement applies to the specified domain name and all of its subdomains. To override settings for subdomains, just add cache-forward statements for them. To disable forwarding for a domain name and its subdomains, use a cache-forward statement without listing DNS servers. For example,

cache-forward acdam.net

will make sure requests for acdam.net. and its subdomains will be resolved directly rather than forwarded. Note that the domain name in a cache-forward statement can be a domain name Posadis is authoritative for; in that case, the line applies to all subdomains for which resolving is nessecary.