Running Your Own DNS/DHCP Server the Easy Way.
by indrora in Circuits > Linux
35347 Views, 32 Favorites, 0 Comments
Running Your Own DNS/DHCP Server the Easy Way.
The scenario: You've got a computer you want to use as a web server for your own personal stuff... And it works from the outside when you use a service like DynDNS... but when you use that DynDNS from the inside, you get your router's configuration page! Oh Noes!
You're a victim of what's known as NAT Loopback Blocking. This is fixable by running your own internal DNS server, optionally with a DHCP server
You're a victim of what's known as NAT Loopback Blocking. This is fixable by running your own internal DNS server, optionally with a DHCP server
A Fast Introduction to NATs
A NAT (or Network Address Translator) is a chunk of software that turns one network of IP addresses (say, 192.168.0.0/24) into a single IP address (say, 20.43.45.65) so that the network can be routed.
NATs are often used to turn non-routable networks such as 10.0.0.0/8 and 192.168.0.0/24 (both common networks) into routable IPs (often referred to as "Public" or "External" IPs.)
NAT Loopback is a term used when a NAT understands a connection request for its External IP from an Internal IP and routes it as though it were a request from the outside, heeding your particular port-forwarding requests.
Many ISP-provided routers disallow this, and for good reason: Its really easy to fake a NAT loopback, sending the 'external' connection through a loop or just outright denying it.
NATs are often used to turn non-routable networks such as 10.0.0.0/8 and 192.168.0.0/24 (both common networks) into routable IPs (often referred to as "Public" or "External" IPs.)
NAT Loopback is a term used when a NAT understands a connection request for its External IP from an Internal IP and routes it as though it were a request from the outside, heeding your particular port-forwarding requests.
Many ISP-provided routers disallow this, and for good reason: Its really easy to fake a NAT loopback, sending the 'external' connection through a loop or just outright denying it.
Installing Debian [part 1]
you can safely ignore this if you are already running Ubuntu or Debian. CentOS and friends, please consult your documentation on how to install Dnsmasq
I'm going to install Debian Squeeze (Testing) in a virtual machine, however the steps are going to be mostly the same given a real box.
The first step is getting a Network Install CD burned. You can get them from http://cdimage.debian.org -- You will find links to all the appropriate locations.
I'm going to install Debian Squeeze (Testing) in a virtual machine, however the steps are going to be mostly the same given a real box.
The first step is getting a Network Install CD burned. You can get them from http://cdimage.debian.org -- You will find links to all the appropriate locations.
Installing Debian [part 2]
Installing the base Debian system is pretty easy.
Some notes however to make sure you dont loose your way:
- The debian Network Installation disc will by default try and do DHCP. This sets a little flag in the installer later on that DHCP is a Good Thing to have on by default in the network configuration, and will lead to breaking things. This is fixable later on, its just a pain.
- know your network layout!
- the Debian installer needs ~1/2 a gig of space. Small hard drives are A-OK for a Debian box.
- There are numerous tutorials on how to install Debian and how to configure it. If you get lost, GIYBF.
- If you need to adminstrate this box later on remotely, install the SSH server! Really!
Some notes however to make sure you dont loose your way:
- The debian Network Installation disc will by default try and do DHCP. This sets a little flag in the installer later on that DHCP is a Good Thing to have on by default in the network configuration, and will lead to breaking things. This is fixable later on, its just a pain.
- know your network layout!
- the Debian installer needs ~1/2 a gig of space. Small hard drives are A-OK for a Debian box.
- There are numerous tutorials on how to install Debian and how to configure it. If you get lost, GIYBF.
- If you need to adminstrate this box later on remotely, install the SSH server! Really!
Installing Dnsmasq
Dnsmasq is our DNS server and possibly DHCP server. Installing is fairly simple:
apt-get install dnsmasq
This will download and install dnsmasq onto the box, then get it running.
apt-get install dnsmasq
This will download and install dnsmasq onto the box, then get it running.
Configuring Dnsmasq
The first thing you're going to want to do is actually disable your router's DHCP server -- Check the documentation on how to do that.
su to root and edit the DNSMasq configuration file using 'nano /etc/dnsmasq.conf'
dnsmasq's configuration file can be rather terse and still work. For example, here's mine:
server=4.2.2.2
listen-address=192.168.0.2,127.0.0.1
dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
dhcp-boot=pxelinux.0,lilac,192.168.0.2
enable-tftp
tftp-root=/var/tftp-boot
domain=internal.foxienet
Explaination:
this /forces/ the DNS server to be 4.2.2.2 ( a root nameserver ) and listens only on certain addresses.
It creates a DHCP range with a lease of 12 hours.
I use PXE booting when I need to get a box up and running, so that works just fine.
You are going to want to define 3 things:
DHCP range
Router
Domain
see http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq.conf.example for the default.
su to root and edit the DNSMasq configuration file using 'nano /etc/dnsmasq.conf'
dnsmasq's configuration file can be rather terse and still work. For example, here's mine:
server=4.2.2.2
listen-address=192.168.0.2,127.0.0.1
dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
dhcp-boot=pxelinux.0,lilac,192.168.0.2
enable-tftp
tftp-root=/var/tftp-boot
domain=internal.foxienet
Explaination:
this /forces/ the DNS server to be 4.2.2.2 ( a root nameserver ) and listens only on certain addresses.
It creates a DHCP range with a lease of 12 hours.
I use PXE booting when I need to get a box up and running, so that works just fine.
You are going to want to define 3 things:
DHCP range
Router
Domain
see http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq.conf.example for the default.
Adding Hosts and Upstream Servers.
Dnsmasq by default will read the file /etc/hosts and /etc/resolv.conf first before it asks upstream DNS servers.
Here's an example resolv.conf:
-8<-
nameserver 4.2.2.2
-8<-
And here's an example hosts file:
-8<
192.168.0.3 hero
192.168.0.9 leap
192.168.0.4 bridge
127.0.0.1 localhost
127.0.0.1 breaker
-8<-
To find a root nameserver that works nicely, take a look at the website for them all (including a nice pretty graph) with IPv4 and IPv6 information:
http://root-servers.org/
Here's an example resolv.conf:
-8<-
nameserver 4.2.2.2
-8<-
And here's an example hosts file:
-8<
192.168.0.3 hero
192.168.0.9 leap
192.168.0.4 bridge
127.0.0.1 localhost
127.0.0.1 breaker
-8<-
To find a root nameserver that works nicely, take a look at the website for them all (including a nice pretty graph) with IPv4 and IPv6 information:
http://root-servers.org/
Test, Test, Test.
Tweak your dnsmasq file until you like it. Over time, DNS entries will come faster, as dnsmasq will cache the results.
Dnsmasq runs anywhere and uses very little RAM or CPU -- Many routers in fact use it for their DHCP server and often as a DNS server as well.
Dnsmasq runs anywhere and uses very little RAM or CPU -- Many routers in fact use it for their DHCP server and often as a DNS server as well.