dhcpd question for homemade linux router

hi folks, have a question

situation is linux box set up as a router between client machines and
service provider. service provider connection is dhcp'd, that is,
linux box gets it's own address dynamically when it dials up. linux
box is running dhcpd for clients, that's all working. here's my
question .... how do the clients get the right dns server address ? at
the moment i have my linux box set up to supply them with it's own
address as their dns server, a 192.168.x.x address ... is that what i
want ? what do i do, turn on named and just hope it works, hope that
my box's named forwards requests out to the net and sends the response
back to the client ? if that's not it, what do i do, how do i get
the dhcp dns address from the service provider into the dhcp'd clients
when they connect ? if that is it, if i do need to run named, how do i
configure it to do what i want ?

thanks a lot!

purple_stars wrote:

> hi folks, have a question
>
> situation is linux box set up as a router between client machines and
> service provider. service provider connection is dhcp'd, that is,
> linux box gets it's own address dynamically when it dials up. linux
> box is running dhcpd for clients, that's all working. here's my
> question .... how do the clients get the right dns server address ? at
> the moment i have my linux box set up to supply them with it's own
> address as their dns server, a 192.168.x.x address ... is that what i
> want ? what do i do, turn on named and just hope it works, hope that
> my box's named forwards requests out to the net and sends the response
> back to the client ? if that's not it, what do i do, how do i get
> the dhcp dns address from the service provider into the dhcp'd clients
> when they connect ? if that is it, if i do need to run named, how do i
> configure it to do what i want ?

I haven't set up a dhcp server in Linux, however:

1) There's nothing wrong with the router being a caching server and getting
the info from your ISP.

2) You may want a DNS server for your local network anyway.

3) If you insist on using the ISP's DNS, you can read the current info from
wherever the router's DNS client stores it's info. The client should also
start a script, when the DHCP info changes, which can be used to trigger
whatever changes are required for your DHCP server.

The crude $0.01 solution is to extract the DNS address from
/etc/resolv.conf on the Linux router (assuming you are letting the DHCP
client over-write this file) and put it in the DHCP config file (also on
the router). It's ugly, and I'm sure there is something better out
there, but it will get you started.

Allen McIntosh wrote:

> The crude $0.01 solution is to extract the DNS address from
> /etc/resolv.conf on the Linux router (assuming you are letting the DHCP
> client over-write this file) and put it in the DHCP config file (also on
> the router). It's ugly, and I'm sure there is something better out
> there, but it will get you started.

Actually, the dhcp client should have all the relevant info stored in a file
somewhere.

In article <(E-Mail Removed) .com>,
purple_stars wrote:

>situation is linux box set up as a router between client machines and
>service provider.

702929 May 4 14:03 IP-Masquerade-HOWTO
17605 Jul 21 2004 Masquerading-Simple-HOWTO
278012 Jul 23 2002 Security-Quickstart-HOWTO

Each of those documents has valuable hints

>service provider connection is dhcp'd, that is, linux box gets it's own
>address dynamically when it dials up.

"dials up" meaning using a ppp connection? pppd doesn't use DHCP, which
is an Ethernet protocol. 'ppp' uses IPCP (RFC1332) to negotiate IP addresses,
because ppp is a peer to peer protocol - not a server-client.

>linux box is running dhcpd for clients, that's all working. here's my
>question .... how do the clients get the right dns server address ?

Depends - are you dialing in to more than one ISP? If so, the best solution
would be to configure your DHCP server to tell the clients that the Linux
box is the name server, and then run a caching-forwarding name server on the
Linux box. If you are running windoze clients, this is a good idea anyway,
as they are extremely talkative and are always bothering the name server. If
you are not using multiple ISPs, you could place the ISP's nameserver
addresses in your DHCP server configuration file. The so-called dynamic
configuration of nameservers was invented my microsoft because they figured
that users would make more mistakes configuring their computers than the
"well trained" MCSE who would set up the DHCP server - that's also why they
added ZEROCONF for when the MCSE so screws up the configuration that nothing
works.

The really important point is that the ISP doesn't randomly change the
addresses of their name servers - why should they? I have three ISPs, and
each has had the same nameserver addresses for as long as I've used them - as
much as four years. At work, we haven't changed the addresses of the name
servers since they were first set up in 1986.

>at the moment i have my linux box set up to supply them with it's own
>address as their dns server, a 192.168.x.x address ... is that what i
>want ?

Depends - if you are running windoze clients, yes it's a very good idea. If
your connection is not up all the time, it's also a good idea.

>what do i do, turn on named and just hope it works, hope that
>my box's named forwards requests out to the net and sends the response
>back to the client ? if that's not it, what do i do,

Would have helped if you mentioned distribution and release. For several
years, Red Hat has had a package called 'caching-nameserver' which goes
along with the standard bind package.

>how do i get the dhcp dns address from the service provider into the
>dhcp'd clients when they connect ?

If not using multiple ISPs, just hard-code the thing. If using multiple
ISPs _and_ those ISPs have enabled microsoft's RFC2153 hack, _and_ you are
using the 'usepeerdns' option to pppd, then when the link comes up for IP,
the script /etc/ppp/ip-up is run, and has the environmental variables DNS1
and DNS2 which you can use. Additionally, pppd would in that case create
an /etc/ppp/resolv.conf file (NOTE: it does NOT mess with /etc/resolv.conf)
containing one or two 'nameserver' lines with the address(es) supplied by
the peer. It's all spelled out in the pppd man page. If the ISPs are not
running the microsoft hack, what I do in the /etc/ppp/ip-up script is to
look at the value of variable $5 (the remote IP address) and use it in a
'case' statement to copy the appropriate peer specific resolv.conf file to
/etc/ - the files contain the hard coded addresses for the appropriate ISP.
When the link goes down, /etc/ppp/ip-down is used to copy a generic file
back to /etc/resolv.conf.

Personally, since RFC1597 (replaced by RFC1918) created private IP addresses
the only valid reason to be using dynamic addresses is if your computers are
moving from one network to another. DHCP (and it's predecessor BOOTP) was
created for the situation of "to many computers, not enough addresses".
Microsoft adopted the concept as a way to let users with no idea what they
are doing, set up a computer. The burden is transferred to the MCSE who is
trying to set up the DHCP server.

Old guy

Moe Trin <(E-Mail Removed)> wrote:

Hi Moe-

> If not using multiple ISPs, just hard-code the thing. If using multiple
> ISPs _and_ those ISPs have enabled microsoft's RFC2153 hack, _and_ you are
> using the 'usepeerdns' option to pppd, then when the link comes up for IP,
> the script /etc/ppp/ip-up is run, and has the environmental variables DNS1
> and DNS2 which you can use. Additionally, pppd would in that case create
> an /etc/ppp/resolv.conf file (NOTE: it does NOT mess with /etc/resolv.conf)
> containing one or two 'nameserver' lines with the address(es) supplied by
> the peer.

A nit - I think you mean RFC 1877. The DNS/NBNS hack is implemented
within the IPCP protocol (RFC 1332), primarily used to negotiate the
peers' IP addresses and VJ compression.

--
Clifford Kite Email: "echo xvgr_yvahk-(E-Mail Removed)|rot13"
PPP-Q&A links, downloads: http://ckite.no-ip.net/

that dns caching sounds like what i am after, i will check into it.
thanks so much for the hints everyone! still looking for the solution,
it's probably here and i just need to investigate everything said and
experiment to see what works. old guy, extra thanks for taking so much
time to post such an in-depth response. to answer your question the
configuration is this ... i have a linux box with a verizon broadband
card in it, and i travel a lot, so i'm basically always connecting to
verizon's network but doing so at different points on that network
(different cities). travel companions are hooking to the linux box
over bluetooth, all that is already configured, and they get a dynamic
address whenever they connect up to my box. i don't know if verizon's
nameserver addresses are the same in every city, somehow i doubt it,
but maybe they are! in any case, i do occasionally make the link via
wi-fi or something else and i still want my travel companions to be
able to connect up through my linux laptop. so that's the situation,
sort of a roving internet access point you connect to with bluetooth.
could connect via wi-fi too if i could figure out how to make a wi-fi
access point using ipw2200 drivers, which i haven't figured out if
that's even possible yet.

thanks again for all the great responses.

In article <(E-Mail Removed)>, Clifford Kite wrote:

>Hi Moe-

Hi Clifford!

>A nit - I think you mean RFC 1877. The DNS/NBNS hack is implemented
>within the IPCP protocol (RFC 1332), primarily used to negotiate the
>peers' IP addresses and VJ compression.

That's what happens when you are quoting RFC numbers from memory.
rather than checking the list. Sigh

Old guy

In article <(E-Mail Removed) .com>,
purple_stars wrote:

>i have a linux box with a verizon broadband card in it, and i travel a
>lot, so i'm basically always connecting to verizon's network but doing
>so at different points on that network (different cities). travel
>companions are hooking to the linux box over bluetooth, all that is
>already configured, and they get a dynamic address whenever they connect
>up to my box.

OK - I'm not a verizon customer, but I see what you are trying to do.

>i don't know if verizon's nameserver addresses are the same in every
>city, somehow i doubt it, but maybe they are!

It wouldn't surprise me to see them being the same. Long ago in a galaxy
far away, before ibm.net sold their global network to at&t, any where you
went in the world and connected to them, the same nameservers worked with
no problem. A lot of other larger networks use the same concept.

Old guy