DNS with DHCP on NAT router

I am using NAT on a debian sarge gnu linux box to share a cable
internet connection. The linux box has two ethernet cards. One (eth0)
is connected to the cable connection and gets it's connection details
from my ISP's DHCP server. The other (eth1) is connected to a network
switch into which I have connected a very simple wireless access
point. My clients are mostly windows machines with wireless cards.

I have got DHCP to work and it is leasing IP addresses over the
wireless connection to the clients which is great. However I want the
clients to automatically get the correct DNS addresses and I am not
sure what to do or even where to start.

Is DHCP-DNS what I want?

Should I be running my own DNS server (which caches the others?) or
simply get the clients to use the DNS servers automatically provided
by my cable company?

Should I just give up and hard code the DNS servers into the clients
on the assumption that my cable company will keep them on the same IP
for a long time?

Please be verbose and patronising ;->

Timie Milie

> Is DHCP-DNS what I want?

I recommend you look into `dnsmasq'.


Stefan

> I am using NAT on a debian sarge gnu linux box to share a cable
> internet connection. The linux box has two ethernet cards. One (eth0)
> is connected to the cable connection and gets it's connection details
> from my ISP's DHCP server. The other (eth1) is connected to a network
> switch into which I have connected a very simple wireless access
> point. My clients are mostly windows machines with wireless cards.
>
> I have got DHCP to work and it is leasing IP addresses over the
> wireless connection to the clients which is great. However I want the
> clients to automatically get the correct DNS addresses and I am not
> sure what to do or even where to start.
>
> Is DHCP-DNS what I want?
>
> Should I be running my own DNS server (which caches the others?) or
> simply get the clients to use the DNS servers automatically provided
> by my cable company?

Hi Tim. I think the short answer to your question is that you should be
able to configure whatever DHCP server you're using to tell your LAN
clients as part of the DHCP lease process what their DNS servers are.

I have the same setup as you and I use dnsmasq for as a DNS and DHCP
server for my LAN. dnsmasq is both a cacheing DNS forwarder, and a DHCP
server. That means it can do several things for you:

- Act as a DNS server for your LAN. It will resolve queries about LAN
hosts based on whatever information you give it, e.g. /etc/hosts on the
server.

- Forward queries that it doesn't know how to resolve upstream to your
ISP's DNS servers, and return the result to your LAN clients.

- Cache the DNS results from upstream, so the next time your LAN client
asks for the same host address again, it can answer from cache, speeding
up the result, especially if you have a slow external link.

- Act as a DHCP server for your LAN. As part of the DHCP setup, it will
(by default, you can configure it otherwise) tell your LAN clients to
use itself as the DNS server.

This is a pretty efficient setup, and it's pretty easy to configure,
too. Mainly I just read the man page and the example /etc/dnsmasq.conf
file. A few wrinkles:

If you get your external IP address by DHCP, then you have a DHCP
client-- pump, or dhcpd, or whatever-- that is getting the addresses of
your ISP's DNS servers and writing them into /etc/resolv.conf. If you
use dnsmasq as your DNS server, then you should change this:

- /etc/resolv.conf on the server should now contain only

nameserver 127.0.0.1

which will cause clients running on the server to get their name queries
answered by dnsmasq.

- You have to configure your external DHCP client to put the ISP's name
servers into, say, /etc/resolv.dnsmasq instead of /etc/resolv.conf.

- In /etc/dnsmasq.conf, set

resolv-file=/etc/resolv.dnsmasq

so dnsmasq will know where to look for the name server addresses.

Good luck,
Andrew.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

On Mon, 30 Aug 2004 11:38:55 -0700, Tim Milstead wrote:

> I have got DHCP to work and it is leasing IP addresses over the wireless
> connection to the clients which is great. However I want the clients to
> automatically get the correct DNS addresses and I am not sure what to do
> or even where to start.

Do you mean the correct addresses of the DNS servers of your ISP, or do
you mean you want your clients to register their addresses in the DNS
correctly? If you mean the former then try this. I am making the
assumption that you are using the ISC dhcpd daemon as your dhcp server. If
so you can specify the DNS settings to give in the dhcpd.conf file, from
the man page:

Notice that at the beginning of the file, there's a place
for global parameters. These might be things like the
organization's domain name, the addresses of the name servers
(if they are common to the entire organization), and so on. So,
for example:

option domain-name "isc.org";
option domain-name-servers ns1.isc.org, ns2.isc.org;

However, above looks erroneous. How do you look up the IP address of
ns1.isc.org if you do not yet have a DNS server IP address to query. Also
the Book (The DHCP Handbook) states that DHCP option 6 is a list of DNS
server IP addresses, which makes more sense.


> Is DHCP-DNS what I want?

If you mean the latter, then yes.

> Should I be running my own DNS server (which caches the others?) or
> simply get the clients to use the DNS servers automatically provided by
> my cable company?

It is pretty trivial to set up a caching bind server, most distros ship
with one. If you use this then you do not have to rely on your ISP. Why
not use both? Have the first resolver in your resolv.conf file to point
to your local caching server, and the others to point to your ISP's. This
would allow you to use yours, but fail over to your ISPs if your server
went down.

> Should I just give up and hard code the DNS servers into the clients on
> the assumption that my cable company will keep them on the same IP for a
> long time?

If you don't have may hosts you can do this. Most ISPs have the sense to
keep these things stable for far longer than the life of your average PC.



--
Gareth Ansell
UNIX Team
Computing Services
Coventry University