SETTING UP A RASPBERRY PI AS A DHCP AND DNS SERVER
- If dnsmasq is used as dhcp server, the local hostnames are automatically added “on the fly” to its dns cache. No need for an additional daemon.
- Dnsmasq is easier to install, and administrate than ISC dhcp-server+bind
- Its lease file is much easier to parse if need arises.
- Dnsmasq takes up less memory and CPU than ISC dhcp-server + Bind (approx. 10 times less)
- Dnsmasq does not bypass the kernel firewall rules like ISC daemon allegedly does in some configurations.
There is a package for the Pi and so you can install it in the usual way using apt-get.
- DNS forwarding and cache – You still use your existing DNS (be it your ISP’s DNS, Google public DNS, or OpenDNS) for accessing the Internet. In theory, the caching it provides could increase performance, though I don’t have any expectations about that.
- DNS for static IPs – Define domain names for devices with static IPs on your network.
- DHCP – General DHCP provider.
- DNS for DHCP clients – For any client that leases an IP from dnsmasq, it will also provide a domain name to that IP. Essentially your own internal dynamic DNS.
PICKING INTERNAL DOMAIN NAMES
I started out planning to pick some TLD not used by ICANN (e.g.
.home) for my internal domains. Most posts I read on this subject recommended against that in case ICANN decided to use it in the future. Honestly, I don’t expect that to be an issue, but I followed their advice anyway.
The recommendation was to stick with a domain you already own and designate a subdomain for all of your internal hosts to be assigned under. For example, if you own
mydomain.com, you could designate
lan.mydomain.com to be the root for all of your internal domains. A device might then be assigned
mydevice.lan.mydomain.com. Gets a little wordy, but at least the namespace is safe.
At the Pi command line use apt-get update to download any package updates and then write the changes to the local package cache.
sudo apt-get update
sudo apt-get upgrade
In newer Raspian versions, interface configuration is handled by
dhcpcd by default. We need to tell it to ignore
wlan0, as we will be configuring it with a static IP address elsewhere. So open up the
dhcpcd configuration file with:
sudo vi /etc/dhcpcd.conf
and add the following line to the bottom of the file:
Note: This must be ABOVE any
interface lines you may have added (if you have added any)!
Restart the service and check is all running:
sudo service dhcpcd restart
sudo service dhcpcd status
Install the server software.
sudo apt-get install dnsmasq
The next step is to modify the configuration file to suit your requirements. This configures how the DNS server and the DHCP provider should behave. I’ll discuss the main options I used, but the example configuration file provided with the install has good documentation.
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig sudo vi /etc/dnsmasq.conf
Paste the following into the new file:
# Use interface wlan0 interface=wlan0 # Explicitly specify the address to listen on listen-address=192.168.77.254 # Bind to the interface to make sure we aren't sending things elsewhere bind-interfaces # don't forward unqualified names (e.g. myserver) domain-needed # won't forward some non-routed addresses bogus-priv # won't forward requests for the intranet subdomain local=/nissan.hfcs.local/ # Assign IP addresses between 192.168.77.50 and 192.168.77.150 # with a 12 hour lease time dhcp-range=192.168.77.50,192.168.77.150,12h # Forward DNS requests to the local DNS and then Google DNS server=172.16.77.254 server=220.127.116.11 server=18.104.22.168 # append the domain (below) to all hosts domain=nissan.hfcs.local # Use the /etc/ethers file to specify static mappings read-ethers
Save the changes.
This shouldnt need to be touched as it should get the details by DHCP from the local LAN. Mine is:
# Generated by resolvconf
You’ll want to leave the existing contents, but add the host names for any of your devices using static IPs. You do not need every device listed in here, just the ones you want to be addressable via a domain name.
<IP> <host name>, and the host name should only be the lowest level qualifier of the host (not the full domain name). For example, if you want a device to be
mydevice.lan.mydomain.com, only specify
192.168.1.301 mynas 192.168.1.302 webserver
This is only needed if you have a few devices you want to assign static IPs to, but can’t or don’t want to configure the static IP on the devices themselves.
This is simply a
<MAC> <IP> formatted file, with one mapping per line, for example:
00:00:00:00:00:00 192.168.0.200 00:00:00:00:00:01 192.168.0.201
Run the following command
sudo service dnsmasq start
you can always check the status of the DHCP server with
sudo service dnsmasq status
To start the daemon services. Verify that they start successfully (no ‘failure’ or ‘errors’)
Then to make it so it runs every time on boot
sudo update-rc.d dnsmasq enable