LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-13-2017, 08:55 AM   #1
fishkake
LQ Newbie
 
Registered: Dec 2006
Posts: 15

Rep: Reputation: 0
DHCP server and domain


Hi all

I've been building a DHCP server and router using iptables and isc-dhcp-server on Debian 8. I'm definitely slowly getting there, but I've hit another snag regarding DNS/DHCP.

I own a domain, lets call it beans.com. I've not set it up properly yet and at the moment it resolves to, lets call it 5.5.5.5 for simplicity.

My dhcpd.conf file looks like this (with some of the commented lines removed):
Code:
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "beans.com";
option domain-name-servers 194.168.4.100,194.168.8.100;
# ^ Note - these are my ISPs DNS servers

default-lease-time 86400;
max-lease-time 604800;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This is a very basic subnet declaration.

subnet 192.168.27.0 netmask 255.255.255.0 {
  range 192.168.27.101 192.168.27.199;
  option routers 192.168.27.70;
}
This is handing out IP addresses perfectly. I have a windows machine called BEAR and another called TEST. Both are running on 192.168.100 addresses dished out by this DHCP.

When I ping ANY hostname from these PCs, it pings thing.beans.com which resolves to 5.5.5.5. Even if I ping a host which doesn't exist.

Ultimately I want to be able to ping server.beans.com and mail.beans.com and baked.beans.com from the web and hit different servers in my house. But I also want to be able to ping BEAR from TEST and have it resolve to 192.168.x.x.

I'm guessing I need my router/DHCP to also be a DNS server which resolves local addresses and forwards remote addresses. I'm looking up BIND now but if there's a simpler way of doing this or a problem with my DHCP setup, I'd appreciate your advice.

Thanks!
 
Old 04-14-2017, 02:36 AM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 6,016

Rep: Reputation: 1175Reputation: 1175Reputation: 1175Reputation: 1175Reputation: 1175Reputation: 1175Reputation: 1175Reputation: 1175Reputation: 1175
For a small LAN environment consider using dnsmasq perhaps

https://wiki.debian.org/HowTo/dnsmasq
 
Old 04-14-2017, 01:12 PM   #3
fishkake
LQ Newbie
 
Registered: Dec 2006
Posts: 15

Original Poster
Rep: Reputation: 0
I was gradually getting a bit lost in BIND. Hadn't heard of dnsmasq, my rampant googling was apparently not appropriately aimed. I will look in to it now, thank you!
 
Old 04-14-2017, 02:50 PM   #4
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
The reason that everything is resolving to 5.5.5.5 is because you have a wild card entry in your DNS zone file that points to 5.5.5.5 not because of DHCP. If you only want things to resolve that are real then you have to remove the wildcard from your DNS.
 
Old 04-14-2017, 02:59 PM   #5
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
You need to allow your DHCP server to update your DNS server with the names and IP Addresses of the systems it assigns IP's to so you can ping them internally.

Reaching your systems from the internet is another story and requires a lot more then just setting up DHCP and DNS. Now you need to protect everything andf you need to setup your IPTABLES accordingly.
 
Old 04-15-2017, 10:47 AM   #6
fishkake
LQ Newbie
 
Registered: Dec 2006
Posts: 15

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by lazydog View Post
Reaching your systems from the internet is another story and requires a lot more then just setting up DHCP and DNS. Now you need to protect everything andf you need to setup your IPTABLES accordingly.
This is what was slowly dawning on me, but what I think I needed to hear. :-)

I'm not sure I understad what you mean by a "zone file" as I don't yet have a DNS server, I just have a DHCP server which assigns the ISP server. But for now I think I'll set up a server to be accessed from the internet as beans.com and worry about stuff.beans.com later on.

Also regarding protection, this is noted - at the moment my "protection" is provided by having nothing on this network which is at all sensitive, but I am well aware that before anything goes live, so to speak, I need to worry about security.

Thanks for your help!
 
Old 04-15-2017, 11:20 AM   #7
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
If you have a domain then you have a zone file. Where ever your domain is registered is where your zone file is and they most likely setup a wildcard in there to point all unknowns to the same ip address. Since you own a domain you should have access to this domain on their dns server. Just log in and check.

Just because you are pointing your machines at your ISP's dns server if you are using your domain your ISP is going to query the site that is hosting your domain.

Quote:
But I also want to be able to ping BEAR from TEST and have it resolve to 192.168.x.x
You can set your public dns sever to resolve these names to a private IP Address so you can use your domain and still get to these servers internally. Now if you are going to use these servers on the public IP then you cannot setup the same name to point to both your public ip and your private ip.

If you do not plan on hosting your own public DNS server then dnsmasq might be the best option fo you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem on acquiring IP addr. on client from dhcp server through dhcp relay server haariseshu Linux - Server 5 08-10-2009 01:20 AM
File and print server with DHCP, acting as secondary DC on Windows domain - advise Dangle_kt Linux - Server 1 02-24-2009 04:48 PM
Solaris DHCP server doesn't send host/domain name to clients crisostomo_enrico Solaris / OpenSolaris 0 08-29-2008 06:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration