DNS Setup Help Needed for LAN

[Aurora007]

I'm trying to set up a DNS for our internal network. I have been unable to find good information on how to do this on a network that does not have internet connection. I do have bind installed on our Fedora 14 server but I have not yet attempted to configure bind. We have about 15 various window machines on our network.

I am currently using hosts files to resolve names but I'm trying to make it easier when we configure new machines on our system.

One other question: On server network configuration what do i use for gateway address since we do not have an internet connection.

Any help would be greatly appreciated, I have been searching for quite some time and am starting to get a little frustrated.

[jpollard]

You might have a simpler use in "dnsmasq". It is designed for small sites.

Bind is designed as a robust large scale server, but has several configuration demands on it - forward lookups, reverse lookups handled separately.

dnsmasq handles basic DNS queries, but will forward unknowns to a real dns server for offsite use.

In addition it handles DHCP, which simplifies the configuration of clients.

[RHamel]

The best all around book in my opinion is TCP/IP network administration by Craig Hunt.

[Aurora007]

Thanks, I will take a look at "dnsmasq" and also check out that book.

---------- Post added at 05:13 PM ---------- Previous post was at 05:11 PM ----------

Quote:

Originally Posted by RHamel

The best all around book in my opinion is TCP/IP network administration by Craig Hunt.

Quote:

Originally Posted by jpollard

You might have a simpler use in "dnsmasq". It is designed for small sites.

Bind is designed as a robust large scale server, but has several configuration demands on it - forward lookups, reverse lookups handled separately.

dnsmasq handles basic DNS queries, but will forward unknowns to a real dns server for offsite use.

In addition it handles DHCP, which simplifies the configuration of clients.

Thanks, I will take a look at "dnsmasq" and also check out that book.

[stevea]

I can post a dnsmasq example for you - but do you have a route up constantly to serve DNS ?

If not, then 'avahi' (aka zeroconf) might be a good solution. I haven't set it up in years however.

[Aurora007]

Quote:

Originally Posted by stevea

I can post a dnsmasq example for you - but do you have a route up constantly to serve DNS ?

If not, then 'avahi' (aka zeroconf) might be a good solution. I haven't set it up in years however.

Thank you, I would really like to see a dnsmasq example, I have started to work with it some on my test server. I did plan on using avahi, I'm hoping to be able to spend some more time on it this week.

[Aurora007]

Thank you for your help!

[stevea]

Her is one dnsmasq config file ....

Code:

interface=eth0
resolv-file=/tmp/resolv.dnsmasq
domain=localdomain
dhcp-option=lan,3,192.168.42.1
dhcp-authoritative
dhcp-range=lan,192.168.42.100,192.168.42.127,255.255.255.0,99999m
dhcp-host=00:11:10:EB:53:4E,bigboyblue,192.168.42.20,infinite
dhcp-host=00:24:23:29:54:72,chumby,192.168.42.21,infinite
dhcp-host=9B:A1:EF:00:18:59,obiwan,192.168.42.22,infinite

interface=eth0
dnsmasq only serves on the eth0 interface in this example. If you don't specify then it uses all interface (not appropriate for a routers WAN interface.

resolv-file=/tmp/resolv.dnsmasq
The resolv-file line is unneeded if you have no inet access. Otherwise it passes unresolved names onto an upstream DNS server. The file looks like an /etc/resolv.conf file where only the nameserver lines are used. This is a list of google DNS servers ....

Quote:

nameserver 8.8.4.4
nameserver 64.102.255.44

domain=localdomain
This is the domain name. Unless you pay for an inet domain don't make one up. 'localdomain' is safe for use.

dhcp-option=lan,3,192.168.42.1
This says 192.168.42.1 is the gateway. If you have no inet access then use 0.0.0.0, or delete this line.

dhcp-authoritative
This should be used if this is the only DHCP server on the LAN.

dhcp-range=lan,192.168.42.100,192.168.42.127,255.255.25 5.0,99999m
This says the dnsmasq also serves IP addresses via DHCP, and range of addresses is 192.168.42.100...192.168.42.127 with a mask of 255.255.255.0 and a lease time of 99999 minutes.

dhcp-host=00:11:10:EB:53:4E,bigboyblue,192.168.42.20,in finite
...
These dhcp-host lines give fixed IP addresses to some MAC address devices. Also dnsmasq reads the /tc/hosts for fixed IP assignments and serves this to other systems.

If you dhcp to this server to get an IP address, AND your hostname is setup, then the dnsmasq server will give you a /etc/resolv.conf like this:

Quote:

$ cat /etc/resolv.conf
# Generated by NetworkManager
domain localdomain
search localdomain
nameserver 192.168.42.1

And when you get the IP address via NetworkManager then the DNSmasq server will record the `hostname`.localdomain to the IP address. So you don't need to give each system a fixed IP address.

If you use 'network' instead of 'NetworkManager' then you will need to modify the client /etc/sysconfig/network-scripts/ifcfg-eth0 (or other interface name) and add a line like ...
DHCP_HOSTNAME=hypoxylon.localdomain
and then when the dhcp takes place, the client passes it's hostname (hypoxylon.localdomain in this example) to the dnsmasq dns server.

If you use one of the fixed names above or one of the dynamically recorded names from dhcp - then the dnsmasq dns server replies with the correct IP so for example

Code:

 [stevea@crucibulum ~]$ ping chumby
PING chumby.localdomain (192.168.42.21) 56(84) bytes of data.
64 bytes from chumby.localdomain (192.168.42.21): icmp_req=1 ttl=64 time=56.4 ms
64 bytes from chumby.localdomain (192.168.42.21): icmp_req=2 ttl=64 time=3.27 ms
...

[stevea@crucibulum ~]$ ping hypoxylon
PING hypoxylon.localdomain (192.168.42.103) 56(84) bytes of data.
64 bytes from hypoxylon.localdomain (192.168.42.103): icmp_req=1 ttl=64 time=2.30 ms
64 bytes from hypoxylon.localdomain (192.168.42.103): icmp_req=2 ttl=64 time=207 ms
....

If that's not clear. please ask.

[Aurora007]

Thank you stevea, this is very helpful. I do have one question:

Quote:

Originally Posted by stevea

resolv-file=/tmp/resolv.dnsmasq
The resolv-file line is unneeded if you have no inet access. Otherwise it passes unresolved names onto an upstream DNS server. The file looks like an /etc/resolv.conf file where only the nameserver lines are used.

My understanding is you only change the resolv-file line if you want to get upstream servers from somewhere other than /etc/resolv.conf. If I don't have inet do I just leave /etc/resolv.conf blank?

Thank you again for your assistance.

[stevea]

Quote:

Originally Posted by Aurora007

Thank you stevea, this is very helpful. I do have one question:



My understanding is you only change the resolv-file line if you want to get upstream servers from somewhere other than /etc/resolv.conf. If I don't have inet do I just leave /etc/resolv.conf blank?

Thank you again for your assistance.

That is correct. If you have no gateway and no inet access, then just delete this line.

---------- Post added at 09:15 PM ---------- Previous post was at 09:08 PM ----------

Assuming you use 192.168.42.0/24 as your LAN subnet, you want to dhcp addresses 192.168.42.{100...127) served, and have no inet access, then your config looks like (untested)...

Quote:

domain=localdomain
dhcp-authoritative
dhcp-range=lan,192.168.42.100,192.168.42.127,255.255.25 5.0,99999m
dhcp-host=00:11:10:EB:53:4E,bigboyblue,192.168.42.20,in finite
dhcp-host=...OTHER FIXED ADDRESSES...

If you have no fixed IP addresses,then drop the "dhcp-host=..." lines.


DSNMASQ is a sweet little tool that combines DNS, DHCP and BOOTP/TFTP/PXE service in one simple to configure tool. If you have less than 100 devices on your LAN it's the no-brainer optimal choice.

[Aurora007]

Many thanks stevea, I finally got a chance to test your suggestions. Everything worked perfectly, with your help everything works exactly as I wanted. DNSMasq is a great tool!

[stevea]

Not only serves DNS but it's a single tool you can use to setup PXE or network boots of embedded boards - that is it supportes DHCP, TFTP, DNS BOOTP on one simple to config package.
Hats off to Simon Kelley.