Proper DNS and DHCP for your LAN

If you are like me you don’t like the fact that most routers do a terrible job at providing DNS for the LAN-side. Sure, routers are easy to setup and will get you up and going quickly, but most of them suck in more advanced areas. I mean is it too much to ask for to be able to type in a hostname or IP address and have a consistent experience across all devices? Also, what about if I know an IP address but I have no idea what devices it belongs to. I don’t want to login to the router and search the logs for a Mac address that I may or may not recognize and I don’t want to waste time running nmap to try and fingerprint the system in hopes of identifying it. The router should provide reverse DNS lookup so I don’t have to! Oh and don’t get me started about the crappy DNS servers that ISPs provide!

So what we will be doing here is setting up BIND and DHCPd for our local network. It will provide IP address to our devices, register host (DNS) names, provide a local DNS server for queries, and give us reverse DNS.

Before we get started make sure you install dhcpd and bind9. You will probably also want to install bind-tools or whatever your distro calls it.

Now we will configure dhcpd by editing /etc/dhcp/dhcpd.conf and setting the following options (snippet):

server-identifier 192.168.1.1;
authoritative;
option routers 192.168.1.1; # use main router
option domain-name-servers 192.168.1.1;
option domain-name “<YOUR DOMAIN>”;
ddns-domainname “<YOUR DOMAIN>”;
ddns-rev-domainname “in-addr.arpa”;
ddns-update-style interim;
ddns-updates on;
allow client-updates;
update-conflict-detection false;
update-static-leases on;
include “/etc/bind/rndc.key”;
zone <YOUR DOMAIN ZONE> {
primary 127.0.0.1;
key rndc-key;
}
zone 1.168.192.in-addr.arpa {
primary 127.0.0.1;
key rndc-key;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.254;
default-lease-time 259200;
max-lease-time 518400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
allow unknown-clients;
zone <YOUR DOMAIN> { primary 192.168.1.1; key rndc-key; }
zone 1.168.192.in-addr.arpa { primary 192.168.1.1; key rndc-key; }
}

Next we will be editing /etc/bind/named.conf. Under ‘acl “trusted”‘ add the hosts IP address. Then under the zone section you will want to add two new ones:

zone “<YOUR DOMAIN>” IN {
type master;
file “pri/<YOUR FILE>.zone”;
allow-query { any; };
allow-transfer { any; };
notify yes;
allow-update { key “rndc-key”; };
};

zone “1.168.192.in-addr.arpa” IN {
type master;
file “pri/rev.zone”;
allow-query { any; };
allow-transfer { any; };
notify yes;
allow-update { key “rndc-key”; };
};

Create a normal BIND zone config file under /etc/bind/pri/<YOUR FILE>.zone and also create a /etc/bind/pri/rev.zone just like a normal zone file except swap out the SOA domain with “1.168.192.in-addr.arpa” and the origin will be “$ORIGIN 1.168.192.in-addr.arpa.” Other than that it should look like a standard BIND zone config.

At this point we can disable the DHCP and DNS on the existing router and start dhcpd and named on the new one. Be sure to test it out before calling it “good” and walking away.

router ~$ host foo
foo.<YOUR DOMAIN> has address 192.168.1.230

router ~$ host 192.168.1.230
230.1.168.192.in-addr.arpa domain name pointer foo.<YOUR DOMAIN>.

We are all set and can sleep soundly knowing that our network works correctly!