[solved] dnsmasq for the box running dnsmasq

schmeggahead

I am bringing up a box to provide DNS service for my LAN using dnsmasq

I know I need to set the dns server on my router to specify that box.
I was wondering if there was a way to specify to dhcpcd on the dnsmasq box to add 127.0.0.1 to the nameserver list used by that box.

It looks like it has something to do with dhcpcd-run-hooks but I am having difficulty finding the specs.

I would rather control all of the dhcp assignments from the router including the dns server but have the dns server override the dns server sequence to add the local box.

ok, so do I get a big duh for this one? if I add the local dnsmasq server address as the first server, all requests should go to that server regardless of whether it is local or not. oy. :oops:

Bones McCracker · Veteran Joined: 14 Mar 2006 Posts: 1611 Location: U.S.A.

Also, unless you have a static IP address (i.e., on your external interface, from your ISP) you may want to look into using net-dns/openresolv. This immediately propagates changed dns server addresses to dnsmaq, in the event a dhcp update from your ISP specifies different ones. This may or may not be an issue for you.

schmeggahead · Posted: Wed Mar 25, 2009 10:31 am Post subject:

I wanted to use DHCP for my dnsmasq machine (I can specify a reserved ip address my mac on my router)
I'm using a dlink router (http://support.dlink.com/products/view.asp?productid=DIR-655) and it has the availability of specifying 2 dns addresses. I'm wondering if I only specify 1, if it will obtain a second.
That would be the only way propagation would work since I have to specify my private name server in the list.

That's the only way I know of to tell the other machines locally to use my nameserver.

Bones McCracker · Veteran Joined: 14 Mar 2006 Posts: 1611 Location: U.S.A.

dnsmasq itself can act as your dhcp server for your LAN. In that role, it can tell your machines on the LAN to use the dnsmasq machine as their DNS server.

The benefit of using dnsmasq as both a dhcp and dns server is that it integrates the two functions, providing you local name resolution within your LAN.

For example, when a client ("someclient") connects to it for dhcp, it gets assigned an IP address, and is told to use the dnsmasq machine for DNS queries. At that time, the client also reports its hostname ("someclient") to dnsmasq. dnsmasq then creates a record in its local DNS database that associates "someclient" with the IP address it assigned to the client. From that point forward, from any of the clients on your LAN, you can say "ping someclient" or "ssh someclient" and it will work (without having to use zeroconf or the like).

cyrillic

Bones McCracker · Veteran Joined: 14 Mar 2006 Posts: 1611 Location: U.S.A.

cyrillic

schmeggahead · Posted: Sun Mar 29, 2009 3:57 pm Post subject:

So here's my problem:

I have a router that will allow DHCP reservations and can manage port opening on those servers, so I can have all of it in a central location, where if I use dnsmasq as my dhcp server, then I have none of that integration.

If I use dnsmasq as my name server, then I have to coordinate the DHCP reservations with dnsmasq (I'm not sure how difficult this will be BTW).

So I'm truly only bringing up a name server because I want to have my machines use AFS servers. I have about 15 machines total to be working with that may be repurposed as I figure out the best layout of the operation. I'd like to be able to use a name server to provide alias names such as my rsync server(s), dns servers(s), afs servers(s), log server(s), etc. as well as having these boxes have host names that do not necessarily reflect their purpose.

I believe I need DNS to do this effectively, although I really can't use DNS to discover DNS servers (can I?).

I am using this setup purely to gain a better understanding of the whole computing space a piece at a time and to help me organize and summarize information useful to me and potentially to others in similar circumstances. I would like experience in making public and private space and understanding the threats and security issues with creating such spaces.

So here's my to do list:
1. Bring up a DNS server
current challenges: I don't know how to specify things in dnsmasq (because my knowledge of BIND, DNS records is limited - currently reading RFC1912) such as multiple names for the same host, handling a intranet only domain name and DNS service, whether to continue to use the router for DHCP (nice web view of assigned IPs and setting IP reservations) or have the DNS machine use static IP and gateway/dns of the router (the router supports DNS forwarding, so my DNS server to forward would be handled by the router). I also plan to use dnswalk and dlint to look for dns setup issues.
2. Bring up a Kerberos server
I am totally new to kerberos and am reading the administraters guide and have the guide translated from german here-> https://forums.gentoo.org/viewtopic-t-449221-highlight-kerberos+howto.html so I've seen the PAM kerberos security alerts and know I need to check the versions on that.
3. Bring up an AFS server
I have brought up the server to some extent and failed miserably to create the first afs.root and realizing I haven't brought up kerberos, this is entirely on hold. I have had mixed responses on the openafs chat room and have an idea the I need a DNS server, kerberos server, ntp server/ntp, and separate partitions for cache on the linux boxes (not the windoz boxes), exclude the openafs cache from virus scanners on windoz boxes.

cyrillic · Posted: Mon Mar 30, 2009 10:36 pm Post subject:

schmeggahead · Posted: Tue Mar 31, 2009 12:58 am Post subject:

do you have a dedicated machine to run as the router or do you just ditch the dhcp part of the router?