Running DNS locally for home network

106

53

I have a small home network that just got larger (new roommate, my existing roommate got a laptop (on top of her computer), my friends coming over with laptops, etc.).

I'd like to run a local DNS server for lookups of my local network stuff (fileserver.local, windowsTV.local, machineA.local, machineB.local, appletv.local). I used to have a business line with a static IP, and run bind/named internally. However, now I have a normal account.

My ISP's DNS servers are constantly changing (for whatever reasons my ISP doesn't like to keep the same IP range for long). I need my local DNS to be automatically updated to use my ISP's DNS for external traffic, but be able to maintain an internal DNS server (getting to update the hosts file is being a hassle with every new machine on top of rebuilding existing machines with win7 or Ubuntu 9.04).

Additionally, My ISP's DNS servers often crash or become unresponsive. Are there any open DNS servers that are reliable (I don't want to reconfig every day) that I could use as my primary, then if those fail, then use my ISP's?

UPDATE: Also looking for each workstation to be able to use dhcp to connect, but instead of getting ISP DNS servers, getting my internal one....

Roy Rico

Posted 2009-09-23T18:40:30.177

Reputation: 4 808

The new Google DNS servers are 8.8.8.8 and 8.8.4.4 in case anyone was wondering... – Tmanok – 2018-02-13T21:03:15.440

2There are at least 2 questions here: Local DNS config, public DNS servers. Post 2 questions next time. – hyperslug – 2009-09-23T19:09:11.663

18I agree, but i'm looking for an overall solution. each question on it's own would have a correct answer, but may not mesh, i'm trying to look for solution to both problems that works together. – Roy Rico – 2009-09-23T20:51:45.463

@RoyRico Did you ever find a good solution? I am trying to do the exat same thing witha Tomato router and am running into walls at every direction. – Jeff – 2012-12-15T03:04:25.657

If you have a linux box, here is how to setup DNSMASq in details -- http://sfxpt.wordpress.com/2011/02/06/providing-dhcp-and-dns-services-with-dnsmasq/

– xpt – 2014-06-15T23:29:25.487

Answers

17

If you want internal fake domains to work you can't configure your workstations with any DNS servers except your own. Once you set up BIND it can work by itself and you don't need your ISP's or any other non-authoritative DNS servers at all.

Bender

Posted 2009-09-23T18:40:30.177

Reputation: 906

1Further to @milli's point, your ISP's DNS may also override resolution of some domains to their private machines with faster/cached/unmetered content. Using public DNS can break those services or cost you more. – Walf – 2017-05-19T03:03:43.940

9However a good netizen will forward to their ISP's DNS caches if possible. The load on the root DNS servers is horrendous. Especially for small sites like this one, because it wouldn't scale if every household decided to go direct. (If you're worried about ISP tampering, use DNSSEC). – sourcejedi – 2013-05-01T18:53:46.617

1@sourcejedi, you misunderstand what a caching DNS server actually does.. it certainly doesn't pound on the root servers, it only bothers them maybe once a week. – milli – 2014-02-12T05:31:13.443

7There's a different reason why you should forward to your ISP DNS servers... you'll look like an ordinary client to them. If you don't and they see you have a system that's sending DNS queries all over the world, they're going to assume you're running a DNS server and might just throw a firewall rule in your face and hose you. You'll struggle to figure out what broke and probably waste hours trying to figure it out if/when that happens. – milli – 2014-02-12T05:32:53.453

88

Basically you need to run your own DHCP and DNS server. You're already running your own DHCP server if you have a typical router that gives out private IP addresses.

Your DHCP server must be configured to hand out your router IP as the gateway address, and your DNS server IP as the DNS server address, obviously.

Your DNS server must be configured to resolve a non-official top-level domain locally, such as .local, and then forward any other requests to another DNS. In BIND you need to add a forwarders { } section to your `/etc/bind/named.conf.options' which contains the public DNS servers you want to use to resolve non-local addresses. As other comments suggest, if you don't want to forward to your ISP's DNS servers, you can use OpenDNS, Google's public DNS servers, or 4.2.2.1/4.2.2.2 (I forget who does those).

If you are running your own DNS server, you need a box that will be on all the time, as all DNS queries on your home network will go through it. This box needs a fixed IP on your home subnet. Make sure it can't get bulldozed by DHCP, and the box itself should not be getting an IP via DHCP. If your DHCP is configured to hand out addresses from 192.168.1.1 to 192.168.1.100 for example, then give your DNS server the IP 192.168.1.101. In the usual situation of home routers you just need to simply tell the router that the DNS server is 192.168.1.101 and reboot.

If you can get a local DNS running on your broadband router, great, but a DNS server might benefit from lots of RAM for caching queries, depending on which DNS software you use. On my network I just use straight BIND. Sounds like you might have a little experience with that and for me it works great.

LawrenceC

Posted 2009-09-23T18:40:30.177

Reputation: 63 487

1Excellent answer! Thanks for the complete, clear info. I'll try setting this up on my local network soon. – Form – 2015-09-23T12:41:08.557

3Success! This approach is sound. Setting a fixed IP outside of the addressable range / avoiding DHCP for the DNS box is especially relevant. Thanks! – Form – 2015-09-25T00:57:26.247

@Hengjie what is Layer 3? – Jonathan – 2018-01-04T21:05:54.817

Layer 3 is a datacenter provider as well as a network provider. They also happen to provide rock solid DNS servers. – Hengjie – 2018-01-10T17:22:42.970

44.2.2.1/4.2.2.2/4.2.2.3 are from Layer 3. – Hengjie – 2012-11-28T11:42:32.670

15

Are there any open DNS servers that are reliable

You said it: OpenDNS.

208.67.222.222
208.67.220.220

hyperslug

Posted 2009-09-23T18:40:30.177

Reputation: 12 882

OpenNIC Project provides better privacy and cares about DNS Neutrality. – goetzc – 2016-11-12T14:44:24.957

1

Note that OpenDNS is now Cisco, and Cisco has strong ties to the NSA https://www.cisco.com/c/en/us/about/corporate-strategy-office/acquisitions/opendns.html

– Jonathan – 2018-01-04T21:07:03.993

12Google's public DNS servers at 8.8.8.8 and 8.8.4.4 are also pretty good. – LawrenceC – 2011-02-16T14:30:51.863

@bortzmeyer: Also, you can turn the "redirect nonexistent domains to searches" (mis)feature off, although you may need to create an account on the opendns site to do so. – Dave Sherohman – 2011-02-16T15:26:51.177

3

I would also look at http://www.aboutdebian.com/dns.htm for a good overview of the different ways you can setup your own dns server.

– Kenneth Cochran – 2009-09-23T19:04:15.900

1+1 for OpenDNS. I use it both at work and at home. Fantastic service. – DWilliams – 2009-09-24T00:19:34.893

4Be careful that OpenDNS name servers are liars: they rewrite DNS responses, to direct you to an ad service or to censor some destinations. – bortzmeyer – 2009-09-24T07:55:13.143

1@bortz, I haven't seen them lie about it, but they do redirect to their landing page + ads in case of malformed URL's. The censoring is opt-in and is off by default. – hyperslug – 2009-09-24T17:24:35.730

6

If you are running Windows - you should take a look at Simple DNS Plus - it is a full DNS server that also comes with a DHCP server plug-in - and has an easy-to-use GUI.

[Note: the product is developed by the author of this post]

Jesper

Posted 2009-09-23T18:40:30.177

Reputation: 877

Just mentioning this is not a free solution. 14-day trial and educational licensing is offerred. Otherwise you'll pulling dough somewhere between $70 > $300 – CyberFox – 2019-03-11T02:43:34.377

I'm running windows as one of my machines, but it's not always on. Linux machine is usually on. – Roy Rico – 2011-01-25T01:31:17.210

5

Unbound is pretty easy, supports bind style config files and fairly reliable. If the server will be a stand-alone 'gateway' type box, and you'd like a few extra niceties, you might want to take a look at the firewall/gateway distro called untangle as well.

Journeyman Geek

Posted 2009-09-23T18:40:30.177

Reputation: 119 122

4

If you have a linux box then you'd want to setup DNSMASq got your local addresses and use it as a forwarding/caching DNS server for external addresses. This is also often what is used on linux distributions for home routers such as openwrt/ddwrt/tomato.

Alternately, on mostly Apple/Mac networks you'd be using Bonjour/Zeroconf which both Linux and Apple computers can communicate on for broadcast level DNS/service resolution.

That being said, on a purely hybrid network with all three OS running, you'll definately want a local DNS server with forwarding to either OpenDNS, GoogleDNS, or your local ISP DNS depending on your location/needs.

jonathanserafini

Posted 2009-09-23T18:40:30.177

Reputation: 2 464

2

4.2.2.1 & 4.2.2.2 are what I use

edit: that is, in regard to public servers. Easy to remember and I don't think I've seen them fail since I've been using them.

DHayes

Posted 2009-09-23T18:40:30.177

Reputation: 2 103

They are open DNS servers, free for public use. They are both fast and reliable. – Walter – 2010-03-03T03:16:51.063

3I have seen 4.2.2.2 fail enough for our customers (who require reliable DNS for credit card processing!) that I always change these to Google's Public DNS or OpenDNS whenever I see them. Changing away from Verizon's servers always clears this problem immediately. – Stephen Jennings – 2010-03-03T03:28:42.443

Iv'e seen those before. Who runs those? Are the public allowed to use them? how reliable are they? – Roy Rico – 2009-09-23T18:46:15.123

Verizon. Seems like they don't care. Very. – hyperslug – 2009-09-23T18:55:51.610

2

Any Broadband router delivers both DNS & DHCP services for the local network. If you want INcomming connections from internet to local machines you need a router that also supports DynDNS and Incomming PortForwarding.

If you pick one from the DD-wrt supported hardware list you can flash it with that Firmware and it will support any feature you could ever need in your small network.

Nikolaas

Posted 2009-09-23T18:40:30.177

Reputation: 31

4I don't think that most broadband routers provide for DNS service, at least not with the provided firmware. Most just provide DHCP and use that to tell your systems to use your ISP's DNS servers. Now, if you flash on a 3rd party firmware like DD-WRT, OpenWRT, or Tomato, then they can provide DNS services as well. – afrazier – 2011-02-16T15:00:16.907

1

Some free DNS servers you can use for forwarding:

1.1.1.1 - Cloudflare
1.0.0.1 - Cloudflare
4.2.2.1 - Layer 3
4.2.2.2 - Layer 3
4.2.2.3 - Layer 3
8.8.8.8 - Google
8.8.4.4 - Google
208.67.222.222 - OpenDNS
208.67.220.220 - OpenDNS

JCA122204

Posted 2009-09-23T18:40:30.177

Reputation: 31

1

For running a DNS server on your LAN, take a look at 'pdnsd' which is a nameserver for *nix.

Zuu

Posted 2009-09-23T18:40:30.177

Reputation: 111

0

If you download the DNS benchmark program from link text, it will benchmark a list of public DNS servers as well as your local DNS server. After running this program, try putting a copy of the fastest servers into the DNS setting on your router and then renew your DHCP session and running the test again.

If your router allows it, add both the router and one of the fast external DNS servers to the list of DNS servers that it hands to DHCP client (but pick a different one from the one that you entered for the router DNS server addresses).

Walter

Posted 2009-09-23T18:40:30.177

Reputation: 446

0

I had a similar problem. I bought an OpenWRT compatible router and installed OpenWRT. It offers static IP binding along with name resolution in the router, which enabled me to give names to my computers and devices in the network as I wish.

Guy

Posted 2009-09-23T18:40:30.177

Reputation: 1

0

For hostname resolution maybe mDNS/DNS-SD using avahi could solve the problem more easily:

Check if you already have the service running:

systemctl status avahi-daemon.service

If not, install avahi-daemon (service) and avahi-utils (avahi-browse command) packages. Once the hosts has the service and hostname set correctly:

avahi-browse --all --ignore-local --resolve --terminate

Related links

Pablo A

Posted 2009-09-23T18:40:30.177

Reputation: 369

-1

Maybe I'm saying something stupid. In this case I would simply add IP and names to the hosts files on the individual machines..

192.168.0.120 tv.local

192.168.0.80 studiopc.local

Stefano

Posted 2009-09-23T18:40:30.177

Reputation: 11

Asked: 2009-09-23T18:40:30.177

Viewed: 402 013 times

Active: 2019-12-31T05:06:10.563