Can I configure BIND to query my router for LAN addresses?

As is common with home routers, my router, an ASUS RT-N66U, is configured to act as a caching nameserver for my LAN. It looks like the router uses dnsmasq for name service. The router also offers DHCP service, and allows reserving IP addresses for particular MAC addresses -- local-only, RFC 1918 addresses of course. Conveniently, this router allows name resolution for those reserved IP addresses. So, at the command line, "ping mykids-pc" will correctly resolve the local IP address for that device and successfully ping it.

On my Linux desktop, I have BIND configured both as a caching nameserver, and as an authoritative server for virtual machines I run on my Linux desktop. So, "ping centos.posix.test" will resolve the IP and successfully ping it.

The problem is, I can't find a way to do both conveniently at the same time. I haven't figured out how to get BIND on my desktop to use the router as a forwarder for RFC 1918 addresses, or how to configure dnsmasq on my router to use my desktop as a forwarder.

Is there a way to do this?

bgvaughan

Posted 2012-08-23T21:33:13.120

Reputation: 444

You can't configure a DNS server to forward requests for specific addresses, since it won't know the address until after the name gets resolved... You can, however, configure Bind9 to forward requests for specific domains, using zone "foo" { type forward; forwarders ... }; is one possible way. – user1686 – 2012-08-24T00:33:40.860

That pretty much gets at the central problem; given my current setup, I can't actually do both things at once. – bgvaughan – 2012-08-28T11:22:50.990

Answers

I believe you could put the DHCP allocated computers into a subdomain and use DNS delegation to hand-off queries to the router whilst still maintaining ISP nameservers as forwarders.

So your Linux desktop would be authoritative for example.com, containing centos.example.com etc. The router would be configured to be authoritative for dhcp.example.com containing mykids-pc.dhcp.example.com etc.

You just need to add the appropriate delegation records.

RedGrittyBrick

Posted 2012-08-23T21:33:13.120

Reputation: 70 632

A subdomain and delegation is not necessary – in bind9, type forward zones exist and can be used even for TLDs. – user1686 – 2012-08-24T00:40:19.273

This seems like the right approach in general, though I'd need BIND on my router, not just dnsmasq. – bgvaughan – 2012-08-28T11:21:08.853

I have named running on a server that resolves names for a local TLD and forwards other queries to Google's public DNS.

This is what my /etc/bind/named.conf.options looks like:

options {
        ...
        forward only;
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };
};

To make it use your router as a forwarder, delete one of the forwarders stanzas and put your router's IP address for the remaining one.

LawrenceC

Posted 2012-08-23T21:33:13.120

Reputation: 63 487

Unfortunately, the LAN router has an RFC 1918 address, 192.168.1.1, and forwarding to an RFC 1918 address doesn't seem to work. – bgvaughan – 2012-08-23T22:07:47.567

1I don't see why it being an RFC 1918 address would change anything. But there could be something going on I don't know about. I learn more about BIND every time I have to reconfigure it. – LawrenceC – 2012-08-23T23:03:42.323

@bgvaughan I have successfully configured several instances of bind9 to use my own router at a RFC 1918 address as a forwarder, both for all requests and for specific zones. There is absolutely nothing special in that. – user1686 – 2012-08-24T00:37:06.020

I misstated. It seems to use 192.168.1.1 as a forwarder without trouble in general. However, after setting that up, 'dig mykids-pc' gets an NXDOMAIN response even though it lists '192.168.1.1' as the name server, whereas 'dig mykids-pc @192.168.1.1' gets the expected result. – bgvaughan – 2012-08-24T00:44:17.787