Authors: Luke Rawlins
There are lots of reasons to use Linux for your networking needs both at home and at work not the least of which is the unbeatable price (free). Linux has a well deserved reputation for security and high availability that is unrivaled among modern operating systems.
Setting up a dhcp and dns server with Linux is not as hard as you might think especially when using a package called “dnsmasq”. Dnsmasq is a lightweight package that is available from the default Ubuntu repositories. This guide will serve as a step by step guide to setup a basic dns and dhcp server using dnsmasq.
You can use either Ubuntu Server or Ubuntu Desktop for this. The steps will be the same, just keep in mind that if you ever decided to shut this computer off your entire network will go down! So choose a computer that you don’t plan to shut down too often.
The first thing we need to do is setup a static ip address on the computer we will be using as our server.
Ubuntu keeps it’s network configuration in a file located at /etc/network/interfaces. As a best practice I recommend that you make a copy of the original file. That way you can restore your original settings if needed.
cp /etc/network/interfaces /etc/network/interfaces.orginal
Now lets edit the file and set our ip. I’m using vim here but you can use nano or any other text editor you feel comfortable with.
sudo vim /etc/network/interfaces
You will want to make your file look something like this one. Substituting any ip address information that may better suite your environment.
# interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 gateway 192.168.1.1 dns-nameservers 192.168.1.2
Save and close the file. No need to worry about loosing your network at this point since the current configuration is in memory and will not be read again until you either reboot or restart the network process. – Don’t do either yet.
Now we are ready to install dnsmasq.
sudo apt-get update sudo apt-get install dnsmasq -y
Dnsmasq keeps its configuration file at /etc/dnsmasq.conf. It is a rather large file which has inline and block comments to help explain what each setting does. The top of the file should look like this:
# Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
To configure dnsmasq find the lines you need and uncomment them filling in any environment specific details as needed. (Demonstrated below)
Again we will save a copy of the original file so that we can start over if something goes wrong.
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orginal
Then edit the file:
This a large file so I have removed many of the lines that are not relevant to this guide. However, I recommend that you read the entire file as there is a lot of valuable information in it. ( Again change any ip or domain details to fit your needs)
# Configuration file for dnsmasq. # ... # Never forward plain names (without a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv ... # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. no-resolv # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv # files for changes and re-read them then uncomment this. no-poll # Add other name servers here, with domain specs if they are for # non-public domains. server=/localnet/192.168.1.2 server=184.108.40.206 server=220.127.116.11 ... # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. local=/mydomain.local/ ... # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. no-hosts ... # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" domain=mydomain.local ... # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. dhcp-range=192.168.1.50,192.168.1.250,48h ... # Do the same thing, but using the option name dhcp-option=option:router,192.168.0.1 ... # adapted for a typical dnsmasq installation where the host running # dnsmasq is also the host running samba. # you may want to uncomment some or all of them if you use # Windows clients and Samba. dhcp-option=19,0 # option ip-forwarding off dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) dhcp-option=45,0.0.0.0 # netbios datagram distribution server dhcp-option=46,8 # netbios node type ... # Set the limit on DHCP leases, the default is 150 dhcp-lease-max=200 ... # Set the DHCP server to authoritative mode. In this mode it will barge in # and take over the lease for any client which broadcasts on the network, # whether it has a record of the lease or not. This avoids long timeouts # when a machine wakes up on a new network. DO NOT enable this if there's # the slightest chance that you might end up accidentally configuring a DHCP # server for your campus/company accidentally. The ISC server uses # the same option, and this URL provides more information: # http://www.isc.org/files/auth.html dhcp-authoritative ... # The following line shows how to make dnsmasq serve an arbitrary PTR # record. This is useful for DNS-SD. (Note that the # domain-name expansion done for SRV records _does_not # occur for PTR records.) #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" ptr-record=18.104.22.168.in-addr.arpa.,"mydomain.local" address=/batcave.local/192.168.1.2 ... # Include another lot of configuration options. #conf-file=/etc/dnsmasq.more.conf #conf-dir=/etc/dnsmasq.d
Don’t forget about the firewall!
Luckily Ubuntu’s uncomplicated firewall (ufw) makes this easy.
sudo ufw allow bootps sudo ufw allow 53/udp sudo ufw allow 53/tcp
At this final step you will probably lose your network connection for a short period of time.
Using a web browser navigate to your routers web interface. In my case that is 192.168.1.1 (yours may be different). You will want to disable dhcp for the local area network, and change any dns settings to point at the static ip address that you set for your server (mine was 192.168.1.2). Save your changes - some routers may need to reboot.
Lastly it’s time to restart the network on your server so that the /etc/network/interfaces file will be reread and your changes will take effect.
sudo service dnsmasq restart sudo service network-manager restart
Alternatively you can reboot your server.
sudo shutdown -r now
That’s all there is too it! This is a relatively simple setup but dnsmasq is capable of configuration that supports ldap, kerberos, tftp and can handle at least 1000 clients (according to the man page).
If you’d like to get in touch, contact with me via email.