Carla Schroder is a good writer. I keep a copy of her "Linux Networking Cookbook" handy:)
On Tue, 2013-08-13 at 01:28 -0600, Shawn wrote: > I've tried out DNSMasq and it seems to be straight forward, with a > little research. > > Compared to bind, the configuration feels more natural - no "A" or > "CNAME" records to setup or getting the "." right. Just configure the > /etc/dnsmasq.conf file, add my internal (static) boxes to my /etc/hosts > file, restart dnsmasq, and voila. > > Never that simple of course. It turns out that if you tell dnsmasq to > use the /etc/hosts file as a source for resolution, this gets used for > DHCP clients as well. The problem is when you have > > 127.0.0.1 my.internal.box > > Your DHCP enabled boxes will try to look to 127.0.0.1 for > my.internal.box - which is themselves. And this fails of course. > Replacing the IP with the correct internal IP solves this issue. i.e. > > 10.10.10.3 my.internal.box > > Just to complete the details, my current config file looks something > like this: > > #------------- > domain-needed > bogus-priv > > domain=mydomaincom > expand-hosts > local=/mydomain.com/ > > listen-address=127.0.0.1 > listen-address=172.16.1.25 > bind-interfaces > > #dhcp range > dhcp-range=lan,172.16.1.100,172.16.1.150 > > #default gateway, dns server > dhcp-option=lan,3,172.16.1.1 > dhcp-option=lan,6,172.16.1.25 > > #upstream name servers > server=8.8.8.8 > server=8.8.4.4 > #------------- > > And I used this article by Carla Schroder as a starting point: > http://www.linux.com/learn/tutorials/516220-dnsmasq-for-easy-lan-name-services > > Right now my network is nice and perky, like it should be, and things > are returning to normal. Thanks for the tips! > > Shawn > > > > > On 13-08-12 09:22 AM, John Jardine wrote: > > I know I'm coming in late to this discussion but here's what I was using > > (what I'm using now is further down). > > Alix box with DNSMasq as DHCP & DNS. I've never setup Bind so I have no > > idea of the relative effort involved. > > > > My requirements are: > > Static IP pool from x.y.z.1 to x.y.z.99 > > DHCP pool from x.y.z.100 to x.y.z.254 > > Functionally static IPs for two NAS devices > > This worked great and allowed all my internal machines to see each > > other. The only thing I had to do was turn off the DHCP server on my > > Linksys router. > > > > Current network: > > My earlier infrastructure was a hybrid of 100GB/GigE and I built a new > > network anchored by a DLINK DSR-250 that is pure GigE with a couple of > > VLANs to separate traffic. The DSR-250 does VLANs and IP/MAC mapping out > > of the box so no issues there. > > > > Interestingly I had a bit messing around to get DNSMasq to resolve > > hostnames on my local network but got it working. The DSR-250 did it > > out of the box. > > > > I would not hesitate to go back to DNSMasq if I ever found unresolvable > > issues with my current setup. > > > > Cheers, > > John J. > > > > On Mon, 2013-08-12 at 01:29 -0600, Shawn wrote: > >> Thanks All. > >> > >> I've used Bind in the past, but it has been a couple of years. I do > >> remember that it was a little more of a technical pain in the butt, but > >> effective. But seeing as it's been a while, I thought I'd ask. > >> > >> I checked out DNSmasq and it seems to be a reasonable solution in my > >> case. At least worth trying out. If it doesn't work out I can always > >> go back to BIND. > >> > >> Shawn > >> > >> On 13-08-12 12:53 AM, Gustin Johnson wrote: > >>> dnsmasq is used by default on OpenWRT IIRC as well. > >>> > >>> Bind may be a "heavy" solution, but it is ultimately the one I chose. I > >>> have 3 bind servers on my LAN. The primary is actually a VM (KVM) with > >>> the slave installs living on the firewall itself (vanilla Ubuntu 13.04 > >>> server) and the KVM server host. > >>> > >>> I used to have the isc dhcp server update the zone file, but now I > >>> statically assign the DNS to avoid collisions so this is possible, it > >>> just does not work out of the box like it does with dnsmasq (I do not > >>> actually want this enabled in my primary LAN). > >>> > >>> To actually answer your question, either solution will work, but I am a > >>> fan of Bind so I will probably always suggest it :) > >>> > >>> > >>> On Sun, Aug 11, 2013 at 9:57 PM, Anand Singh <an...@linizen.com > >>> <mailto:an...@linizen.com>> wrote: > >>> > >>> I'm actually an Untangle reseller and only have it installed as a > >>> firewall/gateway at two small sites. For larger networks I use it > >>> in bridge mode behind another firewall. It's just not a robust > >>> gateway solution. > >>> > >>> For Internet facing DNS zones Bind is the way to go, but is overkill > >>> for your application. DNSmasq is a better option since it is light > >>> weight, and has a built-in DHCP server to allow automatic name > >>> creation in the DNS responder based on the DHCP hostname. i.e.: If > >>> mygamebox picks up a DHCP lease, it automatically gets a DNS entry. > >>> > >>> DNSmasq is used by many firewall distributions (including Untangle) > >>> to provide that functionality. > >>> > >>> Anand. > >>> > >>> > >>> On Sun, Aug 11, 2013 at 9:32 PM, Shawn <sgro...@open2space.com > >>> <mailto:sgro...@open2space.com>> wrote: > >>> > >>> So I have a basic network set up now via my Asus RT-N56U > >>> wireless router with updated firmware (which happens to have > >>> parental controls too!!). The one thing it seems to be missing > >>> is name resolution. I can't ping any other boxes on the network > >>> by name with the firewall as my gateway and name resolver. > >>> > >>> The obvious short term solution is to add my boxes into my > >>> /etc/hosts file. That only affects my local box though. So I'm > >>> looking at setting up a DNS server on my network and thought I'd > >>> ask here for tips and such first. (my previous firewall - > >>> Untangle - has failed on me, but allowed me to add HOSTS entries > >>> on the firewall that would be used for internal resolution...) > >>> > >>> Is Bind still the best DNS server? Is there another/simpler > >>> name resolution solution I'm missing? > >>> > >>> Thanks for any tips. > >>> > >>> Shawn > >>> > >>> _________________________________________________ > >>> clug-talk mailing list > >>> clug-talk@clug.ca <mailto:clug-talk@clug.ca> > >>> http://clug.ca/mailman/__listinfo/clug-talk_clug.ca > >>> <http://clug.ca/mailman/listinfo/clug-talk_clug.ca> > >>> Mailing List Guidelines (http://clug.ca/ml_guidelines.__php > >>> <http://clug.ca/ml_guidelines.php>) > >>> **Please remove these lines when replying > >>> > >>> > >>> > >>> _______________________________________________ > >>> clug-talk mailing list > >>> clug-talk@clug.ca <mailto:clug-talk@clug.ca> > >>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >>> **Please remove these lines when replying > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> clug-talk mailing list > >>> clug-talk@clug.ca > >>> http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >>> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >>> **Please remove these lines when replying > >>> > >> > >> _______________________________________________ > >> clug-talk mailing list > >> clug-talk@clug.ca > >> http://clug.ca/mailman/listinfo/clug-talk_clug.ca > >> Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > >> **Please remove these lines when replying > > > > > > > > _______________________________________________ > > clug-talk mailing list > > clug-talk@clug.ca > > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > > **Please remove these lines when replying > > > > _______________________________________________ > clug-talk mailing list > clug-talk@clug.ca > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
