Index
- Introduction.
- Network IP plan.
- Host server network.
- Configure the DNS and DHCP server.
- Testing client configuration.
- Download.
09-Jun-2011: initial release. 10-Aug-2011: added DHCP client daemon. 17-Aug-2011: updated DHCP client daemon. 26-Oct-2011: added udev rules, improved dnssec-keygen command. 03-Dec-2011: management workstation uses fixed IP via DHCP. 29-Dec-2011: reverted to the original named database path. 15-Jan-2012: small fix to /etc/dhcpd.conf 28-Jul-2012: updated hostname setting. 05-Jan-2013: adjusted for Slackware. 31-Oct-2013: updated to use dnsmasq instead of bind/dhcpd.
Introduction.
Our new home server has two network cards, lan0 is a 1 GB interface which we will use for our client computers, wan0 is a 100 MB interface which will be connected to our ADSL or Cable modem. That modem uses DHCP so we don’t need a static configuration for that card. Then we will configure DNS and DHCP for our client computers so that they are automatic configured and registered.
Network IP plan.
We need a plan. We will allocate a private range (RFC 1918) of 8 networks, and we will use one of them. The network in total is 10.126.160.0/21. This is on purpose and makes expanding our network and routing easy when you would connect several home networks together using VPN links. Unused networks will be used in the future for DMZ and virtual connections. The used range is more or less random chosen, but on purpose we stay away from the popular 192.168.* and low 10.* network ranges because they are too much used in public access points. If you would use a generic public range you can get into troubles if you would access your home network from a public network using a VPN that uses the same range as you have on this server. Choosing this one makes this chance a lot smaller.
| IPv4 | Remark |
|---|---|
| 10.126.160.0/24 | Workstations LAN |
| 10.126.161.0/24 | Spare |
| 10.126.162.0/24 | Spare |
| 10.126.163.0/24 | Spare |
| 10.126.164.0/24 | Spare |
| 10.126.165.0/24 | Spare |
| 10.126.166.0/24 | Spare |
| 10.126.167.0/24 | Spare |
Home server network.
On the home server are DNS and DHCP services running for the local network computers. These services will take care to configure the client computers so that they get their IPv4 address, get the nameserver address, routing and timeserver information and are registered on the network. Our server will be called homsrv.wpl.ym which is a complete fake but will do just what is must do. The top level domain ym is invented and doesn’t exist in the real world. Another popular top level name for this purpose is local or localdomain.
Make sure the following packages are installed: bind, dnsmasq, inetd, iproute2, iptables and iputils. All these packages are in the N series of your Slackware distribution.
Since we have two Ethernet cards in our server, there are chances that the order in which they are detected changes with every system boot and that makes the eth0 and eth1 names change every time this happens. Slackware writes after the first boot the file /etc/udev/rules.d/70-persistent-net.rules. It looks like this:
# PCI device 0x8086:/sys/devices/pci0000:00/0000:00:03.0 (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:f1:4f:3
a", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x8086:/sys/devices/pci0000:00/0000:00:08.0 (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:f2:b6:3
1", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
Now that this file exists, after each boot the cards have the same name. Swap the eth0 and eth1 names if they are wrong, and better, give them names what describes their function. In this example they are called lan0 (the 1GB card for the workstations) and wan0 (for the Internet side). After you have changed this, you need to reboot to really rename the network cards.
# PCI device 0x8086:/sys/devices/pci0000:00/0000:00:03.0 (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:f1:4f:3
a", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="lan0"
# PCI device 0x8086:/sys/devices/pci0000:00/0000:00:08.0 (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:f2:b6:3
1", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="wan0"
The rest of the network configuration is in the file /etc/rc.d/rc.inet1.conf. Some values are already filled in during the installation of this host by the setup program. Important is that you set the chosen network card names in this configuration file. Here is the top part of this file:
# Config information for eth0: IFNAME[0]="lan0" IPADDR[0]="10.126.160.253" NETMASK[0]="255.255.255.0" USE_DHCP[0]="" DHCP_HOSTNAME[0]="" # Config information for eth1: IFNAME[1]="wan0" IPADDR[1]="" NETMASK[1]="" USE_DHCP[1]="yes" DHCP_KEEPRESOLV[1]="yes" DHCP_HOSTNAME[1]="homsrv"
Here the external connection is done using a dhcp client. I have set DHCP_KEEPRESOLV to prevent that the dhcp client overwrites the file /etc/resolv.conf every time a new lease is acquired. This setting is important as soon as you have the internal DNS server installed and running. Until then you may comment that statement out. Next, edit /etc/hosts like this:
# # /etc/hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost #::1 localhost.localdomain localhost 10.126.160.253 homsrv.wpl.ym homsrv
Now reboot and the network should be configured and the computer should be named homsrv in the wpl.ym domain.
Configure the DNS and DHCP server.
We are going to use the dnsmasq server as DNS and DHCP server. This program does both and a lot more for our future plans. Note that in the past the ISC servers BIND and DHCP server packages were used, but that setup is more complex some IPv6 things are not possible. We let dnsmasq only listen on the internal network. The dhcp range will be from 10.126.160.50 up to 10.126.160.229. The addresses outside this range can be used for static addresses.
The file /etc/dnsmasq.conf should look like this (the comments are removed):
domain-needed bogus-priv no-resolv server=8.8.8.8 server=8.8.4.4 local=/wpl.ym/ interface=lan0 bind-interfaces no-hosts addn-hosts=/etc/dnsmasq.hosts expand-hosts domain=wpl.ym dhcp-range=10.126.160.50,10.126.160.229,12h dhcp-option=42,0.0.0.0 dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS serv er(s) dhcp-option=45,0.0.0.0 # netbios datagram distribution server dhcp-option=46,8 # netbios node type dhcp-option=option:domain-search,wpl.ym #dhcp-boot=pxelinux.0 #enable-tftp #tftp-root=/tftpboot dhcp-lease-max=180 dhcp-authoritative mx-host=wpl.ym,mail.wpl.ym,50 mx-target=mail.wpl.ym localmx srv-host=_sip._udp.wpl.ym,pbx.wpl.ym,5060,0,0 log-dhcp conf-dir=/etc/dnsmasq.d
Create the directory /etc/dnsmasq.d where future files can be placed. Then write /etc/dnsmasq.hosts which will hold the static addresses:
# # /etc/dnsmasq.hosts: static lookup table for host names # #<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost 10.126.160.5 mgmtws 10.126.160.253 homsrv ns1 wpad # Network from homsrv to gateway # 10.126.161.1 gateway 10.126.161.2 red # End of file
Now start the server and test it:
root@homsrv:~# chmod 755 /etc/rc.d/rc.dnsmasq root@homsrv:~# /etc/rc.d/rc.dnsmasq start Starting dnsmasq: /usr/sbin/dnsmasq root@homsrv:~# host ns1.wpl.ym localhost Using domain server: Name: localhost Address: 127.0.0.1#53 Aliases: ns1.wpl.ym has address 10.126.160.253 ns1.wpl.ym mail is handled by 1 mail.wpl.ym. root@homsrv:~# host 10.126.160.253 localhost Using domain server: Name: localhost Address: 127.0.0.1#53 Aliases: 253.160.126.10.in-addr.arpa domain name pointer homsrv.wpl.ym. root@homsrv:~# host www.google.com localhost Using domain server: Name: localhost Address: 127.0.0.1#53 Aliases: www.google.com is an alias for www.l.google.com. www.l.google.com has address 74.125.79.147 www.l.google.com has address 74.125.79.99 www.l.google.com has address 74.125.79.104 root@homsrv:~#
We did force the host command to use our localhost nameserver so that we can test if it works. Edit /etc/resolv.conf like this:
search wpl.ym nameserver 10.126.160.253
Now you should be able to do all tests above without the localhost on the command line.
Testing the client configuration.
Windows got a IP address
Now when you plug a computer in the lan0 network, it should get a IPv4 address and other information from our home server. If that works you then this part is ok, but you won’t be able to connect to the Internet yet. This is because our home computer doesn’t forward network traffic yet and does not do Network Address Translation (NAT), that is for the next article.
Download.
See the download page for the script and configuration files.