DNS resolution on a home network

Hi,

I have a problem with hostname resolution on my home network. I run a web server on opensuse for which I have a public hostname (say, A.com) and a dynamic dns service for name resolution. Works fine from the outside. That is because all requests come to my home router on which I forward port 80 to my internal machine.

For machines inside my home network, the router also acts as a DNS server. So any resolutions to A.com will go to the router which resolves it to itself but does not apply the port forwarding rules to it as the request is coming from the inside.

How do I solve this? Do I set up a DNS server somewhere on my home machine? If so is it also beneficial to also run a DHCP server as currently the router also runs the DHCP server.

I apologize its not really a suse related issue but I am a lonog time suse user and I trust the group to be really knowledgeable.

Any help is appreciated.

Thanks,
Vas

I would let the router handle the DHCP, but it will never do the internal DNS. It only forwards DNS from your ISP’s DNS servers. You would have to run a DNS server on a PC inside your network, but that seems like a waste of processor, when you can simply use an IP address in the browser.

Yes, this is a typical situation for which split DNS is a solution.

You set up a DNS server on your LAN, create a zone for A.com, and forward all other requests upstream, tell all your LAN machines to use the internal DNS server and then your web server domain name, say www.A.com can resolve to an internal address. In essence your nameserver intercepts requests for names in A.com and replies directly while the other queries are forwarded upstream. There is a YaST menu for administering named, which is the Linux name server. The package is “bind”.

One advantage of running your own nameserver is that you can easily test and deploy virtual hosts.

You don’t need to set up a DHCP server, but you do need to tell the existing DHCP server that the DNS server is now the internal one. This can normally be configured on the router’s admin web page.

Another way around it, if only one or two clients, is to add www.A.com to /etc/hosts on those machines. I believe there is an equivalent file on Windows.

Another way is to use a non-FQDN, say www, in the URL and then add a DNS record for www at your router, if that can be done. So it would be expanded to www.homedomain or similar at the router and this would point to your internal webserver. This will not work if you have any links with absolute URLs on your webpages, i.e. http://www.A.com/blahblah. It’s good practice to use relative URLs in the links anyway so that your site can be easily moved if needed.

I should add that some embedded router implementations do allow you to configure the DNS server on it to resolve local names. Certainly it is possible with homemade routers using dnsmasq, e.g. IPCop. Whether dnsmasq is used and whether this functionality is exposed via the web interface, depends. Some hardcore hardware hackers flash alternate firewall implementations like dd-wrt or openwrt onto routers.

Thanks for the replies.

I have been using the IP address internally but its becomes very cumbersome managing the IP across multiple applications and machines and more so when the IP is itself obtained through DHCP :slight_smile:

My home router does not allow adding the option to route messages to www host on A.com to my internal machine. That was the first thing I tried.

I will try installing the DNS server. Thats one thing I never did. I don’t have any windows boxes on my home network.

Thanks I will post additional questions if I run into problems with the DNS server set up.

-Vas

If you only have a few machines on your LAN that need to access to the internal web site then installing a DNS server MAY not be necessary, Have you considered just adding an entry to the HOSTS file on all the client machines?

For example, if you want to access the web site at www.mysite.com which has an IP of 1.2.3.4 then you just use your favourite text editor to add an entry to the HOSTS file. If you open the HOSTS file you’ll probably see an entry in their for localhost which points to 127.0.0.1

Just add your own entry in the same format.

Hope this helps.:wink:

You also mentioned that the web server is getting its address from DHCP. Are you saying that the IP address is changing? If so, then you should either configure your web server with a static (hard-coded) IP or can you set a reserved IP address for it in your DHCP server?

Yes. I was adding the machine name to my hosts file, I was looking for a generic solution as I have some mac machines for which I am still not sure about the config files. Either way if I add a windows machine to the mix its better to have a generic solution.

The dhcp server leases ips forever. So the web server’s IP does not change.

-Vas

I’m certainly not a expert with OpenSUSE, but I do think the version of Bind used in 11.1 has problems that prevent setting up a simple DNS server. I’ve got a configuration with a couple of zones that has worked for years on NetBSD and FreeBSD talking to Linux, Solaris, Windows and Mac OSX. I can’t get that same configuration to work with OpenSUSE 11.1, however it works fine with OpenSUSE 10.0. The only differences I see are with the versions of Bind. My FreeBSD 7.0 system uses Bind 9.4.2 and OpenSUSE 10.0 uses Bind 9.3.1. OpenSUSE 11.1 is using something like Bind 9.5.x. From the dumps I’ve got it appears that the latest version of Bind is sending some UDP packets upstream that aren’t recognized because of format or extra bytes at the end. Would be nice to see this fixed and working like it used to!

-bob

Hmm, my local DNS server and resolver on 11.1 works fine with zone files that were on 11.0.

My working configuration from 10.x doesn’t work with 11.1 though. Still appears to be something very buggy in the system.

I haven’t used 11.1 for dns, but SLES 10 works fine. Just use the yast>network services gui to set it up rather than mess with the .conf files.

On Wed February 4 2009 07:56 pm, bobinmurphy wrote:

>
> ken_yap;1937482 Wrote:
>> Hmm, my local DNS server and resolver on 11.1 works fine with zone files
>> that were on 11.0.
>
> My working configuration from 10.x doesn’t work with 11.1 though.
> Still appears to be something very buggy in the system.
>
>
bobinmurphy;

  1. Have you updated your dhcp server to give the correct DNS IP or made the
    changes to static entries for DNS on the clients?
  2. Have you tested with the firewall down? You may need to open the DNS
    ports.
  3. Is the “allow-query” entry of /etc/named.conf set properly for your
    network?

    P. V.
    “We’re all in this together, I’m pulling for you.” Red Green

On Wed February 4 2009 09:12 pm, PV wrote:

> On Wed February 4 2009 07:56 pm, bobinmurphy wrote:
>
>>
>> ken_yap;1937482 Wrote:
>>> Hmm, my local DNS server and resolver on 11.1 works fine with zone files
>>> that were on 11.0.
>>
>> My working configuration from 10.x doesn’t work with 11.1 though.
>> Still appears to be something very buggy in the system.
>>
>>
> bobinmurphy;
> 1. Have you updated your dhcp server to give the correct DNS IP or made the
> changes to static entries for DNS on the clients?
> 2. Have you tested with the firewall down? You may need to open the DNS
> ports.
> 3. Is the “allow-query” entry of /etc/named.conf set properly for your
> network?
Have you checked your conf file with “named-checkconf” and your zone files
with “named-checkzone <zonename> <filename>”. See the manual entry for the
syntax and options of these commands.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

When setting up a new system I try to get DNS working before setting up the DHCP Server. This works in 10.x but not entirely in 11.x. I have tried it with DHCP set up and I get the same results. It appears to be passing incorrect information upstream for resolution. If I create a zone named “home.net” with systems “a” and “b” defined and query for “a” I get the expected “a.home.net”. If I query for something outside of my zone but known to exist in my ISPs zone, say “x” it passes a query for “x.home.net” upstream which obviously isn’t found. My /etc/resolv.conf has a search for both domains and lists the nameserver for both my domain and my ISPs. This all works on 10.3 (and FreeBSD) but not on 11.x.

You shouldn’t parallel name servers like that in /etc/resolv.conf. There is no guarantee of the order in which the requests are made or replies received. So some requests might be able to resolve your local zone, and some not. Instead you should get your local nameserver to forward requests for non-local zones.

Yeah, but since I don’t have a static IP from my ISP I’ve set the ethernet connected to my ISP to configure via DHCP. This causes the /sbin/dhclient-script to write my ISP’s domain and nameservers into /etc/resolv.conf. Short of modifying the system script I haven’t found the widget to control this, although I’d think it should be smart enough to not do this if there’s a local DNS server running. If I edit /etc/sysconfig/network/config to fix this, it ends up resetting the resolver to “bind” breaking my local DNS and in this mode all it writes to /etc/resolv.conf is the search domains, no nameservers. And for some odd reason it insists on including my ISP’s domain in the search line.

You can tell YaST not to take the resolver from the DHCP lease, then you can edit /etc/resolv.conf without fear of it being overwritten.

On Mon February 9 2009 09:16 pm, bobinmurphy wrote:

>
> ken_yap;1941714 Wrote:
>> You shouldn’t parallel name servers like that in /etc/resolv.conf. There
>> is no guarantee of the order in which the requests are made or replies
>> received. So some requests might be able to resolve your local zone, and
>> some not. Instead you should get your local nameserver to forward
>> requests for non-local zones.
>
> Yeah, but since I don’t have a static IP from my ISP I’ve set the
> ethernet connected to my ISP to configure via DHCP. This causes the
> /sbin/dhclient-script to write my ISP’s domain and nameservers into
> /etc/resolv.conf. Short of modifying the system script I haven’t found
> the widget to control this, although I’d think it should be smart enough
> to not do this if there’s a local DNS server running. If I edit
> /etc/sysconfig/network/config to fix this, it ends up resetting the
> resolver to “bind” breaking my local DNS and in this mode all it writes
> to /etc/resolv.conf is the search domains, no nameservers. And for some
> odd reason it insists on including my ISP’s domain in the search line.
>
>
bobinmurphy;

Why not just add a router to isolate your local lan from the ISP. Behind the
router, you can have a static IP for your DNS server and have it forward
requests to your ISP’s DNS. Simple routers are available for < $40 US.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

OK, where or how is this done? For the life of me I can’t find an option for this.