The Gate/Migrating away from dnsmasq

From Hackerspace Brussels
Jump to: navigation, search

This is historical and not accurate anymore[edit]

Replace it with what ?[edit]

The well known trio: bind, ISC DHCPd and tftpd-hpa

Why ?[edit]

dnsmasq is a nice all-in-one solution for embedded devices and simple networks. However, our network is growing and getting more complex.

  • We have:
    • several subnets with IPv6
    • access to the dn42 network
    • netboot
  • we want:
    • full public DNS for our IPv6 hosts
    • Fully working reverse DNS records
    • Secondary DNS for our space
    • DNS records with reverse on dn42
    • to get rid of stupid and useless DNS-level censorship from our ISP.

dnsmasq cannot be set up to directly query the root nameservers and advanced setup quickly get nasty, it has to go for the sake of freedom of speech and maintainability.

Getting started[edit]

Stop dnsmasq. It is bound to many sockets that will interfere with our migration

# /etc/init.d/dnsmasq stop

Copy the config file to a safe place. You may need it as reference in case you already have a complex setup that you need to adapt. Now, we remove dnsmasq and we install the bind, ISC DHCPd and tftpd-hpa pachages

# apt-get remove --purge dnsmasq
# apt-get install bind9 isc-dhcp-server tftpd-hpa sipcalc

During installation of the tftp daemon, it will ask you the directory where your boot files are installed. Once you answered the question, that's already 1 over 3 packages set up and out of the way.

The bind9 DNS server is quite open by default. It will happily resolve any query it receive from anywhere. We'll lock it down later. At the moment it is fully operational and will directly query the root nameservers. That's 2 out of 3 set up.

The DHCP server[edit]

These are the options that must be activated:

ddns-update-style none;
# Those two lines are equivalent to the enable-tftp option of dnsmasq
allow booting;
allow bootp;
default-lease-time 2400;
max-lease-time 7200;
log-facility local7;

# subnet declaration: equivalent to the following option in dnsmasq:
# dhcp-range=br0,,,,4h
subnet netmask {
    option routers;
    option domain-name-servers;
# Equivalent to the dhcp-boot option of dnsmasq
    filename "pxelinux.0";

# Fixed IP address for a host. Equivalent dnsmasq option below:
# dhcp-host=00:30:18:a4:13:7f,,wanderingstar_eth0
host wanderingstar_eth0 {
  hardware ethernet 00:30:18:a4:13:7f;

... (add more entries here)