home   articles   archive   forum   masthead  
Published at 2.02.2002
Author: Ronny Ziegler
Translator: Sascha Kloss
Languages: de
Printer printer-version
Support Us!
 

DNS-Server for small networks

Masquerading-DNS If your LAN accesses the internet via a masquerading server you may have to wait for a long time if you want to reach a computer when the line is cut...

The IP you are calling is not available...

Using a single internet connection (modem, ISDN, DSL etc.) with several clients is very popular with small networks. Long before other "operating systems" have offered such technologies Linux supported this so-called masquerading (partly called NAT - Network Address Translation; that is not exactly the same in detail but it serves the same purpose.)

Masquerading not only enables the clients to access the www like many Windows proxies do; it can also forward nearly every service (telnet, ftp, finger, etc.). The clients must just be told to use the masquerading server as a gateway; then all network-queries to computers out of the own LAN are forwarded to the gateway. The gateway provides them with an official IP address and forwards it to the desired computer on the internet.

If you want to start a DNS query (that is usually done automatically if the domain name is used instead of the IP address) the query is addressed to the domain name server in the file /etc/resolv.conf. This query is forwarded to the internet by the masquerading server because a small local network usually does not own a domain server.

Netz-Topology

If the masquerading server is not connected to the internet, the client tries to reach the name server in the internet nevertheless. It takes some time until the client recognizes that it cannot reach the domain server; a time-out will result from this.

That can be very annoying: the service will not react to further queries until a connection to the name server is working.

dnsmasq

Here the small program dnsmasq appears. It is installed on the masquerading server and can be used as a name server from all clients. When the masquerading server is online dnsmasq forwards all name server queries to a real name server in the internet.
If the masquerading server is offline dnsmasq recognizes this; it instantly returns an error message to the client telling that the requested host is temporarily unavailable. So the timeout is avoided.

Also dnsmasq can be used as a complete name server replacement for the local network. There are two possibilities to reach a client from another client in a local network by its domain name: On the one hand you have to set all other clients in the file /etc/hosts - that is unnecessary effort already with more than three computers. On the other hand you can use your own name server for the local network which is only responsible for the local computers.
The second way has the disadvantage that the configuration and maintenance of a real name server is a lot of work.

dnsmasq solves this problem excellently. The masquerading server is listed as (only one) DNS computer in the file /etc/resolv.conf on every client. The file /etc/hosts does not need to be configured on any of the clients.

This only has to be done on the masquerading server. Here you list all computers of the local network in /etc/hosts and dnsmasq uses this file to answer name server queries.

If the IP address of a client changes or another client is getting a part of the network you only have to change /etc/hosts on the masquerading server and all other clients of the network know the IP address.

Installation

The installation is very simple. After downloading the software from http://www.thekelleys.org.uk/dnsmasq/doc.html and extracting 

>> tar zxvf dnsmasq-1.xxx-C /tmp/>> cd /tmp/dnsmasq-1.xxx
the software can be compiled. 
>> make
Then you can install dnsmasq system-wide by 
>> make install
or just copy the whole directory to /usr/local.

Afterwards you should start dnsmasq on the masquerading server on trial: 

  >> /path/to/dnsmasq
The only output of the program is in the log file /var/log/messages and should look like this: 
  dnsmasq[1334]: started, version 1.0 cachesize 300

Client Configuration

Now the new DNS settings should be adapted to the new situation on the client computers. First the masquerading server has to be adjusted as sole DNS server. Otherwise the advantages of dnsmasq would not be used.

The configuration of the DNS servers on SuSE is done by YaST for example or you can edit the configuration file manually. YaST doesn't do anything differently though.
To change the DNS settings, all DNS servers have to be removed from the file /etc/resolv.conf and the IP address of the masquerading server has to be registered:

/etc/resolv.conf
  search mydomainname.org
  nameserver 192.168.0.1


The first one indicates the domain name of the local network and should not be changed. The IP address of the masquerading server is listed in the second line (of course the line can be different on your system).

Next all entries from /etc/hosts should be deleted and the computer names of the local network should be resolved.

/etc/hosts
   #
   # hosts         This file describes a number of hostname-to-address
   #               mappings for the TCP/IP subsystem.  It is mostly
   #               used at boot time, when no name servers are running.
   #               On small systems, this file can be used instead of a
   #               "named" name server.
   # Syntax:
   #
   # IP-Address  Full-Qualified-Hostname  Short-Hostname
   #
  
  
   127.0.0.1	localhost
   192.168.0.11   hal2000.mydomainname.org 	hal2000


The entries for localhost and the IP address and host name of the client should be left.

Test

Now you can test the configuration out from a client computer:
By nslookup we search for another computer of the local network ("paul" in our example): 

>> nslookup paulServer:
  masquerade.mydomainname.org
  Address:  192.168.0.1
  Non-authoritative answer:
  Name:    paul.mydomainname.org
  Address:  192.168.0.15
The first block shows what DNS server was queried. As it should be, the dnsmasq server is shown; it serves all our queries from now on.

The second block shows the answer of the DNS server and the IP address of the computer named "paul".

This name resolution is made by /etc/hosts on the masquerading server from now on. Entries in the /etc/hosts files are not necessary on the clients from now on.

If the DNS server is not running you'll probably get this output instead: 

  >> nslookup paul
  *** Can't find server name for address 192.168.0.1: No response from server
  *** Default servers are not available
If the answer is 
  >> nslookup paul
  Server:  masquerade.mydomainname.org
  Address:  192.168.0.1
  
  *** masquerade.mydomainname.org can't find paul: Non-existent host/domain
it means that the DNS server is running but the searched computer name is not known.
An appropriate entry in /etc/hosts on the masquerading server does not exist.

If the masquerading server has an open connection to the internet you can also try the IP resolution of internet computers. dnsmasq then forwards all queries by external computers to the DNS servers which are listed in /etc/resolv.conf on the masquerading server. 

  >> nslookup www.yahoo.com
  Server:  masquerade.mydomainname.org
  Address:  192.168.0.1
  
  Non-authoritative answer:
  Name:    www2.vip.lng.yahoo.com
  Address:  217.12.3.11
  Aliases:  www.yahoo.de

Everything is working properly now. Therefore the DNS server should be started automatically with every boot of the masquerading server. An init script on the masquerading server is suited best for this purpose (more about the use of init scripts can be read in the article about init scripts in issue 6) or the following entry 

  /path/to/dnsmasq &
in /sbin/init.d/boot.local.

A very simple init script could look like this:

/sbin/init.d/dnsmasq
   #! /bin/sh
  
  case "$1" in
      start)
          echo -n "Starting DNSMASQ daemon"
          /usr/local/dnsmasq-1.0/dnsmasq         
          ;;
      stop)
          echo -n "Shutting down DNSMASQ daemon"
          killall dnsmasq 
          ;;
      restart)
          $0 stop && $0 start
          ;;
      *)
          echo "Usage: $0 {start|stop|restart}"
          exit 1
  esac
  exit 0


This is ok, but it would be better if you use an init file which is adjusted to your distribution's needs.

Featureritis

But that is not the end of the helpful functions of dnsmasq:
For example it can serve as a mail hub and store outgoing e-mails if there is no connection to the internet for a short time. When the masquerading server then is online, all stored mails got to their recipients. The user of the mail application does not recognize anything about this.
You could reach the same with a suitable sendmail configuration. Unfortunately, this usually frightens admins because noone seriously believes he can overcome the huge configuration files of sendmail .

A further useful quality is using the configuration of a DHCP server automatically. This avoids the need for computers on the local network to be listed both in the DHCP configuration file and /etc/hosts.

Even DNS caching is supported. Results of DNS queries are stored for some time and need not be forwarded to the internet every time the same query is asked for again. That can save time with slow connections.

Unfortunately the additional features of dnsmasq are still not documented in great detail.

Homepage: http://www.thekelleys.org.uk/dnsmasq/doc.html



Talkback Area




Enter Own Comment