Providing local DNS service behind a cheap router/gateway

Steven Stromer filter at stevenstromer.com
Mon Dec 24 03:25:41 UTC 2007 

Many of my smaller clients use high-end consumer or low-end
professional router/gateways. These router/gateways provide DHCP
services for the LAN, and are thus providing LAN hosts with DNS
information dynamically. The DNS servers that the LAN hosts are
pointed to are BIND servers running on the LAN. In these router/
gateways, there is no DHCP specific option for specifying the the IP
address to offer for DNS. The only solution is to assign the LAN
address of the BIND server in the router's WAN configuration.

The result that I believe is achieved is that the router/gateway
provides the LAN address of the local BIND host to the local clients
(this part I know to be correct). When needing name resolving
service, the local clients query the DNS service on the LAN, and the
BIND service uses full recursion to query authoritative name servers
on the internet, passing these queries, and all replies, through the
very router/gateway that provided the DHCP service.

This seems to function, but not perfectly; I notice that web pages
and similar services that depend on name resolution load more slowly
than I'd expect them to, but I'm not sure why. I am not certain
whether the router 'appreciates' having to look inward to the LAN for
name resolution, or having to pass the DNS responses on to the BIND
server on the LAN instead of handling them itself.

There exists an option in the router/gateway to toggle on or off
'Provide DNS proxy service', which I have turned off, so that the
router/gateway will not try to use its own DNS configuration (which,
as described earlier, points to the BIND server on the LAN) to
resolve the outgoing queries from the BIND server. This would
obviously cause a never-ending loop between the BIND service running
on the LAN and the router/gateway itself.

I have a feeling that the best solution would be to move the DHCP
service to one of the internal linux servers, and to be done with it
all, but it doesn't resolve my curiosity regarding this arrangement,
nor does it provide me the time to rearrange DHCP service, which is
really limited at the moment. Any insight on whether this convoluted
configuration could ever work would be really appreciated!

Thanks,
Steven Stromer

More information about the bind-users mailing list