Providing local DNS service behind a cheap router/gateway

Danny Mayer mayer at
Fri Dec 28 03:04:51 UTC 2007

Steven Stromer wrote:
> Many of my smaller clients use high-end consumer or low-end
> professional router/gateways. These router/gateways provide DHCP
> services for the LAN, and are thus providing LAN hosts with DNS
> information dynamically. The DNS servers that the LAN hosts are
> pointed to are BIND servers running on the LAN. In these router/
> gateways, there is no DHCP specific option for specifying the the IP
> address to offer for DNS. The only solution is to assign the LAN
> address of the BIND server in the router's WAN configuration.

You really should be asking this in the DHCP newsgroup rather than here
since there are ways of provisioning the DNS addresses in the
routers/gateways issuing the IP addresses.

> The result that I believe is achieved is that the router/gateway
> provides the LAN address of the local BIND host to the local clients
> (this part I know to be correct). When needing name resolving
> service, the local clients query the DNS service on the LAN, and the
> BIND service uses full recursion to query authoritative name servers
> on the internet, passing these queries, and all replies, through the
> very router/gateway that provided the DHCP service.
> This seems to function, but not perfectly; I notice that web pages
> and similar services that depend on name resolution load more slowly
> than I'd expect them to, but I'm not sure why. I am not certain
> whether the router 'appreciates' having to look inward to the LAN for
> name resolution, or having to pass the DNS responses on to the BIND
> server on the LAN instead of handling them itself.

DNS lookups are very rarely a factor in loading web pages. The biggest
factors are the size of the pieces being fetched, pages, images, etc.

> There exists an option in the router/gateway to toggle on or off
> 'Provide DNS proxy service', which I have turned off, so that the
> router/gateway will not try to use its own DNS configuration (which,
> as described earlier, points to the BIND server on the LAN) to
> resolve the outgoing queries from the BIND server. This would
> obviously cause a never-ending loop between the BIND service running
> on the LAN and the router/gateway itself.

You don't really want to do that. The moment the DNS changes you have to
put in new addresses.

> I have a feeling that the best solution would be to move the DHCP
> service to one of the internal linux servers, and to be done with it
> all, but it doesn't resolve my curiosity regarding this arrangement,
> nor does it provide me the time to rearrange DHCP service, which is
> really limited at the moment. Any insight on whether this convoluted
> configuration could ever work would be really appreciated!

I think this is more of a DHCP question than a DNS question.

> Thanks,
> Steven Stromer

