Providing local DNS service behind a cheap router/gateway

Danny Mayer mayer at gis.net
Fri Dec 28 03:04:51 UTC 2007


Steven Stromer wrote:
> Many of my smaller clients use high-end consumer or low-end
> professional router/gateways. These router/gateways provide DHCP
> services for the LAN, and are thus providing LAN hosts with DNS
> information dynamically. The DNS servers that the LAN hosts are
> pointed to are BIND servers running on the LAN. In these router/
> gateways, there is no DHCP specific option for specifying the the IP
> address to offer for DNS. The only solution is to assign the LAN
> address of the BIND server in the router's WAN configuration.
> 

You really should be asking this in the DHCP newsgroup rather than here
since there are ways of provisioning the DNS addresses in the
routers/gateways issuing the IP addresses.

> The result that I believe is achieved is that the router/gateway
> provides the LAN address of the local BIND host to the local clients
> (this part I know to be correct). When needing name resolving
> service, the local clients query the DNS service on the LAN, and the
> BIND service uses full recursion to query authoritative name servers
> on the internet, passing these queries, and all replies, through the
> very router/gateway that provided the DHCP service.
> 
> This seems to function, but not perfectly; I notice that web pages
> and similar services that depend on name resolution load more slowly
> than I'd expect them to, but I'm not sure why. I am not certain
> whether the router 'appreciates' having to look inward to the LAN for
> name resolution, or having to pass the DNS responses on to the BIND
> server on the LAN instead of handling them itself.
> 

DNS lookups are very rarely a factor in loading web pages. The biggest
factors are the size of the pieces being fetched, pages, images, etc.

> There exists an option in the router/gateway to toggle on or off
> 'Provide DNS proxy service', which I have turned off, so that the
> router/gateway will not try to use its own DNS configuration (which,
> as described earlier, points to the BIND server on the LAN) to
> resolve the outgoing queries from the BIND server. This would
> obviously cause a never-ending loop between the BIND service running
> on the LAN and the router/gateway itself.
> 

You don't really want to do that. The moment the DNS changes you have to
put in new addresses.

> I have a feeling that the best solution would be to move the DHCP
> service to one of the internal linux servers, and to be done with it
> all, but it doesn't resolve my curiosity regarding this arrangement,
> nor does it provide me the time to rearrange DHCP service, which is
> really limited at the moment. Any insight on whether this convoluted
> configuration could ever work would be really appreciated!
> 

I think this is more of a DHCP question than a DNS question.

Danny
> Thanks,
> Steven Stromer
> 
> 
> 




More information about the bind-users mailing list