I have a small home network that just got larger (new roommate, my existing roommate got a laptop (on top of her computer), my friends coming over with laptops, etc.).
I'd like to run a local DNS server for lookups of my local network stuff (fileserver.local, windowsTV.local, machineA.local, machineB.local, appletv.local). I used to have a business line with a static IP, and run bind/named internally. However, now I have a normal account.
My ISP's DNS servers are constantly changing (for whatever reasons my ISP doesn't like to keep the same IP range for long). I need my local DNS to be automatically updated to use my ISP's DNS for external traffic, but be able to maintain an internal DNS server (getting to update the hosts file is being a hassle with every new machine on top of rebuilding existing machines with win7 or Ubuntu 9.04).
Additionally, My ISP's DNS servers often crash or become unresponsive. Are there any open DNS servers that are reliable (I don't want to reconfig every day) that I could use as my primary, then if those fail, then use my ISP's?
UPDATE: Also looking for each workstation to be able to use dhcp to connect, but instead of getting ISP DNS servers, getting my internal one....
515 Answers
If you want internal fake domains to work you can't configure your workstations with any DNS servers except your own. Once you set up BIND it can work by itself and you don't need your ISP's or any other non-authoritative DNS servers at all.
4Basically you need to run your own DHCP and DNS server. You're already running your own DHCP server if you have a typical router that gives out private IP addresses.
Your DHCP server must be configured to hand out your router IP as the gateway address, and your DNS server IP as the DNS server address, obviously.
Your DNS server must be configured to resolve a non-official top-level domain locally, such as .local, and then forward any other requests to another DNS. In BIND you need to add a forwarders { } section to your `/etc/bind/named.conf.options' which contains the public DNS servers you want to use to resolve non-local addresses. As other comments suggest, if you don't want to forward to your ISP's DNS servers, you can use OpenDNS, Google's public DNS servers, or 4.2.2.1/4.2.2.2 (I forget who does those).
If you are running your own DNS server, you need a box that will be on all the time, as all DNS queries on your home network will go through it. This box needs a fixed IP on your home subnet. Make sure it can't get bulldozed by DHCP, and the box itself should not be getting an IP via DHCP. If your DHCP is configured to hand out addresses from 192.168.1.1 to 192.168.1.100 for example, then give your DNS server the IP 192.168.1.101. In the usual situation of home routers you just need to simply tell the router that the DNS server is 192.168.1.101 and reboot.
If you can get a local DNS running on your broadband router, great, but a DNS server might benefit from lots of RAM for caching queries, depending on which DNS software you use. On my network I just use straight BIND. Sounds like you might have a little experience with that and for me it works great.
5Are there any open DNS servers that are reliable
You said it: OpenDNS.
208.67.222.222 208.67.220.2208
Unbound is pretty easy, supports bind style config files and fairly reliable. If the server will be a stand-alone 'gateway' type box, and you'd like a few extra niceties, you might want to take a look at the firewall/gateway distro called untangle as well.
1If you are running Windows - you should take a look at Simple DNS Plus - it is a full DNS server that also comes with a DHCP server plug-in - and has an easy-to-use GUI.
[Note: the product is developed by the author of this post]
2If you have a linux box then you'd want to setup DNSMASq got your local addresses and use it as a forwarding/caching DNS server for external addresses. This is also often what is used on linux distributions for home routers such as openwrt/ddwrt/tomato.
Alternately, on mostly Apple/Mac networks you'd be using Bonjour/Zeroconf which both Linux and Apple computers can communicate on for broadcast level DNS/service resolution.
That being said, on a purely hybrid network with all three OS running, you'll definately want a local DNS server with forwarding to either OpenDNS, GoogleDNS, or your local ISP DNS depending on your location/needs.
Some free DNS servers you can use for forwarding:
1.1.1.1 - Cloudflare
1.0.0.1 - Cloudflare
4.2.2.1 - Layer 3
4.2.2.2 - Layer 3
4.2.2.3 - Layer 3
8.8.8.8 - Google
8.8.4.4 - Google
208.67.222.222 - OpenDNS
208.67.220.220 - OpenDNS 1 4.2.2.1 & 4.2.2.2 are what I use
edit: that is, in regard to public servers. Easy to remember and I don't think I've seen them fail since I've been using them.
4Any Broadband router delivers both DNS & DHCP services for the local network. If you want INcomming connections from internet to local machines you need a router that also supports DynDNS and Incomming PortForwarding.
If you pick one from the DD-wrt supported hardware list you can flash it with that Firmware and it will support any feature you could ever need in your small network.
1For hostname resolution maybe mDNS/DNS-SD using avahi could solve the problem more easily:
Check if you already have the service running:
systemctl status avahi-daemon.serviceIf not, install avahi-daemon (service) and avahi-utils (avahi-browse command) packages. Once the hosts has the service and hostname set correctly:
avahi-browse --all --ignore-local --resolve --terminateRelated links
In terms of getting started quickly I ended up using a pihole deployment with extra lists, as described in
In this solution you get ad-block as "unnecessary" extra, but maybe it is more people than me who don't mind.
Start by installing pihole on some machine as described here and get it up and running.
When you're finished with getting pihole to work, extend the pihole configuration as below (example on a debian system, with a .lan domain):
Create a file /etc/dnsmasq.d/02-lan.conf with content
addn-hosts=/etc/pihole/lan.listThen create another file /etc/pihole/lan.list containing your local mappings, such as
192.168.1.100 nas.lan
192.168.1.101 somethingelse.lanif you e.g. have a nas sitting at 192.168.1.100.
Conclude by restarting the piholes dns service using sudo pihole restartdns
Update June 2020
Version 5 of pihole seems to have a GUI feature for this in the admin panel, adding to /etc/pihole/custom.listSee e.g.
For running a DNS server on your LAN, take a look at 'pdnsd' which is a nameserver for *nix.
If you download the DNS benchmark program from link text, it will benchmark a list of public DNS servers as well as your local DNS server. After running this program, try putting a copy of the fastest servers into the DNS setting on your router and then renew your DHCP session and running the test again.
If your router allows it, add both the router and one of the fast external DNS servers to the list of DNS servers that it hands to DHCP client (but pick a different one from the one that you entered for the router DNS server addresses).
Maybe I'm saying something stupid. In this case I would simply add IP and names to the hosts files on the individual machines..
192.168.0.120 tv.local
192.168.0.80 studiopc.local
1I had a similar problem. I bought an OpenWRT compatible router and installed OpenWRT. It offers static IP binding along with name resolution in the router, which enabled me to give names to my computers and devices in the network as I wish.