[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DHCP server that itself gets an IP address by DHCP

On Fri, Aug 25, 2017 at 08:14:29AM -0400, Greg Wooledge wrote:
> On Fri, Aug 25, 2017 at 07:34:16AM +0900, Mark Fletcher wrote:
> > On Thu, Aug 24, 2017 at 04:39:13PM -0400, Greg Wooledge wrote:
> > > I strongly recommend just running your own caching DNS resolver on the
> > > DHCP server host.  ISP nameservers are often slow and unreliable.
> > 
> > OK, thanks for the advice. One possibly stupid question though... 
> > whenever a DNS server running on my own firewall doesn't have an answer 
> > to a DHCP query, it is going to broadcast it out... to the ISP's DNS 
> > servers, no?
> 
> DHCP and DNS are two separate things.

Sorry, that was a typo, I meant "DNS query" not "DHCP query". I do 
understand the difference although I recognise that what I wrote above 
would seem to imply I don't.
> 
> If your firewall box is running a nameserver (i.e. a caching DNS
> resolver), and if the LAN clients are configured to use that
> nameserver, then no queries are ever sent to your ISP's nameservers
> at all.  Your caching resolver does all the work, talking directly
> to the root servers, and the .COM servers, and so on.
> 

Strictly speaking the LAN clients will be using the AirStation's 
nameserver, and I'd be configuring it to use this hypothetical new 
nameserver on the firewall box by having the DHCP server on my firewall 
send it the internal IP of the firewall as its nameserver. Why? Because 
the AirStation is already providing a nameserver to my LAN, and as I 
mentioned I want to futz minimally with the AirStation's configuration.

Thanks for the clarification about what the nameserver would do -- I had 
imagined it would answer DNS queries from the AirStation that it knows 
the answers to, and pass through queries it didn't know the answer to to 
some "upstream" nameserver, presumably noting the response so it knows 
next time. I assumed that is what the nameserver on the AirStation is 
doing, otherwise it wouldn't need to be told the ISP's nameservers, and 
I know from early misconfigurations of my firewall's DHCP server that if 
I give the AirStation bollix nameservers in response to its DHCP 
request, its ability to resolve anything breaks...

However, now, based on your response I am thinking the AirStation is 
just forwarding the DNS queries on to the nameservers it is given in 
response to its DHCP query, and not actually caching anything... So in 
your proposed configuration, a DNS query from a machine on my LAN would 
be picked up by the AirStation, forwarded to the firewall machine 
(because the AirStation was given the address of the firewall machine as 
a nameserver in response to its DHCP query), and that machine would 
actually be runnning a proper nameserver which would either already know 
the answer to the query or would interact with other DNS servers to get 
it. Right?

If that is actually caching everything by talking to root servers, .com 
servers etc, doesn't that take up a lot of space? The firewall box isn't 
a particularly beefy machine, by any measure -- memory, disk space, etc. 
It's enough to do the firewall job, and answer the occasional DHCP 
query, but would a nameserver need a lot of memory / disk space? The 
machine has a 32GB SSD, of which about 15GB is free, and 4GB of RAM, of 
which according to top about 1.8GB is free... And as I say, it is my 
firewall, a very light-load DHCP server, and does a cameo role as my 
OpenVPN server when I'm travelling on business.

Thanks for your patience in explaining this -- I'm learning a lot.

Mark
Reply to: