Raspberry Pi - DNS and DHCP Server

I’ve setup a dedicated DNS and DHCP server for my home network. I used a Raspberry Pi 2 B running Raspberry Pi OS 10. I’ve named my server banyan1. I’m using a domain name of lab.net.

For more detailed background information you might want to take a look at these two other guildes that I’ve put together:

• Setup ISC DHCP Server on Ubuntu
• Setup DNS BIND on Ubuntu Linux

Enable SSH on the Raspberry PI

One of the first things that I did after booting up my Pi was to start and enable SSH. I did that with the following two commands.

sudo systemctl enable ssh
sudo systemctl start ssh

Alternatively, I could have also just created a blank file named “ssh” on the rootfs partition of the SD card before inserting it into the Raspberry Pi. During bootup, Raspberry Pi OS will look for this file and if it exists, it will enable SSH.

Setup a Static IP

This feels strange but apparently this is the right way to set up static IPs on newer versions of Raspberry Pi OS / Debian. I’m used to either using Netplan or the old interfaces file.

sudo vi /etc/dhcpcd.conf


interface eth0
static ip_address=192.168.3.2/24
static routers=192.168.3.1
static domain_name_servers=192.168.3.2 8.8.8.8

Reboot to make sure that it is working the way that it should after a clean boot.

sudo reboot

Setup the DHCP Server

Update repo information and install the package for isc-dhcp-server.

sudo apt update 
sudo apt install isc-dhcp-server

I received the following error. This was resolved afer setting up the config files and restarting the DHCP server.

invoke-rc.d: initscript isc-dhcp-server, action "start" failed.
● isc-dhcp-server.service - LSB: DHCP server
   Loaded: loaded (/etc/init.d/isc-dhcp-server; generated)
   Active: failed (Result: exit-code) since Mon 2021-10-25 17:15:04 BST; 84ms ago
     Docs: man:systemd-sysv-generator(8)
  Process: 761 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=1/FAILURE)

Oct 25 17:15:02 raspberrypi dhcpd[773]: bugs on either our web page at www.isc.org or in the README file
Oct 25 17:15:02 raspberrypi dhcpd[773]: before submitting a bug.  These pages explain the proper
Oct 25 17:15:02 raspberrypi dhcpd[773]: process and the information we find helpful for debugging.
Oct 25 17:15:02 raspberrypi dhcpd[773]:
Oct 25 17:15:02 raspberrypi dhcpd[773]: exiting.
Oct 25 17:15:04 raspberrypi isc-dhcp-server[761]: Starting ISC DHCPv4 server: dhcpdcheck syslog for diagnostics. ... failed!
Oct 25 17:15:04 raspberrypi isc-dhcp-server[761]:  failed!
Oct 25 17:15:04 raspberrypi systemd[1]: isc-dhcp-server.service: Control process exited, code=exited, status=1/FAILURE
Oct 25 17:15:04 raspberrypi systemd[1]: isc-dhcp-server.service: Failed with result 'exit-code'.
Oct 25 17:15:04 raspberrypi systemd[1]: Failed to start LSB: DHCP server.

Check the status like this:

sudo systemctl status isc-dhcp-server

I setup the interface to use here:

sudo vi /etc/default/isc-dhcp-server


INTERFACESv4="eth0"

I used the following configuration for my dhcpd.conf. Note that I have defined two different ranges from which to assign IP addresses.

sudo vi /etc/dhcp/dhcpd.conf


option domain-name "lab.net";
option domain-name-servers 192.168.3.2;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;


subnet 192.168.3.0 netmask 255.255.255.0 {

    option routers                  192.168.3.1;
    option subnet-mask              255.255.255.0;
    option broadcast-address        192.168.3.255;
    option domain-name-servers      8.8.8.8;
    default-lease-time 86400;
    max-lease-time 86400;
    range 192.168.3.150 192.168.3.180;
    range 192.168.3.190 192.168.3.250;
}

You can stop, start, and check status like this:

sudo systemctl stop isc-dhcp-server
sudo systemctl start isc-dhcp-server
sudo systemctl status isc-dhcp-server

Setup BIND DNS

Update repo information and install the package for BIND9.

sudo apt update
sudo apt install bind9 bind9utils bind9-doc

Set this option:

vi /etc/default/bind9


OPTIONS="-u bind -4"   

Restart BIND. You probably don’t need to yet but I did.

   
sudo systemctl restart bind9

Create a zones directory:

sudo mkdir /etc/bind/zones

Setup configuration options in this file:

sudo vi  /etc/bind/named.conf.options


acl "trusted" {
        192.168.3/24;
};
options {
        directory "/var/cache/bind";

        recursion yes;                 # enables resursive queries
        allow-recursion { trusted; };  # allow trusted clients to perform recursive queries
        allow-query { trusted; };
        listen-on { 192.168.3.2; };   # listen on this IP ( ex: private network )
        allow-transfer { none; };      # by default disable zone transfers

        forwarders {
                8.8.8.8;
                8.8.4.4;
       };
       dnssec-validation auto;
};   

Define zone files in this config file.

sudo vi /etc/bind/named.conf.local

   
zone "lab.net" {
    type master;
    file "/etc/bind/zones/db.lab.net";
};

zone "168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.192.168";
};

I setup a reverse zone file like this. I’ve included a few existing hosts to get started.

sudo vi /etc/bind/zones/db.192.168

   
$TTL    604800
@       IN      SOA     banyan1.lab.net. admin.lab.net. (
                   1632588616         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;

; name servers - NS records
      IN      NS      banyan1.lab.net.


; PTR Records
2.3  IN      PTR     banyan1.lab.net.

; name server PTR Records

181.3   IN      PTR     tiger1.lab.net.
182.3   IN      PTR     tiger2.lab.net.
183.3   IN      PTR     zebra1.lab.net.
184.3   IN      PTR     lion1.lab.net.
185.3   IN      PTR     lion2.lab.net.   

I setup a forward zone file like this. I’ve included a few existing hosts to get started.

sudo vi /etc/bind/zones/db.lab.net

   
$TTL    604800
@       IN      SOA     banyan1.lab.net. admin.lab.net. (
                   1632588616         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;


; name servers - NS records
    IN      NS      banyan1


; name server - A records
banyan1        IN      A        192.168.3.2


; 192.168.3 - A records


tiger1  IN      A       192.168.3.181
tiger2  IN      A       192.168.3.182
zebra1  IN      A       192.168.3.183
lion1   IN      A       192.168.3.184
lion2   IN      A       192.168.3.185   

Verify that the config files are valid and don’t contain any syntax errors.

   
sudo named-checkconf
sudo named-checkzone lab.net /etc/bind/zones/db.lab.net   
sudo named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.192.168

Restart BIND:

sudo systemctl restart bind9

Install DNS utils because they are really useful for testing.

sudo apt install dnsutils

Run a couple of test queries:

nslookup tiger1.lab.net
nslookup 192.168.3.181   

NOTE - If you have any issues try incrementing the serial number in the zone files and restart bind.

Host Name

First I updated the hostname file like this:

sudo vi /etc/hostname

banyan1

Then I updated the hosts file like this:

sudo vi /etc/hosts

127.0.0.1       localhost  banyan1
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

192.168.3.2             banyan1

Raspberry Pi - DNS and DHCP Server - Video

This is the video where I review the setup: