Low Orbit Flux Logo 2 D

Raspberry Pi - DNS and DHCP Server

I’ve setup a dedicated DNS and DHCP server for my home network. I used a Raspberry Pi 2 B running Raspberry Pi OS 10. I’ve named my server banyan1. I’m using a domain name of lab.net.

For more detailed background information you might want to take a look at these two other guildes that I’ve put together:

Enable SSH on the Raspberry PI

One of the first things that I did after booting up my Pi was to start and enable SSH. I did that with the following two commands.


sudo systemctl enable ssh
sudo systemctl start ssh

Alternatively, I could have also just created a blank file named “ssh” on the rootfs partition of the SD card before inserting it into the Raspberry Pi. During bootup, Raspberry Pi OS will look for this file and if it exists, it will enable SSH.

Setup a Static IP

This feels strange but apparently this is the right way to set up static IPs on newer versions of Raspberry Pi OS / Debian. I’m used to either using Netplan or the old interfaces file.

sudo vi /etc/dhcpcd.conf
interface eth0 static ip_address=192.168.3.2/24 static routers=192.168.3.1 static domain_name_servers=192.168.3.2 8.8.8.8

Reboot to make sure that it is working the way that it should after a clean boot.


sudo reboot

Setup the DHCP Server

Update repo information and install the package for isc-dhcp-server.


sudo apt update 
sudo apt install isc-dhcp-server

I received the following error. This was resolved afer setting up the config files and restarting the DHCP server.


invoke-rc.d: initscript isc-dhcp-server, action "start" failed.
● isc-dhcp-server.service - LSB: DHCP server
   Loaded: loaded (/etc/init.d/isc-dhcp-server; generated)
   Active: failed (Result: exit-code) since Mon 2021-10-25 17:15:04 BST; 84ms ago
     Docs: man:systemd-sysv-generator(8)
  Process: 761 ExecStart=/etc/init.d/isc-dhcp-server start (code=exited, status=1/FAILURE)

Oct 25 17:15:02 raspberrypi dhcpd[773]: bugs on either our web page at www.isc.org or in the README file
Oct 25 17:15:02 raspberrypi dhcpd[773]: before submitting a bug.  These pages explain the proper
Oct 25 17:15:02 raspberrypi dhcpd[773]: process and the information we find helpful for debugging.
Oct 25 17:15:02 raspberrypi dhcpd[773]:
Oct 25 17:15:02 raspberrypi dhcpd[773]: exiting.
Oct 25 17:15:04 raspberrypi isc-dhcp-server[761]: Starting ISC DHCPv4 server: dhcpdcheck syslog for diagnostics. ... failed!
Oct 25 17:15:04 raspberrypi isc-dhcp-server[761]:  failed!
Oct 25 17:15:04 raspberrypi systemd[1]: isc-dhcp-server.service: Control process exited, code=exited, status=1/FAILURE
Oct 25 17:15:04 raspberrypi systemd[1]: isc-dhcp-server.service: Failed with result 'exit-code'.
Oct 25 17:15:04 raspberrypi systemd[1]: Failed to start LSB: DHCP server.

Check the status like this:


sudo systemctl status isc-dhcp-server

I setup the interface to use here:

sudo vi /etc/default/isc-dhcp-server
INTERFACESv4="eth0"

I used the following configuration for my dhcpd.conf. Note that I have defined two different ranges from which to assign IP addresses.

sudo vi /etc/dhcp/dhcpd.conf
option domain-name "lab.net"; option domain-name-servers 192.168.3.2; default-lease-time 600; max-lease-time 7200; ddns-update-style none; authoritative; subnet 192.168.3.0 netmask 255.255.255.0 { option routers 192.168.3.1; option subnet-mask 255.255.255.0; option broadcast-address 192.168.3.255; option domain-name-servers 8.8.8.8; default-lease-time 86400; max-lease-time 86400; range 192.168.3.150 192.168.3.180; range 192.168.3.190 192.168.3.250; }

You can stop, start, and check status like this:


sudo systemctl stop isc-dhcp-server
sudo systemctl start isc-dhcp-server
sudo systemctl status isc-dhcp-server

Setup BIND DNS

Update repo information and install the package for BIND9.


sudo apt update
sudo apt install bind9 bind9utils bind9-doc

Set this option:

vi /etc/default/bind9
OPTIONS="-u bind -4"

Restart BIND. You probably don’t need to yet but I did.

   
sudo systemctl restart bind9

Create a zones directory:


sudo mkdir /etc/bind/zones

Setup configuration options in this file:

sudo vi /etc/bind/named.conf.options
acl "trusted" { 192.168.3/24; }; options { directory "/var/cache/bind"; recursion yes; # enables resursive queries allow-recursion { trusted; }; # allow trusted clients to perform recursive queries allow-query { trusted; }; listen-on { 192.168.3.2; }; # listen on this IP ( ex: private network ) allow-transfer { none; }; # by default disable zone transfers forwarders { 8.8.8.8; 8.8.4.4; }; dnssec-validation auto; };

Define zone files in this config file.

sudo vi /etc/bind/named.conf.local
zone "lab.net" { type master; file "/etc/bind/zones/db.lab.net"; }; zone "168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.192.168"; };

I setup a reverse zone file like this. I’ve included a few existing hosts to get started.

sudo vi /etc/bind/zones/db.192.168
$TTL 604800 @ IN SOA banyan1.lab.net. admin.lab.net. ( 1632588616 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; name servers - NS records IN NS banyan1.lab.net. ; PTR Records 2.3 IN PTR banyan1.lab.net. ; name server PTR Records 181.3 IN PTR tiger1.lab.net. 182.3 IN PTR tiger2.lab.net. 183.3 IN PTR zebra1.lab.net. 184.3 IN PTR lion1.lab.net. 185.3 IN PTR lion2.lab.net.

I setup a forward zone file like this. I’ve included a few existing hosts to get started.

sudo vi /etc/bind/zones/db.lab.net
$TTL 604800 @ IN SOA banyan1.lab.net. admin.lab.net. ( 1632588616 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; name servers - NS records IN NS banyan1 ; name server - A records banyan1 IN A 192.168.3.2 ; 192.168.3 - A records tiger1 IN A 192.168.3.181 tiger2 IN A 192.168.3.182 zebra1 IN A 192.168.3.183 lion1 IN A 192.168.3.184 lion2 IN A 192.168.3.185

Verify that the config files are valid and don’t contain any syntax errors.

   
sudo named-checkconf
sudo named-checkzone lab.net /etc/bind/zones/db.lab.net   
sudo named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.192.168

Restart BIND:


sudo systemctl restart bind9

Install DNS utils because they are really useful for testing.


sudo apt install dnsutils

Run a couple of test queries:


nslookup tiger1.lab.net
nslookup 192.168.3.181   

NOTE - If you have any issues try incrementing the serial number in the zone files and restart bind.

Host Name

First I updated the hostname file like this:

sudo vi /etc/hostname
banyan1

Then I updated the hosts file like this:

sudo vi /etc/hosts
127.0.0.1 localhost banyan1 ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters 192.168.3.2 banyan1

Raspberry Pi - DNS and DHCP Server - Video

This is the video where I review the setup: