0

I have a mobo with 2 ports: eth0(WAN) and eth1(LAN) which i want to use as a router/gateway(NAT). But at first I want it to manage DHCP.

I've installed Debian, configured eth0 for dynamic and eth1 for static ip 10.0.0.1, then got dhcpd, and now want to write /etc/dhcpd.conf. But I am stuck on option domain-name-servers .... What should i put there!?

The trick is that I usually simply put 8.8.8.8 in there. But my ISP uses some "IPoE" scheme, in which I MUST use their DNS, to resolve any name to a specific IP. Upon accessing that IP on port 80 (HTTP) i got authorisation web page, enter a credentials, and only after 10 minuter internet addresses like 8.8.8.8 became availble.

So what to do? Do I need somehow to "forward" domain-name-servers, provided for eth0 via dhcp client, into /etc/dhcpd.conf every time my ISP want me to reauth/changes my IP?

PS. reword - eth0 got some DNS server via dynamic config. I need to resolve any dns name (to get auth server IP instead of real site IP). And access it through HTTP(usually done via client browser, on machine located in LAN). So I need LAN port eth1 also up and DHCP forwarding same DNS to the client, as WAN port eth0 got. How?)

Improve this question

1 Answer 1

Reset to default
1

my ISP uses some "IPoE" scheme, in which i MUST use their DNS, to resolve any name to a specific IP. Upon accessing that IP on port 80 (HTTP) i got authorisation web page, enter a credentials

That's not an "IPoE" scheme. It's a captive portal scheme. (IPoE means nothing more than IP-over-Ethernet, which is the most common way computer networks work, and it doesn't say anything about the authentication mechanism. The only meaning it has in this context is that it's "not PPPoE".)

So what to do? Do I need somehow to "forward" domain-name-servers, provided for eth0 via dhcp client, into /etc/dhcpd.conf every time my ISP want me to reauth/changes my IP?

Yes, that's one way of doing it. You could implement this by having WAN DHCP client run a 'hook script' after getting a new address lease, and making that 'hook' automatically edit the new DNS servers into dhcpd.conf. The problem is that your LAN devices won't notice the change until their previous lease expires, or until the device is restarted.

However, you only need to forward DNS requests (which you receive from LAN) to the ISP's DNS servers. There are several ways of doing this, and they don't necessarily require announcing the actual addresses to the LAN.

So there's an alternative – you could run a DNS resolver on this system (e.g. dnsmasq or Unbound), and announce via dhcpd that you are the DNS server for the entire LAN. This way you would only need to reconfigure the local DNS resolver program and wouldn't need to worry about giving out the updated DNS address to all of your LAN hosts.

Some DNS resolvers are almost purpose-built for this situation; a common one is dnsmasq. It doesn't need to be separately told what "upstream" nameservers to use – it'll just get them from your /etc/resolv.conf after the WAN DHCP client updates that file.

Improve this answer
5
  • Home grade routers usually do this in a simple way
    – xakepp35
    Commented Jan 14, 2019 at 16:43
  • They do. In fact, they often run dnsmasq. But "in a simple way" doesn't mean there is no scripting or integration work involved; it just means all the work has already been done by the manufacturer. You're making your own router, so now you get to do it.
    – grawity_u1686
    Commented Jan 14, 2019 at 16:50
  • That's also a great idea, to have local DNS cache. Is it ram heavy? Host has 4g of ddr3
    – xakepp35
    Commented Jan 14, 2019 at 16:59
  • For home use, I think you'll generally fit in 10–20 MB. (Consider how much RAM a cheap home router has...) Forwarding will still work even if you reduce the cache limit to near-zero, anyway.
    – grawity_u1686
    Commented Jan 14, 2019 at 19:49
  • I dont think that router caches DNS records. The old laggy Dlink Dir-400 (was just here by the hand) has only 16mb ram. Large part of that should be occupied with kernel, busybox, ulibc, web shell process (maybe cached pages/config), probably APR cache, and NAT forwarding table ... So I think router(basic/old) really lacks that DNS cache. Btw, that could be a third option for your answer (does dnsmasq simply forward every request? Or does it have some timeout-based cache?) comparison is more like slower MTD vs faster DRAM chips
    – xakepp35
    Commented Jan 14, 2019 at 20:41

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .