Using a Raspberry Pi for a DNS and DHCP Server
In my house, I would like to connect various systems to each other over the network. Unfortunately, the various wireless routers we have don’t really support DNS for our local systems. This was especially frustrating when trying to leverage CUPS printing from Windows 10 machines–the URL wasn’t to the CUPS printer wasn’t particularly stable nor guaranteed to work via a system name.
To solve this, I employed a Raspberry Pi to serve as my local DHCP and DNS server. With that combination, it was fairly easy to provide DNS services for my local machines.
I followed the instructions found at http://www.andrewoberstar.com/blog/2012/12/30/raspberry-pi-as-server-dns-and-dhcp , which was quite helpful. But, I did run into a few things.
First, the instructions did not mention the fact that the Raspberry Pi itself needed to have a static IP. I knew that and fixed it before moving on with the instructions. Not being a heavy Debian user, I used https://www.modmypi.com/blog/tutorial-how-to-give-your-raspberry-pi-a-static-ip-address to provide an example of how to configure the Pi with a static IP.
Second, it is worth noting that the preferred way of modifying the dnsmasq setup is to create a file in “/etc/dnsmasq.d” with the modified settings. In my case, I copied the default “/etc/dnsmasq.conf” file into “/etc/dnsmasq.d” with a new name and modified the file.
Third, I setup the DHCP server with the following two additions to the configuration:
dhcp-range=192.168.0.50,192.168.0.99,12h
dhcp-option=3,192.168.0.1
The first is necessary to define a range of IPs to use for DHCP. The second is necessary to set the IP of the gateway that gets advertised via DHCP. Setting the gateway is necessary in my case because the Raspberry Pi is not the gateway and dnsmasq assumes that the server is running on the gateway unless told otherwise. Of course, the actual IP range and gateway is dependent on your local network configuration.
With this in place, we can now connect to various systems in the house by name and I hope that configuring Windows 10 machines to connect to my CUPS print server goes more smoothly.
(Update 8/11/2016)
I wanted to find some way to control the access of our kids to our network, especially, they are grounded for some reason or another. What I discovered was that dnsmasq has some very nice facilities to control access by ignoring DHCP requests by specific machines based on their MAC addresses. While there can be other approaches, this has worked quite well, especially, when the users can’t or don’t know how to set a static IP on their machine.
The implementation is quite simple. First, I reduced the length of the DHCP leases to just one hour as follows: dhcp-range=192.168.0.50,192.168.0.99,1h This is different from the line above in my original post, which provided a 12-hour lease.
Second, you create a list of MAC addresses and tag them. Here is an example:
# "kid" computer
dhcp-host=00:11:22:33:44:55,set:kid
# "kidPhone"
dhcp-host=66:77:88:99:AA:BB,set:kid
# kid's tablet
dhcp-host=CC:DD:EE:FF:00:11,set:kid
# Test VM dhcp-host=22:33:44:55:66:77,set:vmtest
# TV dhcp-host=88:99:AA:BB:CC:DD,set:tv
In the example above, I am using 3 tags: kid, vmtest, and tv.
Next, you can add lines like the following to ignore DHCP requests based on the tags:
# dhcp-ignore=tag:kid
# dhcp-ignore=tag:vmtest
dhcp-ignore=tag:tv
In this example, only the MAC addresses tagged with tv are ignored. If I uncommented, the line with the kid tag, then all three machines tagged with the kid tag would be ignored once I restarted dnsmasq. By having commented-out lines ready to go, it is easy to remove the comment and restart dnsmasq to start ignoring DHCP requests from the tagged machines. When I want to enable DHCP support for tagged machines, I simply comment out the line and restart dnsmasq.
When I have a little time, I plan to create some Python or Node.js scripts to provide some automation of this approach to blocking. For instance, I can run these scripts with cron to update the localized dnsmasq.conf file based on times of day and/or the day of the week. Further, I think it would be nice to provide a web interface for controlling this. Finally, I had the idea that I could have some software to create “one-time” passwords that could be used to allow the kids to enable their Internet access. I would have the system generate the “one-time” passwords and I could pass the “one-time” passwords on to the kids once they have done their homework, chores, etc. allowing the kids to enable the Internet for themselves while I am away from home.
Anyway, dnsmasq is a very handy, powerful tool. While it isn’t designed to handle enterprise-level installations (based on the dnsmasq site), it is plenty powerful for small installations.