Making a DNS Server at home. Do I need to make DHCP also?

[deep1234]

Hi guys. 

Some History first. At my parents house they are having some issues with ISP router as it cant access some specific sites (Like YouTube). I did some check up and it seems that it has to do with DNS as I test OpenDNS on the client PCs and it is working fine.

As with the geographic location, OpenDNS is far with 300+ ms also the locate ISP DNS is about 150 to 200 ms. So making a local DNS server is the best option for me.

By using a spare old PC (that with intel Core2Duo). I will set it up and make the ISP router point to it as DNS 1 option and the DNS 2 with DNS 3 will be pointed somewhere else as backup.

Note: 

1 - We can exchange the router with the ISP. But first we need for technian visit plus router price which will cost. I want to try this first for the fun of it.

2 - It is possible for the ISP router not to work properly with the local DNS server. But there is only one way to find out.  

3 - I will make it as an automatic update and restart during specific times. 

4 -  Yes, it could be overkill. But I want to see how is goes. 

The question here. Should I disable the DHCP in the ISP router with this and enable it on CentOS with the DNS? Or it is not related? As I want them to continue use the internet even if the DNS server is off.

Thanks,

[+BudMan MVC]

You do understand you can set your router to use opendns right..  No need to use a spare PC..

 

If you were going to use a PC I would have it replace the whole router - pfsense on it for example. https://www.pfsense.org/

 

 

 

[deep1234]

1 minute ago, BudMan said:

You do understand you can set your router to use opendns right..  No need to use a spare PC..

 

If you were going to use a PC I would have it replace the whole router - pfsense on it for example. https://www.pfsense.org/

 

 

 

I do. I didn't do it since it will be slow for sure. But I will give it a try and see how it goes.

 

I used to have a Linux router with clearOS and it was superb for years. But I am forced to use the ISP router for higher internet speed. Since it is required for a specific upnp setup they use. 

[+BudMan MVC]

11 minutes ago, deep1234 said:

Since it is required for a specific upnp setup they use

 

What?  Pfsense support UPnP.. If your dns is slow because using isp dns on router.  And you point your clients to opendns - why would it not be better pointing the router to opendns?

 

What "router" from the isp do you they have?  Most likely if they have high speed internet its a cable gateway...  Please post up make and model.

 

BTW you say the isp dns is 100+ ms to respond??  You have a ISSUE there that has nothing to do with dns..   What is the response time to your isp gateway?  Did you just reboot this router?  While your isp dns might be crap you sure shouldn't be 100+ to respond to something that is cached..

 

Where exactly are you on the planet that google dns is 300ms??  South pole?   You have something wrong with your internet if google dns is 300ms away from you.

 

You in UAE.. that is only about 210-220ms away from Chicago... So how is it that googledns could be 300ms away from you??  Its not really possible..

 

[Daedroth]

What about using Google's DNS of 8.8.8.8, instead of OpenDNS? You may (or may not) find better latency results.

[GrayW]

As @BudMan keeps responding faster than me (I'm seriously beginning to think you're a bot!) with the sensible answers - listen to him!

 

And if we're looking at things purely for the "fun of it" angle, remember there are plenty of options out there when it comes to DNS servers available. Just be careful which ones you choose and do your research on the provider. Give something like https://github.com/google/namebench a go, and see which servers respond best for your location.

 

Setting up your own server:

Quote

Should I disable the DHCP in the ISP router with this and enable it on CentOS with the DNS? Or it is not related? As I want them to continue use the internet even if the DNS server is off.

You could do that, but they are separate services and can run from different places. But if the server is off and the computer can't get a DHCP lease, you're going to have issues. The simple solution to that is to use static IP configs on each device but depending on the number of devices, that could become a pain in the ass.

So, unless the server is going to run 24/7 you may as well keep the DHCP service running from the router. Also, if you're primary DNS is set to the server that's turned off you're going to experience delays in sites loading. I'm not entirely sure what the default timeout is, probably minimal.

[+BudMan MVC]

Ah good catch on the opendns, for whatever reason I read that as googledns

 

I would be interested in the response time to google dns since it anycast and located all over the globe..  But if his own isp dns is 100ms -- something is wrong!!!  There has to be a closer better dns..  But there is no reason for him to run some box as dns if only problem is slow dns.. He can just set his router to use the faster dns, or for that matter just have his machines use them directly.

 

But if he want to play with a PC -- I would use it as his router/firewall, which can do dns, dhcp, etc. etc.

[stefan88]

Unless the server is going to run 24/7, you may keep the DHCP service running from the router. Set your router to use opendns. For router issues, check this: 192.168.0.1

[nicedreams]

Pi-Hole is a very good project that might help you out since it's DNS related.  It's mainly for blocking ad's on your entire network while browsing the internet, but since it's DNS related it may help your resolution be faster.

 

Pi-Hole - Raspberry Pi Ad Blocking DNS Server

https://pi-hole.net/

 

Edit: After re-reading the post don't know if this is for you, but might help anyways...

[xendrome]

Even if you run a local DNS server, that local DNS server is going to have to run lookups for non-cached domains and it's going to take the same amount of time if not longer. Since now you are resolving from a local DNS server then out a a 3rd party or root server.

[d5aqoëp]

Use 8.8.8.8 and 8.8.4.4 as DNS servers in your Router and get on with life.

 

It would be incredibly stupid to waste time and resources in setting up and running just a DNS server. 

 

Just open a cmd window and ping 8.8.8.8 and report the results.

[+BudMan MVC]

On 12/5/2017 at 8:00 AM, d5aqoëp said:

It would be incredibly stupid to waste time and resources in setting up and running just a DNS server.

Such a blanket statement needs some clarification to be sure.. In a home setup would I dedicate any sort of real resource to ONLY be dns.. Prob not.. But running a dns server locally to provide for local resolution as well as being a resolver vs a forwarder or even as just forwarder has some HUGE advantages to what can be accomplished.

 

The actual resources in cpu time is minor.. So as long as you have something running doing whatever else it might be doing that can provide for local dns.. A raspberry pi has more than enough umph to provide for lots of different local services one of them being dns.. It can be your dhcp, while it is also your plex server, your ntp server, etc..  Your shell access to linux - or whatever else you might want to do with such a device.

 

I brought up pfsense since if you are running that as your router - then you have all you need to run either fully functional forwarder like dnsmasq, or resolver like unbound or even full blown BIND..

 

The mentioned pihole would be a good example of way to kill 2 birds with 1 stone - it can be your local dns while also providing ability to block bad sites, ads, etc. Can also be your dhcp server and multiple other things if you just have it running on something you already have running,  Or just get yourself a pi zero for a few bucks ($5), etc..  If you don't have a usb dongle for wifi that will work with it you could get the pi zero W for a whole 10$ as something to run local services on..

 

If you do not understand the HUGE differences in the ability to run your own resolver vs just forwarding everything to google or open or whatever.. Then such a project is not for you - but I for one would never go back to just forwarding..  You never know what you could get back - I will ask the authoritative NS for the domain I am interested thank you very much directly    And hopefully they also are using dnssec so I know for sure that info indeed came from them, etc.

 

The forwarding features of the lame ass dns services provided in your typical soho wifi router are pathetic at best, compared to the feature set of something like fully configurable dnsmasq, powerdns, unbound, bind, etc. etc.

 

BTW pinging 8.8.8.8 is not a valid test of query time or that your isp is not intercepting your dns, etc. etc.  At best it would be a approximation of the response time to a query.

 

I personally run all my local devices through pi-hole running on 1 of the PIs I have running.  Which just forwards to my resolver (unbound running on pfsense).. One of the big things I like with pihole is the dashboard providing instant insight into the amount and type of dns traffic all devices on your network are doing..  And the ability to block such stuff that you might not want devices to be able to resolve.  The query log and top domains being asked for can be a huge help in securing and fixing issues on your network.