Setting up Raspberry Pi as a DHCP, NTP, and DNS server
The versatile Raspberry Pi can serve many roles on a home network. We'll show you how to set up the Pi to provide some important network services.
The tiny US$ 35 Raspberry Pi computer  is gaining attention around the world as an education tool and a plaything for hobbyists. But, many users are discovering that the Rasp Pi can do real, practical things for a small network. After all, the Raspberry Pi is a real Linux computer, complete with an Ethernet port and USB ports.
The system is admittedly light on resources – with only 512MB memory and file storage on an SD card, but for simple tasks that aren't too resource-intensive, the Pi performs well. The fact that the Pi runs with very low power usage and hardly takes up any space are actually benefits in some scenarios, especially on home networks with little space and low demand.
This article describes how to set up the Raspberry Pi to perform a few common network services, including:
- IP address allocation with DHCP
- Time Service with NTP
- Name service with Bind9
DHCP service is often performed by a home router or through the ISP's own DHCP server. However, DSL routers are sometimes overwhelmed with the task of managing a medium-sized home network, and they sometimes don't support a full range of DHCP services, such as assignment of fixed IP addresses.
Assigning IP addresses with a Raspberry Pi might seem like an improbable solution, but, in some cases, you might find it actually performs better than leaving this task to your home router. And anyway, at a minimum, you get some experience configuring network services, and you'll learn more about your Pi along the way.
A DNS server might seem even more improbable, because you have most likely gotten by just fine up until now without using a Raspberry Pi for name resolution, but this little exercise in network configuration shows the Pi at its best: a versatile tool that lets you experiment and explore without a lot of complication or risk. (See the box titled "Home DNS" for a look at some possible benefits.)
Name resolution on your own server is more than three times faster than resolution by external DNS servers, mainly because repeat requests can be answered from the internal cache instead of querying DNS servers on the Internet. To demonstrate this, consider the following experiment.
Multiple queries through Google's name servers required the following time profile:
fritz@fhserver:~> time (for i in `seq 1 1000`; do dig google.com @22.214.171.124 > /dev/null 2>>/dev/null; done) real 0m24.156s user 0m4.825s sys 0m3.517s
A similar sequence sent to my ISP's name server (Telecom) required the following:
fritz@fhserver:~> time (for i in `seq 1 1000`; do dig google.com @126.96.36.199 > /dev/null 2>>/dev/null; done) real 0m27.430s user 0m5.088s sys 0m3.406s
My internal name server returned the names much faster, because it was able to make better use of caching:
fritz@fhserver:~> time (for i in `seq 1 1000`; do dig google.com @127.0.0.1 > /dev/null 2>>/dev/null; done) real 0m7.632s user 0m4.305s sys 0m2.736s
Of course, all of this takes place for a single name resolution within milliseconds and is therefore not of practical importance for a home network. However, it does illustrate the potential benefits of an internal name server. Another benefit of a home DNS server is that it gives you one central point for managing host names on your network.
In this case, note that the local network occupies a private, non-routable address range (192.168.100…), which is mapped to the Internet address space through Network Address Translation (NAT). The use of DNS with NAT complicates this solution if you want the DNS server to be accessible from beyond the network.
You might be wondering how this DNS server will map names to IP addresses if the IP addresses are dynamically assigned through DHCP. Of course, dynamic DNS is available for mapping permanent host names to temporary IP addresses. For the purposes of this simple configuration, I will configure the DHCP server to assign a fixed address to the client based on the MAC address.
Static IP Address
The Rasp Pi needs a static IP address to work as a DHCP server. You can start by determining which address the DSL router has assigned to the Rasp Pi (Listing 1).You can use the
route command to determine the default gateway (the address of the DSL router; see Listing 2 for example).
Finding the IP Address
# ifconfig displays the current configuration of the Ethernet interface fritz@raspberrypi ~ $ ifconfig a eth0 Link encap:Ethernet HWaddr b8:27:eb:80:7d:b8 inet addr:192.168.100.73 Bcast:192.168.100.255 Mask:255.255.255.0
DSL Router Address
fritz@raspberrypi ~ $ route Kernel IP routing table Destination Gateway Genmask... default 192.168.100.1 0.0.0.0... 192.168.100.0 * 255.255.255.0...
All the network addresses look like this:
192.168.100.x (or a.b.c.x, if the output was a.b.c.d). The DSL router address must not be assigned to any other device. I'll configure the Rasp Pi to use
192.168.100.2 as a permanent address by configuring a static address in
/etc/network/interfaces (Listing 3).
auto lo iface lo inet loopback iface eth0 inet dhcp iface eth0 inet static address 192.168.100.2 netmask 255.255.255.0 gateway 192.168.100.1 allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp
Configuring NTP on the Rasp Pi
In the Raspbian image, which you can download from the Internet, NTP is already installed. However, if you want to use the Pi as a time server, you might want to change the different servers to the NTP pool defined in the config file. You need to edit the
/etc/ntp.conf file and add servers to the NTP pool (see Listing 4).
# You do need to talk to an NTP server or two (or three). # server ntp.your-provider.example # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: http://www.pool.ntp.org/join.html #server 1.debian.pool.ntp.org iburst #server 2.debian.pool.ntp.org iburst #server 3.debian.pool.ntp.org iburst server 0.de.pool.ntp.org iburst server 1.de.pool.ntp.org iburst server 2.de.pool.ntp.org iburst server 3.de.pool.ntp.org iburst
I still need to negotiate a minor obstacle. If the IP address is retrieved via DHCP (which was the case until I convert to the static IP address), the time server configuration is not read from the
/etc/ntp.conf file but from
/var/lib/ntp/ntp.conf.dhcp. Things will stay this way as long as this file exists in the
The time server registered in this file was the one assigned by the DHCP server, typically the address of the DSL server. First, make sure the static IP address is active (after changing
/etc/network/interfaces, reboot your Rasp Pi –
sudo init 6). Then, delete
/var/lib/ntp/ntp.conf.dhcp, and again reboot your Rasp Pi. After a couple minutes, you can use the following:
to check the configuration of the time server. The resulting output is shown in Listing 5.
Time Server Configuration
fritz@raspberrypi ~ $ ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== +imap.immobilien .PPS. 1 u 41 64 1 79.383 -0.553 1.211 +188.8.131.52 184.108.40.206 2 u 5 64 1 11.553 -1.133 1.247 *stratum2-4.NTP. 220.127.116.11 2 u 9 64 1 17.939 -1.059 0.146 -ntp.uni-oldenbu 18.104.22.168 2 u 40 64 1 24.178 -0.018 0.811
Installing the Name Server
The Bind9 (Berkeley Internet name service) package is responsible for name resolution. Bind9 is pretty easy to install with apt-get. You need to make sure your Rasp Pi has a large enough SD card (4GB or more, or preferably 16GB). Additionally, you should install the DNS-utils to provide useful commands, such as
dig. A check with
nslookup shows that the Rasp Pi is still using the DSL server as its master, so I need to modify
/etc/resolv.conf. You can find directories of free name server addresses online. For my locale, I found name servers through sites such as http://www.freie-nameserver.de/ or http://www.ungefiltert-surfen.de/nameserver/de. I can then enter these name servers in the
/etc/resolv.conf file (Listing 6).
01 fritz@raspberrypi ~ $ sudo apt-get install bind9 02 fritz@raspberrypi ~ $ sudo apt-get install dnsutils 03 nslookup www.telekom.de 04 Server: 192.168.100.2 05 Address: 192.168.100.2#53 06 Non-authoritative answer: 07 Name: www.telekom.de 08 Address: 22.214.171.124 09 10 fritz@raspberrypi ~ $ sudo vi /etc/resolv.conf 11 domain homenet.de 12 search homenet.de 13 nameserver 127.0.0.1 14 nameserver 126.96.36.199 15 nameserver 188.8.131.52 16 nameserver 184.108.40.206 17 nameserver 220.127.116.11 18 nameserver 18.104.22.168 19 nameserver 22.214.171.124 20 nameserver 126.96.36.199 21 nameserver 188.8.131.52 22 nameserver 184.108.40.206 23 24 fritz@raspberrypi ~ $ nslookup www.telekom.de 25 Server: 127.0.0.1 26 Address: 127.0.0.1#53 27 Non-authoritative answer: 28 Name: www.telekom.de 29 Address: 220.127.116.11
Buy this article as PDF
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm
Report from the X-Force group says attackers are using TOR to hide their crimes
Future Firefox extensions will be compatible with Chrome.
Better read this if you bought your computer before 2011
Users should upgrade to the new version as soon as possible
Xen project announces a privilege escalation problem for Qemu host systems