Setting up Raspberry Pi as a DHCP, NTP, and DNS server

Little Service

© Lead Image © Milosh Kojadinovich, 123RF.com

© Lead Image © Milosh Kojadinovich, 123RF.com

Article from Issue 159/2014
Author(s):

The versatile Raspberry Pi can serve many roles on a home network. We'll show you how to set up the Pi to provide some important network services.

The tiny US$ 35 Raspberry Pi computer [1] is gaining attention around the world as an education tool and a plaything for hobbyists. But, many users are discovering that the Rasp Pi can do real, practical things for a small network. After all, the Raspberry Pi is a real Linux computer, complete with an Ethernet port and USB ports.

The system is admittedly light on resources – with only 512MB memory and file storage on an SD card, but for simple tasks that aren't too resource-intensive, the Pi performs well. The fact that the Pi runs with very low power usage and hardly takes up any space are actually benefits in some scenarios, especially on home networks with little space and low demand.

This article describes how to set up the Raspberry Pi to perform a few common network services, including:

  • IP address allocation with DHCP
  • Time Service with NTP
  • Name service with Bind9

DHCP service is often performed by a home router or through the ISP's own DHCP server. However, DSL routers are sometimes overwhelmed with the task of managing a medium-sized home network, and they sometimes don't support a full range of DHCP services, such as assignment of fixed IP addresses.

Assigning IP addresses with a Raspberry Pi might seem like an improbable solution, but, in some cases, you might find it actually performs better than leaving this task to your home router. And anyway, at a minimum, you get some experience configuring network services, and you'll learn more about your Pi along the way.

A DNS server might seem even more improbable, because you have most likely gotten by just fine up until now without using a Raspberry Pi for name resolution, but this little exercise in network configuration shows the Pi at its best: a versatile tool that lets you experiment and explore without a lot of complication or risk. (See the box titled "Home DNS" for a look at some possible benefits.)

Home DNS

Name resolution on your own server is more than three times faster than resolution by external DNS servers, mainly because repeat requests can be answered from the internal cache instead of querying DNS servers on the Internet. To demonstrate this, consider the following experiment.

Multiple queries through Google's name servers required the following time profile:

fritz@fhserver:~>   time (for i in `seq 1 1000`;   do dig google.com @8.8.8.8 >   /dev/null 2>>/dev/null; done)
real    0m24.156s
user    0m4.825s
sys     0m3.517s

A similar sequence sent to my ISP's name server (Telecom) required the following:

fritz@fhserver:~>   time (for i in `seq 1 1000`;   do dig google.com   @217.237.148.70 >   /dev/null 2>>/dev/null; done)
real    0m27.430s
user    0m5.088s
sys     0m3.406s

My internal name server returned the names much faster, because it was able to make better use of caching:

fritz@fhserver:~>   time (for i in `seq 1 1000`;   do dig google.com @127.0.0.1 >   /dev/null 2>>/dev/null; done)
real    0m7.632s
user    0m4.305s
sys     0m2.736s

Of course, all of this takes place for a single name resolution within milliseconds and is therefore not of practical importance for a home network. However, it does illustrate the potential benefits of an internal name server. Another benefit of a home DNS server is that it gives you one central point for managing host names on your network.

In this case, note that the local network occupies a private, non-routable address range (192.168.100…), which is mapped to the Internet address space through Network Address Translation (NAT). The use of DNS with NAT complicates this solution if you want the DNS server to be accessible from beyond the network.

You might be wondering how this DNS server will map names to IP addresses if the IP addresses are dynamically assigned through DHCP. Of course, dynamic DNS is available for mapping permanent host names to temporary IP addresses. For the purposes of this simple configuration, I will configure the DHCP server to assign a fixed address to the client based on the MAC address.

Static IP Address

The Rasp Pi needs a static IP address to work as a DHCP server. You can start by determining which address the DSL router has assigned to the Rasp Pi (Listing 1).You can use the route command to determine the default gateway (the address of the DSL router; see Listing 2 for example).

Listing 1

Finding the IP Address

# ifconfig displays the current configuration of the Ethernet interface
fritz@raspberrypi ~ $ ifconfig a
eth0      Link encap:Ethernet  HWaddr b8:27:eb:80:7d:b8
          inet addr:192.168.100.73  Bcast:192.168.100.255  Mask:255.255.255.0

Listing 2

DSL Router Address

fritz@raspberrypi ~ $ route
Kernel IP routing table
Destination     Gateway         Genmask...
default         192.168.100.1   0.0.0.0...
192.168.100.0   *               255.255.255.0...

All the network addresses look like this: 192.168.100.x (or a.b.c.x, if the output was a.b.c.d). The DSL router address must not be assigned to any other device. I'll configure the Rasp Pi to use 192.168.100.2 as a permanent address by configuring a static address in /etc/network/interfaces (Listing 3).

Listing 3

/etc/network/interfaces

auto lo
iface lo inet loopback
iface eth0 inet dhcp
iface eth0 inet static
address 192.168.100.2
netmask 255.255.255.0
gateway 192.168.100.1
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Configuring NTP on the Rasp Pi

In the Raspbian image, which you can download from the Internet, NTP is already installed. However, if you want to use the Pi as a time server, you might want to change the different servers to the NTP pool defined in the config file. You need to edit the /etc/ntp.conf file and add servers to the NTP pool (see Listing 4).

Listing 4

/etc/ntp.conf

# You do need to talk to an NTP server or two (or three).
# server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: http://www.pool.ntp.org/join.html
#server 1.debian.pool.ntp.org iburst
#server 2.debian.pool.ntp.org iburst
#server 3.debian.pool.ntp.org iburst
server 0.de.pool.ntp.org iburst
server 1.de.pool.ntp.org iburst
server 2.de.pool.ntp.org iburst
server 3.de.pool.ntp.org iburst

You will find more information online [2]. In Listing 4, I have commented out the Debian time servers and added more servers in my home country to the NTP server pool.

I still need to negotiate a minor obstacle. If the IP address is retrieved via DHCP (which was the case until I convert to the static IP address), the time server configuration is not read from the /etc/ntp.conf file but from /var/lib/ntp/ntp.conf.dhcp. Things will stay this way as long as this file exists in the /var directory.

The time server registered in this file was the one assigned by the DHCP server, typically the address of the DSL server. First, make sure the static IP address is active (after changing /etc/network/interfaces, reboot your Rasp Pi – sudo init 6). Then, delete /var/lib/ntp/ntp.conf.dhcp, and again reboot your Rasp Pi. After a couple minutes, you can use the following:

ntpq -p

to check the configuration of the time server. The resulting output is shown in Listing 5.

Listing 5

Time Server Configuration

fritz@raspberrypi ~ $ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+imap.immobilien .PPS.            1 u   41   64    1   79.383   -0.553   1.211
+195.50.171.101  145.253.2.212    2 u    5   64    1   11.553   -1.133   1.247
*stratum2-4.NTP. 129.70.130.70    2 u    9   64    1   17.939   -1.059   0.146
-ntp.uni-oldenbu 192.53.103.104   2 u   40   64    1   24.178   -0.018   0.811

Installing the Name Server

The Bind9 (Berkeley Internet name service) package is responsible for name resolution. Bind9 is pretty easy to install with apt-get. You need to make sure your Rasp Pi has a large enough SD card (4GB or more, or preferably 16GB). Additionally, you should install the DNS-utils to provide useful commands, such as nslookup and dig. A check with nslookup shows that the Rasp Pi is still using the DSL server as its master, so I need to modify /etc/resolv.conf. You can find directories of free name server addresses online. For my locale, I found name servers through sites such as http://www.freie-nameserver.de/ or http://www.ungefiltert-surfen.de/nameserver/de. I can then enter these name servers in the /etc/resolv.conf file (Listing 6).

Listing 6

Configuring resolv.conf

01 fritz@raspberrypi ~ $ sudo apt-get install bind9
02 fritz@raspberrypi ~ $ sudo apt-get install dnsutils
03 nslookup www.telekom.de
04 Server:         192.168.100.2
05 Address:        192.168.100.2#53
06 Non-authoritative answer:
07 Name:   www.telekom.de
08 Address: 217.150.151.99
09
10 fritz@raspberrypi ~ $ sudo vi /etc/resolv.conf
11 domain homenet.de
12 search homenet.de
13 nameserver 127.0.0.1
14 nameserver 194.187.164.20
15 nameserver 193.158.224.9
16 nameserver 80.239.175.131
17 nameserver 80.239.207.176
18 nameserver 212.211.132.4
19 nameserver 212.43.68.10
20 nameserver 81.209.130.140
21 nameserver 213.30.253.65
22 nameserver 141.2.1.3
23
24 fritz@raspberrypi ~ $ nslookup www.telekom.de
25 Server:         127.0.0.1
26 Address:        127.0.0.1#53
27 Non-authoritative answer:
28 Name:   www.telekom.de
29 Address: 217.150.151.99

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Bind 10 Test Drive

    Admins have waited all of five years for the 10th major release of the Bind name server, which appeared at the end of March this year. The latest release is a complete rewrite of the DNS server, with a modular design and new configuration tools, but is it ready for business?

  • DNSSEC

    Some Internet exploits target name resolution servers. DNSSEC uses cryptography to protect the name resolution service.

  • Command Line: Network Diagnostic Tools

    Linux has the right tools to track down network errors and open the way for data packets.

  • Intrusion Detection

    The Prelude security information management system receives both host- and network-based IDS messages and displays them in an easy web interface. We show you how to set it up.

  • Snort

    Search out hidden attacks with the Snort intrusion detection system.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News