Name service behind a firewall/NAT router

Fri Jan 5 13:38:01 EST 2007

On Fri, 2007-01-05 at 12:53 -0500, Bill Freeman wrote:
> I live in a couple of instances of a private (192.168...) LAN behind a
> firewall/NAT/router appliance (Linksys, Netgear).
> 
> There are several machines on each of these LANs, at least one of which
> is an (almost) always on linux box.
> 
> We get tired of typing IP addresses, and would like to refer to machines
> by name.  For the linux and mac os x boxes I could make entries in /etc/hosts,
> and there's probably a similar file on the xp, 2k, and 98 boxes, but then
> I'm stuck keeping them in sync.  It seems like I ought to be able to run
> a name server on the linux box.  I could go read the DNS and BIND book for
> a while, or try to think of other combinations to google, but I thought that
> maybe someone here has already dealt with this scenario, and I could be lazy.
> 
> I have no desire to make these machines visible on the internet as a whole.
> While I have some throw away domains available, what I'd really like is to
> have single word (no "."s) hostnames resolved to IP addresses on the LAN,
> and everything else resolved by the ISP's nameserver.  I fool myself that
> I understand DNS enough to know that the local nameserver is willing to
> get stuff from the outside nameserver as necessary.
> 
> One gotcha is that it would be nice if the local machines would use or at
> least fall back to the ISP's nameserver against the possibility that the
> local nameserver crashes (gets unplugged by the cleaning woman) when I'm
> not around to bring it back up.
> 
> In addition to setting up a nameserver, it seems that I probably have to
> fiddle the DHCP server on the router to tell the local machines about my
> nameserver.  (Clearly, it would still be good if my nameserver could find
> out about it if the ISP changed their nameserver IP, but this is a lesser
> problem.)  Again, because the linux box could be down (really old hardware),
> it's not particularly inviting to run a DHCP server there, but the router
> may not be fully configurable.  (I could re-flash my home one with open
> source code, but probably not others.)  Is there a way to fail-over DHCP
> servers?  I could conceivably run backup servers on one of the mac os x
> boxes.
> 
> I'll worry about making two such LANs route to one another via openVPN
> sometime in the future.
> 
> Any prefabricated solutions out there?

dnsmasq?  AFAICT it's pretty much designed for just this scenario.  It
will serve up the contents of the server's /etc/hosts as DNS records in
additional to proxying (and caching) external DNS requests.  If you let
it be the DHCP server too, it can also do DNS resolving for DHCP
clients.  