User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
router:dhcp-dns [2024/09/17 10:14] willyrouter:dhcp-dns [2025/02/06 08:03] (current) – removed willy
Line 1: Line 1:
-===== DNS, DHCP and routing for the internal network ===== 
- 
-Since your home network is connected **only** to your home server (right?), in order to be able to navigate and use the home network you must configure some services on your home server. 
- 
-In detail, you will need: 
-  * one DNS server, so that devices in the home network can resolve names to addresses (and filter ads) 
-  * one DHCP server, so provide devices in the home network with automatic configuration 
-  * one default gateway and router: to allow devices in the home network to access stuff on the internet 
- 
-At first i have been using DNSmasq, which is a seemingly easy approach to both DNS and DHCP for the home network. After a lengthly and annoying debugging session with Android devices i found out that DNS has evolved a lot and DNSMasq is today a bit outdated.  
- 
-I decided then to go straight to the Gentoo standard DHCP server and Unbound DNS resolver/forwarder, and i couldn't be happier. 
- 
-For future reference, the older DNSMasq information has been moved to a separate page. 
- 
-To create a router, you will be using the Linux built-in great nftables tools that today has replaced the older iptables.  
- 
- 
- 
-[[https://en.wikipedia.org/wiki/Domain_Name_System|The DNS]] (Domain Name System) is how _names_ are converted to _addresses_ on the internet. Historically one of the oldest Internet Services still in use today, it suffers from a lot of drawbacks and issues, specially on the privacy side of things. The original plain-text protocol (on port 53, UDP) has been extended over the years with a few improvements like **DNS over TLS (DoT)** and **DNS over HTTPS (DoH)**. Both the new extensions provide more privacy, as the requests are encrypted your ISP and middleman cannot snoop every website you visit, and more robustness as, paired with DNSSEC, it is now more difficult to feed you malicious DNS responses and redirect your traffic to bad websites (think of malaware and such). 
- 
-[[https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol|Dynamic Host Configuration Protocol]] is how your devices will automatically get an IP address when they connect to your home network. Also additional information will be passed to the device, like gateway address and DNS server. 
-