In the DHCP configuration outlined in the previous section, the clients are sent the upstream providers DNS server IP addresses. This is the simplest way to set things up, but you might want to go to a step further and run your own DNS server.
There are two common reasons to run your own DNS server: caching DNS lookups for performance reasons or hosting a domain. DNS caching can improve performance by handling repeated DNS lookups locally. This probably won’t make a very big difference unless your upstream DNS server has noticeable delays. The proper hosting of a domain is a more advanced topic; if you wish to do this, you should consult the DNS server documentation for information on configuration.
By running
DNS as an additional service on the gateway, a new potential point of
vulnerability is introduced. BIND, the most widely used DNS server,
has a history of security issues. To help limit exposure, it should
be set up in a chroot
environment. The latest
version of BIND and documentation can be found at http://www.isc.org/products/BIND/.
If you do decide to configure the gateway with a caching DNS server,
make sure you change the DHCP configuration file to give the proper
gateway IP addresses in option domain-name-server
.
The address will be different for the wired and wireless segments as
the gateway’s two interfaces for those segments have
different IP addresses. The DNS server should also have zone files to
handle reverse lookups on your internal address space by the clients.
18.190.152.38