FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
2,363 views 1 comments
by anonymous

Hello,

Obviously I have a misunderstanding of the DNS server in Teltonika router. I know what a DNS is. I have hosted two DNS bind9 server on my two Raspberry PIs, lets call dem DNS1 and DNS2. They work properly, especially for my LAN network (xxx.xxx.1.0/24), let's call it LAN. They can also answer requests for my IoT Network (xxx.xxx.2.0/24), let's call it IoT and for my Guest Network (xxx.xxx.3.0/24), let's call it Guest. What I don't really understand is follwing.

In Teltonika Routers you can add a number of DNS servers to each interface. So, I could put my DNS1 and DNS2 here. If a client connects to the interface (and has not defined DNS servers by its own in his client) then, if a request from the client takes place in the subnet of ther interface, the Teltonika router will forward the request to one of this DNS servers. I think this is correct.

So, if I have three subnets I could define specific DNS servers for each subnet (which would never be used if the client defines his own DNS servers).

No, I have DHCP option 6, which can also pass DNS Servers to a requesting client. If a client in a DHCP enabled subnet gets an IP from the DHCP server, the DHCP server "proposes" DNS servers, but why? The DNS servers are already defined in the interface setting of the subnet.

And then, my last question that is more related to Teltonika router. If I have so many possibilities to define DNS servers, why there is anotehr DNS listed under Network --> DNS? I suppose that is the internal DNS server of the Teltonika router.

My questions

  • If I do not define DNS servers in the interface section for a subnet and If I do not push DHCP option 6 DNS Servers to clients is the internal DNS server automatically used or Do I have to put xxx.xxx.1.1 and xxx.xxx.2.1 and xxx.xxx.3.1 somewehre?
  • Is it correct that the DNS Servers in the interface section only handle client requests from this subnet?
  • Can I put DHCP option 6 DNS severs to the client that lie not in the subnet (if firewall rules are set cirrectly and my DNS servers ACL ist correct)?
  • When and for what should I use the internal DNS server?
  • What exactly is the DNS forwardings parameter doing in the internal DNS section? I suppose that if a client does not find a DNS server in the interface section, it uses the internal DNS. If the DNS cannot answer the request it tries to forward the request to one of these DNS servers. Wouldn't it be better not to enter DNS servers in the interface section but in the DNS forwarding section of the internal DNS server?
  • What does the parameter "Local Service Only" mean? That the internal DNS only works for interfaces where DNS parameters are set?
  • Perhaps I see everything to complicated and the DNS parameters in the interface sections are handled and manged by the internal DNS server under Network-->DNS.
Thanks for help.
Regards,
Equi

1 Answer

+1 vote
by anonymous

Hello,

  • If I do not define DNS servers in the interface section for a subnet and If I do not push DHCP option 6 DNS Servers to clients is the internal DNS server automatically used or Do I have to put xxx.xxx.1.1 and xxx.xxx.2.1 and xxx.xxx.3.1 somewhere?

Unless you have your own DNS server or for some reason you need to use specific DNS servers, servers themselves are given by your ISP and used automatically. You can find DNS IP’s vis CLI executing the command:

  • cat /tmp/resolv.conf.d/resolv.conf.auto

or

  • logread | grep nameserver

  • Is it correct that the DNS Servers in the interface section only handle client requests from this subnet?

If the value of DNS servers field in interface configuration window [Network -> Interfaces section] is defined, the yes, defines DNS server addresses  will be used by this interface.

  • Can I put DHCP option 6 DNS severs to the client that lie not in the subnet (if firewall rules are set correctly and my DNS servers ACL is correct)?

 This option can be set in interface DHCP settings Advanced settings tab, and it applies for the interface, thus if your client is connected to this interface, its DNS queries will be forwarded to the server defined with the option.

  • When and for what should I use the internal DNS server?

This might be personal preference if you are hosting some internal network and want to resolve hostnames of internal devices. External services are unable to do it. Also, if you do not want external providers to supervise your network activity. Local DNS can provide some speed increase and reduction of generated traffic due to having a local cache of most common queries from your network. This is mostly solved by Web browsers having a cache, but not every networking deice has one. Having your own DNS server provides traffic monitoring capabilities, which are absent or out of your control with service providers offerings. Then there are security concerns. DNS technology includes the capability of policy enforcement, whereby malicious DNS patterns are rejected by the resolution server based on policy settings (from the local security operations center) and policy subscriptions (from external security information providers). 

  • What exactly is the DNS forwardings parameter doing in the internal DNS section? I suppose that if a client does not find a DNS server in the interface section, it uses the internal DNS. If the DNS cannot answer the request it tries to forward the request to one of these DNS servers. Wouldn't it be better not to enter DNS servers in the interface section but in the DNS forwarding section of the internal DNS server?

This option is intended for private nameservers. For example, if you have a nameserver on your network which deals with names of the form xxx.internal.address.org at 192.168.1.1 then, according to documentation, giving the flag --server=/internal.address.org /192.168.1.1 will send all queries for internal machines to that nameserver, everything else will go to the servers in /etc/resolv.conf.

  • What does the parameter "Local Service Only" mean? That the internal DNS only works for interfaces where DNS parameters are set?

With this option set dnsmasq service accepts DNS queries only from hosts, whose address is on a local subnet, ie a subnet for which an interface exists on the server.

  • Perhaps I see everything to complicated and the DNS parameters in the interface sections are handled and managed by the internal DNS server under Network-->DNS.

DHCP and DNS services are carried by dnsmasq application. If you want an in-depth information on it, I would suggest to check a couple of links below:

Best regards,

Best answer
by anonymous
Thanks a lot for detailed answer.