Hello,
- If I do not define DNS servers in the interface section for a subnet and If I do not push DHCP option 6 DNS Servers to clients is the internal DNS server automatically used or Do I have to put xxx.xxx.1.1 and xxx.xxx.2.1 and xxx.xxx.3.1 somewhere?
Unless you have your own DNS server or for some reason you need to use specific DNS servers, servers themselves are given by your ISP and used automatically. You can find DNS IP’s vis CLI executing the command:
- cat /tmp/resolv.conf.d/resolv.conf.auto
or
- logread | grep nameserver
- Is it correct that the DNS Servers in the interface section only handle client requests from this subnet?
If the value of DNS servers field in interface configuration window [Network -> Interfaces section] is defined, the yes, defines DNS server addresses will be used by this interface.
- Can I put DHCP option 6 DNS severs to the client that lie not in the subnet (if firewall rules are set correctly and my DNS servers ACL is correct)?
This option can be set in interface DHCP settings Advanced settings tab, and it applies for the interface, thus if your client is connected to this interface, its DNS queries will be forwarded to the server defined with the option.
- When and for what should I use the internal DNS server?
This might be personal preference if you are hosting some internal network and want to resolve hostnames of internal devices. External services are unable to do it. Also, if you do not want external providers to supervise your network activity. Local DNS can provide some speed increase and reduction of generated traffic due to having a local cache of most common queries from your network. This is mostly solved by Web browsers having a cache, but not every networking deice has one. Having your own DNS server provides traffic monitoring capabilities, which are absent or out of your control with service providers offerings. Then there are security concerns. DNS technology includes the capability of policy enforcement, whereby malicious DNS patterns are rejected by the resolution server based on policy settings (from the local security operations center) and policy subscriptions (from external security information providers).
- What exactly is the DNS forwardings parameter doing in the internal DNS section? I suppose that if a client does not find a DNS server in the interface section, it uses the internal DNS. If the DNS cannot answer the request it tries to forward the request to one of these DNS servers. Wouldn't it be better not to enter DNS servers in the interface section but in the DNS forwarding section of the internal DNS server?
This option is intended for private nameservers. For example, if you have a nameserver on your network which deals with names of the form xxx.internal.address.org at 192.168.1.1 then, according to documentation, giving the flag --server=/internal.address.org /192.168.1.1 will send all queries for internal machines to that nameserver, everything else will go to the servers in /etc/resolv.conf.
- What does the parameter "Local Service Only" mean? That the internal DNS only works for interfaces where DNS parameters are set?
With this option set dnsmasq service accepts DNS queries only from hosts, whose address is on a local subnet, ie a subnet for which an interface exists on the server.
- Perhaps I see everything to complicated and the DNS parameters in the interface sections are handled and managed by the internal DNS server under Network-->DNS.
DHCP and DNS services are carried by dnsmasq application. If you want an in-depth information on it, I would suggest to check a couple of links below:
Best regards,
