Introduction
Every networked system relies on two fundamental services: DNS (Domain Name System) translates human-readable hostnames into IP addresses, while DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses and network parameters to devices. Understanding these services is essential for Linux system administrators managing network infrastructure.
This comprehensive guide covers DNS and DHCP implementation on Linux, from basic configuration to advanced setups. Whether you’re setting up a home network or enterprise infrastructure, these skills are fundamental to reliable network operations in 2026.
DNS Fundamentals
How DNS Works
DNS operates as a hierarchical, distributed database mapping domain names to IP addresses. When you type “example.com” in your browser, the DNS resolver initiates a multi-step lookup process:
- Local Cache: The resolver checks its cache for the answer
- Root Server: If not cached, it queries a root server (.) for .com TLD servers
- TLD Server: The root server redirects to .com top-level domain servers
- Authoritative Server: The TLD server points to the authoritative nameserver for example.com
- Answer: The authoritative server returns the A (IPv4) or AAAA (IPv6) record
This process typically takes milliseconds due to aggressive caching at each level. DNS uses UDP port 53 primarily, with TCP for large responses or zone transfers.
Record Types
Understanding DNS record types is essential for proper configuration:
- A Record: Maps hostname to IPv4 address
- AAAA Record: Maps hostname to IPv6 address
- CNAME Record: Creates alias pointing to another hostname
- MX Record: Specifies mail exchange servers
- TXT Record: Holds arbitrary text for verification
- NS Record: Delegates authority to nameservers
- SOA Record: Start of Authority - zone metadata
- PTR Record: Reverse DNS lookup (IP to hostname)
- SRV Record: Service location records
DNS Servers on Linux
Bind: The Industry Standard
Bind (Berkeley Internet Name Domain) is the most widely deployed DNS server. Install and configure it:
# Install Bind
sudo apt install bind9 bind9utils bind9-doc
# Configuration files
# /etc/bind/named.conf - main configuration
# /etc/bind/named.conf.options - global options
# /etc/bind/named.conf.local - zone definitions
# /etc/bind/db.* - zone database files
A basic caching DNS server configuration:
# /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
# Forward queries to upstream DNS
forwarders {
8.8.8.8;
8.8.4.4;
1.1.1.1;
};
# Allow queries from local network
allow-query { 192.168.1.0/24; localhost; };
# Enable recursion
recursion yes;
# DNSSEC validation
dnssec-validation auto;
# Listen on local interfaces
listen-on { 127.0.0.1; 192.168.1.1; };
# Log queries for debugging
querylog yes;
};
Create a forward zone for your domain:
# /etc/bind/named.conf.local
zone "example.local" {
type master;
file "/etc/bind/db.example.local";
allow-transfer { 192.168.1.0/24; };
};
# Zone file: /etc/bind/db.example.local
$TTL 604800
@ IN SOA ns1.example.local. admin.example.local. (
2026030501 ; Serial (YYYYMMDDNN)
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; Name servers
@ IN NS ns1.example.local.
@ IN NS ns2.example.local.
; A records
@ IN A 192.168.1.10
ns1 IN A 192.168.1.11
ns2 IN A 192.168.1.12
www IN A 192.168.1.10
mail IN A 192.168.1.20
; CNAME records
blog IN CNAME www
shop IN CNAME www
; MX record
@ IN MX 10 mail.example.local.
; TXT record for SPF
@ IN TXT "v=spf1 mx -all"
Configure a slave zone for redundancy:
# On slave server /etc/bind/named.conf.local
zone "example.local" {
type slave;
file "db.example.local";
masters { 192.168.1.11; };
};
dnsmasq: Lightweight Alternative
For smaller deployments, dnsmasq provides DNS and DHCP in a single lightweight package:
# Install dnsmasq
sudo apt install dnsmasq
# Configuration: /etc/dnsmasq.conf
# Basic dnsmasq configuration
interface=eth0
bind-interfaces
domain=example.local
# Upstream DNS servers
server=8.8.8.8
server=1.1.1.1
# Local domain overrides
address=/homeassistant.local/192.168.1.100
address=/printer.local/192.168.1.150
# CNAME aliases
cname=www.local,server.local
# DHCP range
dhcp-range=192.168.1.50,192.168.1.150,12h
dhcp-option=option:router,192.168.1.1
dhcp-option=option:dns-server,192.168.1.1
dhcp-option=option:domain-name,example.local
# Static DHCP leases
dhcp-host=00:11:22:33:44:55,192.168.1.200,server
# Cache size
cache-size=1000
systemd-resolved: Local Stub Resolver
Modern Linux systems use systemd-resolved as the local DNS stub:
# Check status
systemctl status systemd-resolved
# View current DNS configuration
resolvectl status
resolvectl dns
# Query DNS records directly
resolvectl query example.com
The stub resolver reads /etc/resolv.conf and typically points to 127.0.0.53:
# /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search example.local
DNS Troubleshooting
Essential Diagnostic Tools
# Basic DNS query with dig
dig example.com
dig @8.8.8.8 example.com
dig -x 192.168.1.1 # Reverse lookup
# Query specific record types
dig example.com A
dig example.com AAAA
dig example.com MX
dig example.com TXT
dig example.com NS
# Short output
dig +short example.com
# Trace DNS resolution
dig +trace example.com
# Using nslookup (deprecated but available)
nslookup example.com
nslookup -type=MX example.com
# Using host command
host example.com
host -t MX example.com
Common DNS Issues
DNS not resolving:
# Check if DNS service is running
systemctl status bind9
systemctl status dnsmasq
# Test with specific server
dig @127.0.0.1 example.com
# Check firewall
sudo iptables -L -n | grep 53
sudo ufw status
DNS resolution slow:
# Check for DNSSEC issues
dig +cd example.com # CD flag disables DNSSEC
# Monitor query performance
sudo rndc stats
cat /var/cache/bind/named.stats
# Check for caching issues
sudo systemd-resolve --flush-caches
sudo resolvectl flush-caches
Zone transfer blocked:
# Check named.conf for allow-transfer
# Test zone transfer
dig @master-server axfr example.com
DHCP Fundamentals
How DHCP Works
DHCP automates IP address assignment through a four-step process:
- DHCPDISCOVER: Client broadcasts to find DHCP servers
- DHCPOFFER: Server offers available IP address
- DHCPREQUEST: Client requests the offered IP
- DHCPACK: Server acknowledges and finalizes lease
This lease typically expires after a configured period, requiring renewal. The process uses UDP port 67 (server) and 68 (client).
DHCP Server Configuration
isc-dhcp-server
# Install ISC DHCP server
sudo apt install isc-dhcp-server
# Configuration: /etc/dhcp/dhcpd.conf
# Basic DHCP configuration
# Global options
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;
# Subnet declaration
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.50 192.168.1.150;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1, 8.8.8.8;
option domain-name "example.local";
# Default gateway
option routers 192.168.1.1;
# NTP servers
option ntp-servers 192.168.1.1;
# PXE boot
next-server 192.168.1.10;
filename "pxelinux.0";
}
# Static IP assignment
host server1 {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.1.200;
}
# IPv6 configuration
subnet6 2001:db8:1::/64 {
range6 2001:db8:1::10 2001:db8:1::100;
option dhcp6.name-servers 2001:db8:1::1;
}
Configure the network interface:
# /etc/default/isc-dhcp-server
INTERFACESv4="eth0"
INTERFACESv6="eth0"
# Start and enable
sudo systemctl start isc-dhcp-server
sudo systemctl enable isc-dhcp-server
Managing DHCP Leases
# View active leases
cat /var/lib/dhcp/dhcpd.leases
# View lease history
cat /var/lib/dhcp/dhcpd.leases~
# Testing configuration
sudo dhcpd -t -cf /etc/dhcp/dhcpd.conf
DHCP with dnsmasq
dnsmasq handles both DNS and DHCP:
# /etc/dnsmasq.conf additions
dhcp-range=192.168.1.50,192.168.1.150,255.255.255.0,12h
dhcp-range=192.168.1.0,static
# Multiple subnets
dhcp-range=set:subnet1,192.168.1.50,192.168.1.150,12h
dhcp-range=set:subnet2,192.168.2.50,192.168.2.150,12h
# DHCP options
dhcp-option=option:router,192.168.1.1
dhcp-option=option:subnet-mask,255.255.255.0
dhcp-option=option:dns-server,192.168.1.1,8.8.8.8
dhcp-option=option:domain-name,example.local
dhcp-option=option:ntp-server,0.pool.ntp.org
# Static reservations
dhcp-host=00:11:22:33:44:55,192.168.1.200,server1
dhcp-host=00:11:22:33:44:66,192.168.1.201,server2
# PXE boot support
dhcp-match=set:pxe,option:client-arch,0
dhcp-boot=tag:pxe,boot/pxelinux.0
Client Configuration
Linux DHCP Client
# Using dhclient
sudo dhclient -v eth0
sudo dhclient -r eth0 # Release
sudo dhclient -x # Stop all
# View obtained lease
cat /var/lib/dhcp/dhclient.leases
# Persistent configuration
# /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
# Or using systemd-networkd
# /etc/systemd/network/10-ethernet.network
[Match]
Name=eth0
[Network]
DHCP=yes
IPv6AcceptRA=yes
[DHCP]
UseDNS=yes
UseRoutes=yes
Static IP Configuration
For servers, static IPs are often preferred:
# /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.1 8.8.8.8
dns-search example.local
Or with systemd-networkd:
# /etc/systemd/network/10-static.network
[Match]
Name=eth0
[Network]
Address=192.168.1.100/24
Gateway=192.168.1.1
DNS=192.168.1.1
DNS=8.8.8.8
Advanced DNS Configuration
DNSSEC Validation
Secure DNS with DNSSEC:
# In named.conf.options
options {
dnssec-validation auto;
dnssec-enable yes;
};
# Generate keys for zone
sudo dnssec-keygen -a RSASHA256 -b 2048 -n ZONE example.local
sudo dnssec-signzone -A -3 $(date +%Y%m%d%H%M%S) -o example.local db.example.local
DNS Views (Split DNS)
Different responses based on client location:
# /etc/bind/named.conf.local
view "internal" {
match-clients { 192.168.1.0/24; };
recursion yes;
zone "example.com" {
type master;
file "/etc/bind/db.internal";
};
};
view "external" {
match-clients { any; };
recursion no;
zone "example.com" {
type master;
file "/etc/bind/db.external";
};
};
DNS High Availability
Configure multiple DNS servers:
# Primary server
zone "example.local" {
type master;
file "db.example.local";
also-notify { 192.168.1.12; }; # Slave server
allow-transfer { 192.168.1.12; };
};
# Slave configuration
zone "example.local" {
type slave;
file "db.example.local";
masters { 192.168.1.11; };
};
Network Services Integration
Integrating DNS with DHCP
Automatic DNS updates from DHCP:
# In /etc/dhcp/dhcpd.conf
ddns-update-style interim;
update-static-leases on;
key "ddns-key" {
algorithm hmac-md5;
secret "your-secret-key";
};
zone example.local. {
primary 192.168.1.11;
key ddns-key;
}
# In /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; 192.168.1.0/24; } keys { "rndc-key"; };
};
DNS for Containers and Kubernetes
# Docker DNS configuration
# /etc/docker/daemon.json
{
"dns": ["8.8.8.8", "1.1.1.1"],
"dns-search": ["example.local"]
}
# Container DNS
docker run --dns 8.8.8.8 --dns-search example.local nginx
Troubleshooting
DNS Issues
# Check service status
systemctl status bind9
journalctl -u bind9 -n 50
# Check logs
tail -f /var/log/named/query.log
# Test resolution
dig @localhost example.com
nslookup example.com localhost
# Flush cache
sudo rndc flush
sudo systemd-resolve --flush-caches
# Check configuration
named-checkconf
named-checkzone example.local /etc/bind/db.example.local
DHCP Issues
# Check service
systemctl status isc-dhcp-server
journalctl -u isc-dhcp-server
# View leases
cat /var/lib/dhcp/dhcpd.leases
# Test configuration
dhcpd -t -cf /etc/dhcp/dhcpd.conf
# Monitor DHCP traffic
sudo tcpdump -i eth0 port 67 or port 68 -n
Best Practices
DNS Best Practices
- Use at least two DNS servers
- Enable DNSSEC in production
- Configure proper TTL values
- Monitor query performance
- Implement caching for performance
- Use DNS views for split-horizon
- Regular backup zone files
- Test failover configuration
DHCP Best Practices
- Reserve IPs for critical infrastructure
- Use appropriate lease times
- Separate DHCP scopes for VLANs
- Document static assignments
- Monitor address pool usage
- Configure proper router options
- Set up failovers for critical networks
Conclusion
DNS and DHCP form the backbone of network configuration, translating human-readable names to network addresses and automatically provisioning network settings. Mastery of these services enables robust, scalable network infrastructure management.
From configuring Bind zones to troubleshooting resolution issues, these skills apply across environments from small offices to enterprise deployments. The tools and patterns covered here provide a foundation for reliable network operations.
Comments