In my house, I would like to connect various systems to each other over the network. Unfortunately, the various wireless routers we have don't really support DNS for our local systems. This was especially frustrating when trying to leverage CUPS printing from Windows 10 machines--the URL wasn't to the CUPS printer wasn't particularly stable nor guaranteed to work via a system name.
To solve this, I employed a Raspberry Pi to serve as my local DHCP and DNS server. With that combination, it was fairly easy to provide DNS services for my local machines.
I followed the instructions found at http://www.andrewoberstar.com/blog/2012/12/30/raspberry-pi-as-server-dns-and-dhcp , which was quite helpful. But, I did run into a few things.
First, the instructions did not mention the fact that the Raspberry Pi itself needed to have a static IP. I knew that and fixed it before moving on with the instructions. Not being a heavy Debian user, I used https://www.modmypi.com/blog/tutorial-how-to-give-your-raspberry-pi-a-static-ip-address to provide an example of how to configure the Pi with a static IP.
Second, it is worth noting that the preferred way of modifying the
dnsmasq setup is to create a file in "/etc/dnsmasq.d" with the
modified settings. In my case, I copied the default "/etc/dnsmasq.conf" file
into "/etc/dnsmasq.d" with a new name and modified the file.
Third, I setup the DHCP server with the following two additions to the configuration:
The first is necessary to define a range of IPs to use for DHCP. The second is
necessary to set the IP of the gateway that gets advertised via DHCP. Setting
the gateway is necessary in my case because the Raspberry Pi is not the gateway
dnsmasq assumes that the server is running on the gateway
unless told otherwise. Of course, the actual IP range and gateway is dependent
on your local network configuration.
With this in place, we can now connect to various systems in the house by name and I hope that configuring Windows 10 machines to connect to my CUPS print server goes more smoothly.
I wanted to find some way to control the access of our kids to our network,
especially, they are grounded for some reason or another. What I discovered was
dnsmasq has some very nice facilities to control access by
ignoring DHCP requests by specific machines based on their MAC addresses. While
there can be other approaches, this has worked quite well, especially, when the
users can't or don't know how to set a static IP on their machine.
The implementation is quite simple. First, I reduced the length of the DHCP
leases to just one hour as follows:
dhcp-range=192.168.0.50,192.168.0.99,1h This is different from the line
above in my original post, which provided a 12-hour lease.
Second, you create a list of MAC addresses and tag them. Here is an example:
# "kid" computer dhcp-host=00:11:22:33:44:55,set:kid # "kidPhone" dhcp-host=66:77:88:99:AA:BB,set:kid # kid's tablet dhcp-host=CC:DD:EE:FF:00:11,set:kid # Test VM dhcp-host=22:33:44:55:66:77,set:vmtest # TV dhcp-host=88:99:AA:BB:CC:DD,set:tv
In the example above, I am using 3 tags:
Next, you can add lines like the following to ignore DHCP requests based on the tags:
# dhcp-ignore=tag:kid # dhcp-ignore=tag:vmtest dhcp-ignore=tag:tv
In this example, only the MAC addresses tagged with
ignored. If I uncommented, the line with the
kid tag, then all
three machines tagged with the
kid tag would be ignored once I
dnsmasq. By having commented-out lines ready to go, it
is easy to remove the comment and restart
dnsmasq to start ignoring
DHCP requests from the tagged machines. When I want to enable DHCP support for
tagged machines, I simply comment out the line and restart
When I have a little time, I plan to create some Python or Node.js scripts to
provide some automation of this approach to blocking. For instance, I can run
these scripts with cron to update the localized
based on times of day and/or the day of the week. Further, I think it would be
nice to provide a web interface for controlling this. Finally, I had the idea
that I could have some software to create "one-time" passwords that could be
used to allow the kids to enable their Internet access. I would have the system
generate the "one-time" passwords and I could pass the "one-time" passwords on
to the kids once they have done their homework, chores, etc. allowing the kids
to enable the Internet for themselves while I am away from home.
dnsmasq is a very handy, powerful tool. While it isn't
designed to handle enterprise-level installations (based on the
site), it is plenty powerful for small installations.