So everyone inside home network can reach the Internet thanks to NAT translation described in SOHO #004
Requirement- Basic Linux/Unix knowledge
- Service provider networking knowledge
| Image Added |
Overview
In the previous article we enabled and checked IPv4 connectivity between all potential host within 192.168.128.0/17 and the outside Networks beyond ISP box. But, this is pretty useless as I can't imagine my kids typing IPv6 address (2001:8b0:0:30::666:102) in the browser in order to play a FUN puzzle. So we definitely need to provide name service resolution at the SOHO router itself.
Article objective
In this article we will pursue the SOHO network appliance installation and enable name service to all host @ home.
Diagrams
Image Added
[ SOHO #005 ] - "Got your Id number, but ... What's your name ?"
Expand |
---|
title | Configure SOHO router as DNS client to an existing DNS server |
---|
|
First step, it is need to configure the router as a client name for an existing DNS server. Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | SOHO router in VRF inet |
---|
| !
conf t
client name-server 8.8.8.8 1.1.1.1
! |
So this declare our SOHO router as DNS client for 8.8.8.8 as primary DNS server and 1.1.1.1 as backup DNS server. |
Expand |
---|
title | Set VRF for locally originated traffic from the SOHO router |
---|
|
This step is mandatory as it will bind traffic originated from SOHO router to a specific VRF (here: inet). So this can be also qualified as "VRF proxy-awareness". In this way all DNS traffic originated from the router will be bound to VRF inet. This is done in 2 steps. The first step is to create the proxy-profile and bind it to the main VRF inet. The second step is to declare the SOHO router as client of this proxy-profile service. Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | SOHO router in VRF inet |
---|
| !
! step 1
!
proxy-profile pp-inet
vrf inet
exit
!
! step 2
!
client proxy vpp-inet
! |
|
Expand |
---|
title | Setting UP DNS cache acting as DNS server for all host @ home network |
---|
|
Step -3-, configure DNS cache / server - enable recursion (recursive query toward other DNS defined 8.8.8.8, 1.1.1.1)
- bind it to a specific interface (so SOHO router will answer only DNS from this interface)
- bind it to VRF inet
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | SOHO router DNS cache |
---|
| !
server dns ns-inet
recursion enable
interface loopback0
vrf inet
exit
! |
So this declare our SOHO router as DNS client for 8.8.8.8 as primary DNS server and 1.1.1.1 as backup DNS server |
Expand |
---|
title | Configure DNS into DHCP (incomplete)) |
---|
|
Step -4-, configure DNS into DHCP a default dummy zone - Use local if you don't plan to propagate a domain name
- create local as dummy zone
Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | SOHO router DNS cache |
---|
| !
server dhcp4 dh4-inet
domain-name local
exit
!
server dns ns-inet
zone local
exit
! |
|
Verification
Expand |
---|
title | -1- and -2- outcomes |
---|
|
When -1- and -2- are realised the router can resolve name Code Block |
---|
language | bash |
---|
theme | Midnight |
---|
title | DNS resolution from CLI (DNS query originated by router) |
---|
| ping www.free.fr /vrf inet
pinging 212.27.48.10, src=null, vrf=inet, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=3/3/4/16 |
|
Conclusion
In this article
- We finally have a router that enables connectivity for all hosts inside the home network to the outside world
- due to the ISP specific setup, our router had to translate inner home IP subnets to subnet that can be in turn NAT'ed by the ISP box.
- We have a consistent IPv4 addressing plan
- We now can add very exciting feature from now on. (In next articles !)
Tip |
---|
title | RARE validated design: [ SOHO #004 ] - key take-away |
---|
|
In this example we are proposing a basic connectivity scenario. However, keep in mind that depending on your location the configuration might be drastically different. But do not fear ! RARE/freeRouter has all the features need to enable connectivity ! - NAT64 is available. So in case you want to run a pure IPv6 network, freeRouter can NAT64 traffic for you.
- NAT46 is also available. In case you are desperate and don't want to implement a pure IPv6 home network and have an ISP running only IPv6, freeRouter can NAT46 your traffic for you !
- In the example described, we are lucky to have IPv6 public global IPv6 address. We will see IPv6 configuration in subsequent articles.
|