So everyone inside home network can reach the Internet thanks to NAT translation described in SOHO #004
Requirement- Basic Linux/Unix knowledge
- Service provider networking knowledge
| |
Overview
In the previous article we enabled and checked IPv4 connectivity between all potential host within 192.168.128.0/17 and the outside Networks beyond ISP box. But, this is pretty useless as I can't imagine my kids typing IPv6 address (2001:8b0:0:30::666:102) in the browser in order to play a FUN puzzle. (Though for now we are suppose to have only IPv4 
) So we definitely need to provide name service resolution at the SOHO router itself.
Article objective
In this article we will pursue the SOHO network appliance installation and enable name service to all host @ home.
Diagrams
[ SOHO #005 ] - "Got your Id number, but ... What's your name ?"
Configure SOHO router as DNS client to an existing DNS server
First step, it is need to configure the router as a client name for an existing DNS server.
!
conf t
client name-server 8.8.8.8 1.1.1.1
!
So this declare our SOHO router as DNS client for 8.8.8.8 as primary DNS server and 1.1.1.1 as backup DNS server.
Set VRF for locally originated traffic from the SOHO router
This step is mandatory as it will bind traffic originated from SOHO router to a specific VRF (here: inet). So this can be also qualified as "VRF proxy-awareness". In this way all DNS traffic originated from the router will be bound to VRF inet. This is done in 2 steps. The first step is to create the proxy-profile and bind it to the main VRF inet. The second step is to declare the SOHO router as client of this proxy-profile service.
!
! step 1
!
proxy-profile pp-inet
vrf inet
exit
!
! step 2
!
client proxy pp-inet
!
Setting UP DNS cache acting as DNS server for all host @ home network
Step -3-, configure DNS cache / server
- enable recursion (recursive query toward other DNS defined 8.8.8.8, 1.1.1.1)
- bind it to a specific interface (so SOHO router will answer only DNS from this interface)
- bind it to VRF inet
!
server dns ns-inet
recursion enable
interface loopback0
vrf inet
exit
!
So this declare our SOHO router as DNS client for 8.8.8.8 as primary DNS server and 1.1.1.1 as backup DNS server
Configure DNS into DHCP to propogate default "local" zone
Step -4-, configure DNS and DHCP to propagate default dummy zone local
- Use local if you don't plan to propagate a domain name
- create local as dummy zone
!
server dhcp4 dh4-inet
dns-server 192.168.254.1
domain-name local
exit
!
server dns ns-inet
zone local
exit
!
Verification
step -1- and step -2- outcomes
When -1- and -2- are realised the router can resolve name
ping www.free.fr /vrf inet
pinging 212.27.48.10, src=null, vrf=inet, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=3/3/4/16
step -3- and step -4- outcomes
This can be verified only using a host connected to SOHO router. Let's assume a laptop connected behind sdn6.
...
╭─[10/31/20|3:01:19]loui@MacBook-Pro-de-Frederic.local ~
╰─➤ ping www.free.fr
PING www.free.fr (212.27.48.10): 56 data bytes
64 bytes from 212.27.48.10: icmp_seq=0 ttl=57 time=3.670 ms
64 bytes from 212.27.48.10: icmp_seq=1 ttl=57 time=6.666 ms
64 bytes from 212.27.48.10: icmp_seq=2 ttl=57 time=6.163 ms
64 bytes from 212.27.48.10: icmp_seq=3 ttl=57 time=6.118 ms
^C
--- www.free.fr ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.670/5.654/6.666/1.166 ms
╭─[10/31/20|3:40:12]loui@MacBook-Pro-de-Frederic.local ~
╰─➤ ping6 www.free.fr
PING6(56=40+8+8 bytes) 2a01:e0a:159:2857:b9d9:e9e0:ae30:88e5 --> 2a01:e0c:1::1
16 bytes from 2a01:e0c:1::1, icmp_seq=0 hlim=56 time=3.805 ms
16 bytes from 2a01:e0c:1::1, icmp_seq=1 hlim=56 time=6.898 ms
16 bytes from 2a01:e0c:1::1, icmp_seq=2 hlim=56 time=5.868 ms
16 bytes from 2a01:e0c:1::1, icmp_seq=3 hlim=56 time=5.729 ms
^C
--- www.free.fr ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.805/5.575/6.898/1.117 ms
...
...
╭─[10/31/20|3:42:11]loui@MacBook-Pro-de-Frederic.local ~
╰─➤ dig www.free.fr 127 ↵
; <<>> DiG 9.10.6 <<>> www.free.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25030
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.free.fr. IN A
;; ANSWER SECTION:
www.free.fr. 20961 IN A 212.27.48.10
;; Query time: 21 msec
;; SERVER: 192.168.254.1#53(192.168.254.1)
;; WHEN: Sat Oct 31 15:42:18 CET 2020
;; MSG SIZE rcvd: 56
╭─[10/31/20|3:42:18]loui@MacBook-Pro-de-Frederic.local ~
╰─➤ dig AAAA www.free.fr
; <<>> DiG 9.10.6 <<>> AAAA www.free.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21770
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.free.fr. IN AAAA
;; ANSWER SECTION:
www.free.fr. 21075 IN AAAA 2a01:e0c:1::1
;; Query time: 5 msec
;; SERVER: 192.168.254.1#53(192.168.254.1)
;; WHEN: Sat Oct 31 15:42:29 CET 2020
;; MSG SIZE rcvd: 68
...
Conclusion
In this article DNS service has been enabled at:
- SOHO router level
- All host getting an IPv4 via DHCP will get a DNS server set to SOHO@loopback0 (192.168.254.1)
