From 3d082a8e52904fc1df6a25d9a058f008fe310825 Mon Sep 17 00:00:00 2001 From: waldek Date: Wed, 5 May 2021 14:24:34 +0200 Subject: [PATCH] updates networking exercise --- modules/resources/exercise_networking.md | 42 +++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/modules/resources/exercise_networking.md b/modules/resources/exercise_networking.md index 29ddb42..aed5ccb 100644 --- a/modules/resources/exercise_networking.md +++ b/modules/resources/exercise_networking.md @@ -139,7 +139,8 @@ This first file can be found at `/etc/default/isc-dhcp-server`. Have a read of this configuration file and you'll quickly understand *where* the second file we need to edit is located. In this second file we need to add a subnet on which the server will distribute IP addresses. -A simple declaration is as follows: +Declaring the subnet is enough for the server to start however if we don't set a range, no IP address will be handed out. +A simple declaration with a corresponding range is expressed as follows: ```bash subnet 10.0.1.0 netmask 255.255.255.0 { @@ -148,9 +149,48 @@ subnet 10.0.1.0 netmask 255.255.255.0 { ``` This suffices to get the server up and running without any errors. +We can also use the DHCP server to push routes to all our clients. +This can be tremendously helpful for larger networks but can also be used to push a default route to your clients. +Additionally we can push a DNS server as well. + +```bash +subnet 10.0.1.0 netmask 255.255.255.0 { + range 10.0.1.10 10.0.1.100; + option routers 10.0.1.1; + option domain-name-servers 8.8.8.8, 1.1.1.1; +} +``` ### dnsmasq +If want to resolve local domain names on our network we need DNS server. +As mentioned above the classic dns counterpart to isc-dhcp-server is bind9. +An easier to setup DNS server is dnsmasq and as an added benefit it does DHCP as well! +We can't run two DHCP servers on the same machine at the same time, because they will both try to bind to the same port, so we have to stop and disable isc-dhcp-server. +We already know how to stop the server with `systemctl` but disabling is new. +What is the difference? +Well, disabling will prevent the server from starting at boot time. +The counterpart to disable is enable. + +```bash +sudo systemctl disable isc-dhcp-server +sudo systemctl stop isc-dhcp-server +``` + +Now we can install dnsmasq with `sudo apt install dnsmasq`. +The configuration is done by creating a new file at `/etc/dnsmasq.d/`. +You're free to name this file however you want and you can also create multiple files to spread out your configuration. +This can be very handy for larger setups. +At the bare minimum, to replace isc-dhcp-server, we need the following: + +```bash +dhcp-range=10.0.1.10,10.1.100,24h +``` + +The same 90 leases will be available for hand out and each lease is valid for 24 hours. +You restart the service in the same way you restart all other services we did up until now; `sudo systemctl restart dnsmasq.service`. + + ![big network](./network_big.png) ## Solo labo