Recommendations on free DHCP and DNS servers?

peanuthead

Supreme [H]ardness
Joined
Feb 1, 2006
Messages
4,701
I have a client who's router went down and thus DHCP and DNS went with it. While not a huge deal to get back up and running I thought it might be wise to setup a small Linux like VM for DHCP and one for DNS. Thoughts and suggestions on this approach? Suggestions on software/how to do this?
 

wizdum

[H]ard|Gawd
Joined
Sep 22, 2010
Messages
1,943
I have a client who's router went down and thus DHCP and DNS went with it. While not a huge deal to get back up and running I thought it might be wise to setup a small Linux like VM for DHCP and one for DNS. Thoughts and suggestions on this approach? Suggestions on software/how to do this?

Install Webmin on a CentOS 6.5 server. People balk because Webmin looks old (although the "Authentic" theme has modernized it quite a bit), but its the only web based control panel that I know of that will let you do pretty much everything on a server, without breaking when you edit config files manually.
 

diizzy

2[H]4U
Joined
Nov 6, 2008
Messages
2,602
Just grab 2 and have one as cold spare?
You can do this with vanilla firmware or use OpenWRT etc.
//Danne
 

svet-am

Supreme [H]ardness
Joined
Jan 6, 2003
Messages
5,146
Run those services on a raspberry pi ? No moving parts and low power.
 

Lunas

[H]F Junkie
Joined
Jul 22, 2001
Messages
10,018
dns

google's public
8.8.8.8
8.8.4.4

ORSN
72.80.25.34
 

tazeat

[H]ard|Gawd
Joined
Jul 3, 2007
Messages
1,268
Pfsense? Either two bare metal boxes with high availability sync or at least one with a copy of the config to deploy to another box if it goes down?
 

diizzy

2[H]4U
Joined
Nov 6, 2008
Messages
2,602
ISC DHCP supports failover (not used in routers etc by default)
//Danne
 

Valnar

2[H]4U
Joined
Apr 3, 2001
Messages
3,914
Do they have a VM infrastructure already? If so, a VM of pfSense would work too, if you didn't want to get into the nitty gritty details of any full Linux OS. You could just use it for DHCP. You could also just run a free DHCP Server on whatever Windows or Linux box they have there.

If you wanted a secondary redundant piece of hardware, welp,,,I suppose any Linksys router would do. Raspberry Pi is also good, but might cost the same after buying all the parts.
 

peanuthead

Supreme [H]ardness
Joined
Feb 1, 2006
Messages
4,701
I apologize but I would like to have an active/active or active/passive DHCP and DNS server in the future (I will use Win2K12 for that as they will have the licensing purchased then). For the moment I would just use a single VM for each. If they do down then no big deal as they are in a workgroup and have only about 12-20 computers. I'm mainly doing this to compartmentalize things where I can.
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
Most routers can easily handle a small office's DHCP requirements. Unless your client has a real need for onsite DNS, like Windows AD, probably better just to use an offsite public DNS. Any onsite DNS server will require regular OS and security updates, plus being added to the backup schedules.

If you are looking for a faster return to business time for the next router failure, find a router model that meets your client's needs and allows easy saving of the config file to other media. Buy two routers. Configure the active as needed. Save the config file and upload to the 2nd. Store 2nd router in your client's backup vault. Make sure the active router config file is added to the backup schedule and the config files are stored with router #2. If the primary router fails, return to service is as simple as swapping #2 in for #1 and uploading the latest config file.
 

peanuthead

Supreme [H]ardness
Joined
Feb 1, 2006
Messages
4,701
Most routers can easily handle a small office's DHCP requirements. Unless your client has a real need for onsite DNS, like Windows AD, probably better just to use an offsite public DNS. Any onsite DNS server will require regular OS and security updates, plus being added to the backup schedules.

If you are looking for a faster return to business time for the next router failure, find a router model that meets your client's needs and allows easy saving of the config file to other media. Buy two routers. Configure the active as needed. Save the config file and upload to the 2nd. Store 2nd router in your client's backup vault. Make sure the active router config file is added to the backup schedule and the config files are stored with router #2. If the primary router fails, return to service is as simple as swapping #2 in for #1 and uploading the latest config file.

That would be ideal but their router is a Linux router and they don't have the budget yet for the added hardware, etc. Just trying to make a situation better/less phone calls for me where possible.
 

cyclone3d

[H]F Junkie
Joined
Aug 16, 2004
Messages
15,141
How is a router "not in the budget"?

You really don't need anything super fancy for a small office.

Something like a Juniper SSG5 would even be overkill... and you can get them for ~$80 on Ebay.

Or for "free", you can always set up a ClearOS box using an old computer or even a VM, or any other number of "free" software solutions.

It always amazes me that companies don't have the budget to do something right, but they always seem to have the budget to do something over and over and over and over again the wrong way.
 

peanuthead

Supreme [H]ardness
Joined
Feb 1, 2006
Messages
4,701
They are actually looking at $40k in infrastructure changes, and they are saving for it. This is a stop gap that I thought about putting in. This is not something that they have to have, but the better I can keep the network running and keeping me from getting calls on family vacation the better. Their current router is an untangle router so I am not looking to keep another one on hand.

How is a router "not in the budget"?

You really don't need anything super fancy for a small office.

Something like a Juniper SSG5 would even be overkill... and you can get them for ~$80 on Ebay.

Or for "free", you can always set up a ClearOS box using an old computer or even a VM, or any other number of "free" software solutions.

It always amazes me that companies don't have the budget to do something right, but they always seem to have the budget to do something over and over and over and over again the wrong way.
 

goodcooper

[H]F Junkie
Joined
Nov 4, 2005
Messages
9,771
They are actually looking at $40k in infrastructure changes, and they are saving for it. This is a stop gap that I thought about putting in. This is not something that they have to have, but the better I can keep the network running and keeping me from getting calls on family vacation the better. Their current router is an untangle router so I am not looking to keep another one on hand.

I think if they are currently using untangle I would just work on getting their router stable... If it keeps going down maybe you should replace it
 

peanuthead

Supreme [H]ardness
Joined
Feb 1, 2006
Messages
4,701
I think if they are currently using untangle I would just work on getting their router stable... If it keeps going down maybe you should replace it

It's stable. Went down once in two years of 24/7 operation. Root cause was a bad update from Untangle. All of that has been rectified. I was trying to give some forethought into things. Thanks all for the replies.
 

goodcooper

[H]F Junkie
Joined
Nov 4, 2005
Messages
9,771
It's stable. Went down once in two years of 24/7 operation. Root cause was a bad update from Untangle. All of that has been rectified. I was trying to give some forethought into things. Thanks all for the replies.

I guess that depends on the infrastructure and if down router but not down DHCP or DNS would cost the company a considerable amount of money/trouble

Otherwise you're kind of just adding a second point of failure here
 
Last edited:

goodcooper

[H]F Junkie
Joined
Nov 4, 2005
Messages
9,771
Install Webmin on a CentOS 6.5 server. People balk because Webmin looks old (although the "Authentic" theme has modernized it quite a bit), but its the only web based control panel that I know of that will let you do pretty much everything on a server, without breaking when you edit config files manually.

I think generally people balk because of the enormous security crossection added to a rig to be able to do something slower with a mouse, instead of just training or writing documentation, which you should be doing anyway
 

4saken

[H]F Junkie
Joined
Sep 14, 2004
Messages
12,162
pfsense as long as you arent doing any crazy routing with it. Likes to shit itself when doing OSPF at the worst possible times.
 

mwarps

Supreme [H]ardness
Joined
Oct 6, 2002
Messages
7,064
pfsense is lovely, works well.

( *nix +ISC dhcpd + ISC bind ) also works well. Is a bit more time consuming to set up.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,663
I apologize but I would like to have an active/active or active/passive DHCP and DNS server in the future (I will use Win2K12 for that as they will have the licensing purchased then). For the moment I would just use a single VM for each. If they do down then no big deal as they are in a workgroup and have only about 12-20 computers. I'm mainly doing this to compartmentalize things where I can.

you dont need a single VM for each role, just run DNS and DHCP on the same install with 1vcore and 1Gig of ram and maybe 60G of HD space, all you need., waste of of resources to do otherwise, then just make a 2nd VM when you can to do the active active since Server 2012 can do redundant DHCP now.

At my old job i ran 2 x AD/DC/DNS/DHCP on that set up 1vcpu /1gig ram/60G hd space and it purred along for about 182 accounts

Untangle has been stable for me for the 5 years i used it from v 6 i think to 10.2 , i had some issues with performance as their logging system kind of sucks if you want to really log alot of data, even on a raid 10 set up with 6 15k SAS drives i had slow down due to their flat database they moved to, moving alot of things to text files saying it would be faster....

I do think you should not have your DNS / DHCP on an internet facing device though, that should be hidden behind such a device so if you need to take down your router, your entire LAN doesn't go down with it.
 

peanuthead

Supreme [H]ardness
Joined
Feb 1, 2006
Messages
4,701
I do think you should not have your DNS / DHCP on an internet facing device though, that should be hidden behind such a device so if you need to take down your router, your entire LAN doesn't go down with it.

I completely agree with this. That is why I was leaning towards running it in a vm. Great discussion everyone.
 
Top