DNS and DHCP on Synology NAS

Synology documentation sucks big time! It usually only states the blindingly obvious missing off any useful or helpful information.

This post will run through the harder parts of setting up DNS and DHCP on Synology NAS. It is a little tricky the first time you do this especially if you have not come across bind or bind9 before. It seems a little over the top or just plain weird. You will only really need this if you have some local servers, computers or other devices that need to be accessed.

Updated for DSM 6.0, because Synology buggered about with stuff! 
This may not work on earlier versions.

Following this post could potentially stop your Synology NAS from booting or cause data loss.

We will be setting up the DNS for dragon.lab. It is the domain I use for testing out networking and for all my posts.

  • Domain: dragon.lab
  • IP address NAS:
  • Netmask:
  • Gateway:
  • Servers:
    • diskstation:
    • mailserver:
    • mythtvserver:

Install the DNS package for package manager. If you need help installing the DNS package do not even try this tutorial you are not ready yet. Learn the basics. Learn to swim before jumping into the middle of the river!

Once installed and running you will find the DNS icon in the main menu. Open up the configuration window to begin.


We will start by creating our Master Forward Zone. This is where you configure the lookups, where you know the hostname and want to find the IP address.


The screen print shows the values I will be using.


Note: I use a serial format of the date yyyymmddnn where the last two digits ‘nn’ are just a sequential number for changes I made by hand on a particular day. This serial number is used if you have a backup or slave DNS systems. It lets them know “something” changed, so they should pull the new config. Integer serials works just as well.

If you now click on the arrow by Edit and then click on Zone settings you will see the setting you just entered.



The the SOA record. (SOA = Start of Authority) is telling other DNS servers I’m the first and most important server for the domain dragon.lab. Not quiet true but close enough for us. we can edit the Email: value to a valid email address. I will use admin@dragon.lab. We can leave all the other numbers as they are as they are sane values.


Okay, open up the Edit -> Resource Record window. This shows the values that are created automaticially from the information you have entered already.


You should see two entries. An NS type record and an A type record. Google explains these record types well. Take a look it will explain a few things.

To configure the zone we need one NS type record that points to the name server. We also need one A type record for each server or device in our domain. The NS type record was created already when we created the forward zone.

Let’s create some A type records. These point to an IP address. we will need to setup mailserver and the media server running mythtv called mythtvserver. Use the example below to create the others as well.



The mailserver also needs an MX type record so other mail servers know what hostname/IP address to connect to, when sending emails to a domain.
I did not enter anything in the name field as this MX type record is for the primary domain dragon.lab. It is for emails going to someone@dragon.lab.


The mailserver also runs a web server for a blog but we do not want the URI’s going to https://mailserver.dragon.lab. We do want it to look like the URIs are going to myblog.dragon.lab. So we need to create an alias record or CNAME type record.


Using a CNAME type record means if you more your mailserver and by default your blog to a different IP address you only need to update the one A type record. You could however just have two A type records one for each name pointing to the same IP address.

Click finish to return back to the main DNS server window.

Open up the log tab and make sure the top two entries are all zones running and running. If they are not set to that, you did something wrong. Go back and give it another go.


Point the DNS server setting of a device or PC to your new DNS server and use ping to try out the A, CNAME and MX records we created. If you are running Linux or another proper OS with a dig command you can use that with the full hostname.

dig mailserver.dragon.lab

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> mailserver.dragon.lab
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 236
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

; EDNS: version: 0, flags:; udp: 4096
;mailserver.dragon.lab.		IN	A

mailserver.dragon.lab.	907200	IN	A

dragon.lab.		907200	IN	NS	ns.dragon.lab.

ns.dragon.lab.	907200	IN	A

;; Query time: 1 msec
;; WHEN: Wed Feb 24 19:12:22 GMT 2016
;; MSG SIZE  rcvd: 98

You will see from the above output:

  • We were looking up mailserver.dragon.lab.
  • We performed 1 query
  • Receiving 1 answer in response.
  • mailserver.dragon.lab has an A type record
  • With an IP address of
  • The name server, NS, for the domain dragon.lab is ns.dragon.lab.
  • That name server has an IP address of
  • The query was answered by in 1 msec.

If that worked you are good to carry on. If not you did something wrong which needs to be fixed before you continue. Also worth a mention here. The Synology DNS is a caching name server. This means if you perform the same lookup within a few minutes of each other the DNS does not actually do the lookup it looks in its cache first, it can do this quicker then performing the lookup.

You can use the following command to find the MX records for a domain. Try it out for yourself.

dig dragon.lab mx

DNS Forwarders

The DNS server will now resolve all our local hostnames to IP addresses. But it will not resolve hostnames on the internet. For example google.com or bbc.co.uk. Any queries that cannot be resolved need to be forwarded to another DNS server. We do that by setting the values in the Resolution tab.

In the screen shot I have added one of the DNS servers from open DNS They also provide a secondary server The second address I have used is from Google who also provide a freely available public DNS service. They also provide two servers and You could also use the DNS server values provided by your ISP. Note: The DNS servers from your ISP may stop working when you change ISP.


After adding these values you will now be able to ping hostnames from the internet such as google.com and bbc.co.uk.

Reverse Lookups

So we now have half a zone setup the other half will allow lookups the other way round. That is, where you have an IP address and you want to lookup the hostname. This is done by some applications to verify the "other" server is who they say they are. Such as mail servers checking for spammers.

Create a new zone this time a Reverse zone. The Domain name is a little weird here. The part you enter is the first three numbers from the IP address of your domain. but reversed so I get 200.1.10. I also selected to use the Date for the serial format, again.



Update the SOA record to change the email address to something valid. The value it defaults to is NOT.


We will only need to add NS and PTR type record here. Create an NS record for the names server of our domain. Then create the PTR type records for mailserver, myblog and mythtvserver, along with the others you may need. For the NS type record we only need to first three numbers: 10.1.200 will become 200.1.10.

For the PTR type records we use the full IP address again this is added backwards. Meaning will become


Once you click finish again, check that all zones are running and that the sever is running.

Check it is working with dig. This time we use a command line option to tell it we are doing a reverse lookup, -x, and pass in the IP address.

dig -x

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> -x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55333
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

; EDNS: version: 0, flags:; udp: 4096

;; ANSWER SECTION: 907200 IN	PTR	mythtv.dragon.lab.

200.1.10.in-addr.arpa.	907200	IN	NS	ns.dragon.lab.

ns.dragon.lab.	907200	IN	A

;; Query time: 1 msec
;; WHEN: Wed Feb 24 19:35:16 GMT 2016
;; MSG SIZE  rcvd: 122

That is your DNS server running.

Dynamically updating DNS and DHCP on Synology NAS

This section will get DNS and DHCP on Synology NAS working together. If you use DHCP to automatically give out a valid IP address to a network attached device, probably from your broadband router or WiFi box, you will not be able to lookup hostnames to find their IP address as they are not registered with your shiny new DNS server. I found this rather useful script to Update Synology DNS records from DHCP IP address reservation. The documentation is good, and easy to follow.

I based the following on those scripts.

You will need terminal access to you Synology NAS, it can be turned on from the Control panel -> Terminal & SNMP in the terminal tab. Be careful with this if your Synology NAS is accessible via the internet then this may be a security problem.

All the files necessary to update your DNS after the DHCP server has given out a new address are available from here dhcp_dns_changes_synology.tgz. Download and untar the files into a convenient place. If this is you first install rename the file settings.example to settings. Edit the settings file with the details for your system. We will use the following:


That is all you should need to change. If I ever update the scripts all you need do is keep your existing settings file and overwrite the others. There is an install script which does some simple checks before copying files to the correct place. Take a look at it to see where things end up.

With the script /usr/local/etc/rc.d/S99pollDHCP.sh you can start, stop, restart or see the status of the service. The command line looks like this when run from a terminal on your diskstation.

/usr/local/etc/rc.d/S99pollDHCP.sh status
/usr/local/etc/rc.d/S99pollDHCP.sh start
/usr/local/etc/rc.d/S99pollDHCP.sh stop
/usr/local/etc/rc.d/S99pollDHCP.sh restart

You can now test it out by stopping any other DHCP servers you have running, probably on your broadband router, and then start up your one on the Synology diskstation. It's found under Control Panel -> DHCP Server. Highlight your active interface and then Edit. Then you will find a DHCP Server tab. I expect you can do the rest it is quite straight forward. Remember about jumping into the middle of a river?

With that running start up a device or PC that uses DHCP and you should see entries appearing in the file you redirected the out to. In my case it can be seen from an SSH terminal on diskstation with this command

tail -f /volume1/homes/admin/logs/dhcp-dns.log

If all goes well you can now use hostnames to connect or communicate with your other devices and you have a DNS and DHCP on Synology NAS working together.

nohup broken on Diskstation

When I have tried to use nohup on my diskstation it has never worked. This means you can stop and start the service S99pollDHCP.sh as shown above BUT when you log out of the terminal the service will be killed. You can simply reboot your diskstation but as a Linux admin that seems over the top and very Windows but the alternative is clunky too!

Keeping Log Files Tidy

The log file for this script will over time get rather large filling up the system partition on your diskstation. As this is not Windows but running Linux we can sort that out by configuring a job that will compress and rotate the log files each week keeping the last four weeks.

As part of the work the install did was to copy over a logratate configuration file, dhcp-dns.

To check this is working you can force logrotate to run the config file. Change directory to the where your log files are and list the directory contents.

cd /volume1/homes/admin/logs
ls -l

You should see something like this.

drwxr-xr-x    2 root     root          4096 Feb 28 10:43 .
drwxr-xr-x    4 root     root          4096 Feb 23 19:10 ..
-rw-r--r--    1 root     root           882 Feb 28 10:21 dhcp-dns.log

Run logrotate forcing our script to run right now. Then list the files in the log directory again.

logrotate --force /etc/logrotate.d/dhcp-dns
ls -l /volume1/homes/admin/logs

We have a new log file and the old one has been renamed to dhcp-dns.log.1. This one is not compressed, due to the delaycompress option.

drwxr-xr-x    2 root     root          4096 Feb 28 10:43 .
drwxr-xr-x    4 root     root          4096 Feb 23 19:10 ..
-rw-r--r--    1 root     root           882 Feb 28 10:43 dhcp-dns.log
-rw-r--r--    1 root     root          1764 Feb 28 10:21 dhcp-dns.log.1

When logrotate is run next time we will see dhcp-dns.log.2.gz which is compressed. Try running it a few times to see how it works.

Points To Note

This DNS server will reply to any and all recursive queries from any IP. This is probably not what you want. You should also use the Limit source IP List setting found in the Edit Zone settings to limit the IP addresses that will get a response from your DNS.

20 thoughts on “DNS and DHCP on Synology NAS

  1. rubricsinger

    This was terrific thanks so much, it’s been annoying me for months that I couldn’t get the DNS to keep a list of current devices on the network !

    On tiny thing I had to change for the log rotate, I was getting the following error with verbose on :-
    sudo logrotate –verbose –force /etc/logrotate.d/dhcp-dns
    Ignoring /etc/logrotate.d/dhcp-dns because of bad file mode.

    I fixed it by doing the following chmod on the dhcp-dns file:-
    sudo chmod 644 /etc/logrotate.d/dhcp-dns
    sudo chmod 755 /volume1/homes/admin/logs

    Then i got what was expected.

    Thanks again!

  2. Reid

    Thank you for the write-up. I just needed a lab DNS server to resolve my lab hostnames and let everything else query my wireless router. This blog was a big help in setting it up on my Synology!

  3. barsos

    Great article! There is a small downside for when you’re using short hostnames and want to get these resolved with the above approach. This does ONLY work if you can also configure your DHCP server to add your local domain DNS suffix. In my case, devices are assigned an IP through the DHCP server of my ISP modem, and thus get the wrong DNS suffix.
    dig rpi1.mydomain.com works fine
    dig rpi1 will resolve to rpi1.myisp.com, which is not working of course

    So when you decide to go for your own DNS server, you would typically also need to employ your own DHCP server.

    Also keep in mind that the Synology DNS server does not support Dynamic A Records at this moment. So dynamic IP to an iPad will not be replicated in the DNS server once the IP is changed.

    1. Richard Post author

      Thank you for your comment. You seemed to have missed the point of the post. The post is called “DNS and DHCP on Synology NAS” and not “Using some other DHCP server to talk to DNS on Synology” 🙂
      dig always needs a full qualified domain name you cannot use short hostnames.
      You should add the domain name you want to append to the hostname to the DHCP server in the DHCP server configuration on your Synology NAS.
      The point of the post is to provide dynamic ‘A’ records to the Synology DNS server from the DHCP server ALSO running on Synology. And so an IP address provided via DHCP on a Synology NAS to any networked device including some Apple iDodad will work as expected.

  4. Mason

    Thanks for the nice write up. Do you know if there is any difference in apply this to the Synology router (SRM) that is running DHCP and DNS? From my understanding SRM is based of an older version of DSM, but do not know for sure.

    1. Mason

      Sorry I was not as descriptive as I should have been.

      I have the DHCP server and DNS running separately, and it works fine for what I add manually to the DNS. I was meaning do you think the scripts that have the DNS check the DHCP server to make everything match will work while on SRM and not DSM.


      1. Richard Post author

        Sorry to say I have no knowledge of SRM. You will need to look at the lease files generated by the DHCP and the DNS (bind) zone files. if they are the same or similar in format to those use by DSM then it should be a reasonably simple task of porting it over.

  5. Sven

    How can I configure the Synology DNS to forward all not existing entries to the internet?
    I already created a primary zone dynu.net in order to get a connection to mystuff.dynu.net from LAN as well as from the internet. It works great but I cannot reach http://www.dynu.net any more as well as any other *.dyno.net sites. Is there a special setting I may use?

  6. Robert

    I too have a DHCP and NAS on the same Synology but I installed the Active Directory package. Without any changes 3 of 4 clients are registered in DNS with their dynamic IP address. One computer however isn’t. I’m not sure how these 3 clients are registered and why one is not. It looks DHCP is informing DNS of changes somehow.

  7. paul

    Hi, thanks for this. I got this running on my Synology RT2600ac Router with firmware version 1.16. I had to install an SD card (USB attached disk would work fine too) so that the homes directory would be created .

    Thanks again.

  8. AlphaPapa

    /volume1/homes/admin/logs$ logrotate –force /etc/logrotate.d/dhcp-dns
    error: cannot stat /etc/logrotate.d/dhcp-dns: No such file or directory

    /volume1/homes/admin/logs$ sudo logrotate –verbose –force /etc/logrotate.d/dhcp-dns
    error: cannot stat –verbose: No such file or directory

    -rwxr-xr-x+ 1 root root 2661152 Dec 29 14:48 dhcp-dns.log

    Any ideas?

    1. richard Post author

      There is a big clue in the error message. 🙂
      error: cannot stat /etc/logrotate.d/dhcp-dns: No such file or directory

      It looks like the file /etc/logrotate.d/dhcp-dns does not exist.

      Also long command line switches generally have TWO ‘-‘ hyphens not one, giving the second error with verbose and force.

  9. Alexander Dette

    Maybe the file Authorization is the Problem. I had a similar problem with the Message
    “Ignoring /usr/local/etc/logrotate.d/dhcp-dns because of bad file mode”
    After changing it worked.
    chmod 644 dhcp-dns

  10. Louis

    Thank you very much for this posting.

    I do have a question regarding the IP address used for Mail Server and Media Server. I noticed that you used a different IP Address for each service on the a single DiskStation.

    How do you change/assign an IP Address to a Service on the DiskStation? My assumption has been that all services on the DiskStation inherit the same IP Address as the Static IP Address assigned. To communicate with the individual services they all talk on a different port. Is that True in this case as well?

    1. richard Post author

      Ah, I see the problem. I expect you to have the the Mail Server and Media Server on different computers, not on a Synology NAS. 🙂 You cannot configure the mail server against hacking attempts that well on a Synology NAS or any other NAS. They are designed for storage use them for that.

  11. Lawrence

    Hi Richard,

    Sorry for the long post.
    I was reading your blog post (DNS and DHCP on Synology NAS) on April 12, 2020. While I was following and I lost access to your website, I thought your site was down; I didn’t worry about it and continued my config. On April 15, being able to access your website again at the office, I thought I could access your site again from home but that was NOT the case.
    I can access your site at home using my mobile phone on cellular data but it failed on using WIFI. (Windows 10 failed to access your site on WiFi using IE and Chrome). I have done Factory Default Reset on the router and still not working. I don’t think my internet provider blocking port to cause this because I can access other HTTPs site.
    I am not sure what the problem is and I am reaching out to see whether your site has blocked my IP. My concern was my computer(s) was hacked and was doing things out of my IP.

    I will be greatly appreciated if you can reply or advise.


    PS. Thank you so much for all your wonderful posts on setting things up.


Leave a Reply

Your email address will not be published. Required fields are marked *