Synology documentation sucks big time! It usually only states the blindingly obvious missing off any useful or helpful information.
This post will run through the harder parts of setting up DNS and DHCP on Synology NAS. It is a little tricky the first time you do this especially if you have not come across bind or bind9 before. It seems a little over the top or just plain weird. You will only really need this if you have some local servers, computers or other devices that need to be accessed.
Updated for DSM 6.0, because Synology buggered about with stuff! This may not work on earlier versions.
Following this post could potentially stop your Synology NAS from booting or cause data loss.
We will be setting up the DNS for dragon.lab. It is the domain I use for testing out networking and for all my posts.
- Domain: dragon.lab
- IP address NAS: 10.1.200.3
- Netmask: 255.255.255.0
- Gateway: 10.1.200.1
- diskstation: 10.1.200.3
- mailserver: 10.1.200.4
- mythtvserver: 10.1.200.5
Install the DNS package for package manager. If you need help installing the DNS package do not even try this tutorial you are not ready yet. Learn the basics. Learn to swim before jumping into the middle of the river!
Once installed and running you will find the DNS icon in the main menu. Open up the configuration window to begin.
We will start by creating our Master Forward Zone. This is where you configure the lookups, where you know the hostname and want to find the IP address.
The screen print shows the values I will be using.
Note: I use a serial format of the date yyyymmddnn where the last two digits ‘nn’ are just a sequential number for changes I made by hand on a particular day. This serial number is used if you have a backup or slave DNS systems. It lets them know “something” changed, so they should pull the new config. Integer serials works just as well.
If you now click on the arrow by Edit and then click on Zone settings you will see the setting you just entered.
The the SOA record. (SOA = Start of Authority) is telling other DNS servers I’m the first and most important server for the domain dragon.lab. Not quiet true but close enough for us. we can edit the Email: value to a valid email address. I will use firstname.lastname@example.org. We can leave all the other numbers as they are as they are sane values.
Okay, open up the Edit -> Resource Record window. This shows the values that are created automaticially from the information you have entered already.
You should see two entries. An NS type record and an A type record. Google explains these record types well. Take a look it will explain a few things.
To configure the zone we need one NS type record that points to the name server. We also need one A type record for each server or device in our domain. The NS type record was created already when we created the forward zone.
Let’s create some A type records. These point to an IP address. we will need to setup mailserver and the media server running mythtv called mythtvserver. Use the example below to create the others as well.
The mailserver also needs an MX type record so other mail servers know what hostname/IP address to connect to, when sending emails to a domain.
I did not enter anything in the name field as this MX type record is for the primary domain dragon.lab. It is for emails going to email@example.com.
The mailserver also runs a web server for a blog but we do not want the URI’s going to https://mailserver.dragon.lab. We do want it to look like the URIs are going to myblog.dragon.lab. So we need to create an alias record or CNAME type record.
Using a CNAME type record means if you more your mailserver and by default your blog to a different IP address you only need to update the one A type record. You could however just have two A type records one for each name pointing to the same IP address.
Click finish to return back to the main DNS server window.
Open up the log tab and make sure the top two entries are all zones running and running. If they are not set to that, you did something wrong. Go back and give it another go.
Point the DNS server setting of a device or PC to your new DNS server and use ping to try out the A, CNAME and MX records we created. If you are running Linux or another proper OS with a dig command you can use that with the full hostname.
dig mailserver.dragon.lab ; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> mailserver.dragon.lab ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 236 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mailserver.dragon.lab. IN A ;; ANSWER SECTION: mailserver.dragon.lab. 907200 IN A 10.1.200.4 ;; AUTHORITY SECTION: dragon.lab. 907200 IN NS ns.dragon.lab. ;; ADDITIONAL SECTION: ns.dragon.lab. 907200 IN A 10.1.200.3 ;; Query time: 1 msec ;; SERVER: 10.1.200.3#53(10.1.200.3) ;; WHEN: Wed Feb 24 19:12:22 GMT 2016 ;; MSG SIZE rcvd: 98
You will see from the above output:
- We were looking up mailserver.dragon.lab.
- We performed 1 query
- Receiving 1 answer in response.
- mailserver.dragon.lab has an A type record
- With an IP address of 10.1.200.4.
- The name server, NS, for the domain dragon.lab is ns.dragon.lab.
- That name server has an IP address of 10.1.200.3.
- The query was answered by 10.1.200.3 in 1 msec.
If that worked you are good to carry on. If not you did something wrong which needs to be fixed before you continue. Also worth a mention here. The Synology DNS is a caching name server. This means if you perform the same lookup within a few minutes of each other the DNS does not actually do the lookup it looks in its cache first, it can do this quicker then performing the lookup.
You can use the following command to find the MX records for a domain. Try it out for yourself.
dig dragon.lab mx
The DNS server will now resolve all our local hostnames to IP addresses. But it will not resolve hostnames on the internet. For example google.com or bbc.co.uk. Any queries that cannot be resolved need to be forwarded to another DNS server. We do that by setting the values in the Resolution tab.
In the screen shot I have added one of the DNS servers from open DNS 126.96.36.199. They also provide a secondary server 188.8.131.52. The second address I have used is from Google who also provide a freely available public DNS service. They also provide two servers 184.108.40.206 and 220.127.116.11. You could also use the DNS server values provided by your ISP. Note: The DNS servers from your ISP may stop working when you change ISP.
After adding these values you will now be able to ping hostnames from the internet such as google.com and bbc.co.uk.
So we now have half a zone setup the other half will allow lookups the other way round. That is, where you have an IP address and you want to lookup the hostname. This is done by some applications to verify the “other” server is who they say they are. Such as mail servers checking for spammers.
Create a new zone this time a Reverse zone. The Domain name is a little weird here. The part you enter is the first three numbers from the IP address of your domain. 10.1.200.0 but reversed so I get 200.1.10. I also selected to use the Date for the serial format, again.
Update the SOA record to change the email address to something valid. The value it defaults to is NOT.
We will only need to add NS and PTR type record here. Create an NS record for the names server of our domain. Then create the PTR type records for mailserver, myblog and mythtvserver, along with the others you may need. For the NS type record we only need to first three numbers: 10.1.200 will become 200.1.10.
For the PTR type records we use the full IP address again this is added backwards. Meaning 10.1.200.4 will become 18.104.22.168.
Once you click finish again, check that all zones are running and that the sever is running.
Check it is working with dig. This time we use a command line option to tell it we are doing a reverse lookup, -x, and pass in the IP address.
dig -x 10.200.1.5 ; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> -x 10.200.1.5 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55333 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;22.214.171.124.in-addr.arpa. IN PTR ;; ANSWER SECTION: 126.96.36.199.in-addr.arpa. 907200 IN PTR mythtv.dragon.lab. ;; AUTHORITY SECTION: 200.1.10.in-addr.arpa. 907200 IN NS ns.dragon.lab. ;; ADDITIONAL SECTION: ns.dragon.lab. 907200 IN A 10.200.1.3 ;; Query time: 1 msec ;; SERVER: 10.200.1.3#53(10.200.1.3) ;; WHEN: Wed Feb 24 19:35:16 GMT 2016 ;; MSG SIZE rcvd: 122
That is your DNS server running.
Dynamically updating DNS and DHCP on Synology NAS
This section will get DNS and DHCP on Synology NAS working together. If you use DHCP to automatically give out a valid IP address to a network attached device, probably from your broadband router or WiFi box, you will not be able to lookup hostnames to find their IP address as they are not registered with your shiny new DNS server. I found this rather useful script to Update Synology DNS records from DHCP IP address reservation. The documentation is good, and easy to follow.
I based the following on those scripts.
You will need terminal access to you Synology NAS, it can be turned on from the Control panel -> Terminal & SNMP in the terminal tab. Be careful with this if your Synology NAS is accessible via the internet then this may be a security problem.
All the files necessary to update your DNS after the DHCP server has given out a new address are available from here dhcp_dns_changes_synology.tgz. Download and untar the files into a convenient place. If this is you first install rename the file settings.example to settings. Edit the settings file with the details for your system. We will use the following:
YourNetworkName=dragon.lab ForwardMasterFile=dragon.lab ReverseMasterFile=200.1.10.in-addr.arpa
That is all you should need to change. If I ever update the scripts all you need do is keep your existing settings file and overwrite the others. There is an install script which does some simple checks before copying files to the correct place. Take a look at it to see where things end up.
With the script /usr/local/etc/rc.d/S99pollDHCP.sh you can start, stop, restart or see the status of the service. The command line looks like this when run from a terminal on your diskstation.
/usr/local/etc/rc.d/S99pollDHCP.sh status /usr/local/etc/rc.d/S99pollDHCP.sh start /usr/local/etc/rc.d/S99pollDHCP.sh stop /usr/local/etc/rc.d/S99pollDHCP.sh restart
You can now test it out by stopping any other DHCP servers you have running, probably on your broadband router, and then start up your one on the Synology diskstation. It’s found under Control Panel -> DHCP Server. Highlight your active interface and then Edit. Then you will find a DHCP Server tab. I expect you can do the rest it is quite straight forward. Remember about jumping into the middle of a river?
With that running start up a device or PC that uses DHCP and you should see entries appearing in the file you redirected the out to. In my case it can be seen from an SSH terminal on diskstation with this command
tail -f /volume1/homes/admin/logs/dhcp-dns.log
If all goes well you can now use hostnames to connect or communicate with your other devices and you have a DNS and DHCP on Synology NAS working together.
nohup broken on Diskstation
When I have tried to use nohup on my diskstation it has never worked. This means you can stop and start the service S99pollDHCP.sh as shown above BUT when you log out of the terminal the service will be killed. You can simply reboot your diskstation but as a Linux admin that seems over the top and very Windows but the alternative is clunky too!
Keeping Log Files Tidy
The log file for this script will over time get rather large filling up the system partition on your diskstation. As this is not Windows but running Linux we can sort that out by configuring a job that will compress and rotate the log files each week keeping the last four weeks.
As part of the work the install did was to copy over a logratate configuration file, dhcp-dns.
To check this is working you can force logrotate to run the config file. Change directory to the where your log files are and list the directory contents.
cd /volume1/homes/admin/logs ls -l
You should see something like this.
drwxr-xr-x 2 root root 4096 Feb 28 10:43 . drwxr-xr-x 4 root root 4096 Feb 23 19:10 .. -rw-r--r-- 1 root root 882 Feb 28 10:21 dhcp-dns.log
Run logrotate forcing our script to run right now. Then list the files in the log directory again.
logrotate --force /etc/logrotate.d/dhcp-dns ls -l /volume1/homes/admin/logs
We have a new log file and the old one has been renamed to dhcp-dns.log.1. This one is not compressed, due to the delaycompress option.
drwxr-xr-x 2 root root 4096 Feb 28 10:43 . drwxr-xr-x 4 root root 4096 Feb 23 19:10 .. -rw-r--r-- 1 root root 882 Feb 28 10:43 dhcp-dns.log -rw-r--r-- 1 root root 1764 Feb 28 10:21 dhcp-dns.log.1
When logrotate is run next time we will see dhcp-dns.log.2.gz which is compressed. Try running it a few times to see how it works.
Points To Note
This DNS server will reply to any and all recursive queries from any IP. This is probably not what you want. You should also use the Limit source IP List setting found in the Edit Zone settings to limit the IP addresses that will get a response from your DNS.