DNS and DHCP on Synology NAS

Synology documentation sucks big time! It usually only states the blindingly obvious missing off any useful or helpful information.

This post will run through the harder parts of setting up DNS and DHCP on Synology NAS. It is a little tricky the first time you do this especially if you have not come across bind or bind9 before. It seems a little over the top or just plain weird. You will only really need this if you have some local servers, computers or other devices that need to be accessed.

Updated for DSM 6.0, because Synology buggered about with stuff! 
This may not work on earlier versions.

Following this post could potentially stop your Synology NAS from booting or cause data loss.

We will be setting up the DNS for dragon.lab. It is the domain I use for testing out networking and for all my posts.

  • Domain: dragon.lab
  • IP address NAS: 10.1.200.3
  • Netmask: 255.255.255.0
  • Gateway: 10.1.200.1
  • Servers:
    • diskstation: 10.1.200.3
    • mailserver: 10.1.200.4
    • mythtvserver: 10.1.200.5

Install the DNS package for package manager. If you need help installing the DNS package do not even try this tutorial you are not ready yet. Learn the basics. Learn to swim before jumping into the middle of the river!

Once installed and running you will find the DNS icon in the main menu. Open up the configuration window to begin.

synology_dns1

We will start by creating our Master Forward Zone. This is where you configure the lookups, where you know the hostname and want to find the IP address.

synology_dns2

The screen print shows the values I will be using.

synology_dns3

Note: I use a serial format of the date yyyymmddnn where the last two digits ‘nn’ are just a sequential number for changes I made by hand on a particular day. This serial number is used if you have a backup or slave DNS systems. It lets them know “something” changed, so they should pull the new config. Integer serials works just as well.

If you now click on the arrow by Edit and then click on Zone settings you will see the setting you just entered.

synology_dns4

synology_dns5

The the SOA record. (SOA = Start of Authority) is telling other DNS servers I’m the first and most important server for the domain dragon.lab. Not quiet true but close enough for us. we can edit the Email: value to a valid email address. I will use admin@dragon.lab. We can leave all the other numbers as they are as they are sane values.

synology_dns3a

Okay, open up the Edit -> Resource Record window. This shows the values that are created automaticially from the information you have entered already.

synology_dns6

You should see two entries. An NS type record and an A type record. Google explains these record types well. Take a look it will explain a few things.

To configure the zone we need one NS type record that points to the name server. We also need one A type record for each server or device in our domain. The NS type record was created already when we created the forward zone.

Let’s create some A type records. These point to an IP address. we will need to setup mailserver and the media server running mythtv called mythtvserver. Use the example below to create the others as well.

synology_dns7

synology_dns8

The mailserver also needs an MX type record so other mail servers know what hostname/IP address to connect to, when sending emails to a domain.
I did not enter anything in the name field as this MX type record is for the primary domain dragon.lab. It is for emails going to someone@dragon.lab.

synology_dns9

The mailserver also runs a web server for a blog but we do not want the URI’s going to https://mailserver.dragon.lab. We do want it to look like the URIs are going to myblog.dragon.lab. So we need to create an alias record or CNAME type record.

synology_dns10

Using a CNAME type record means if you more your mailserver and by default your blog to a different IP address you only need to update the one A type record. You could however just have two A type records one for each name pointing to the same IP address.

Click finish to return back to the main DNS server window.

Open up the log tab and make sure the top two entries are all zones running and running. If they are not set to that, you did something wrong. Go back and give it another go.

synology_dns16

Point the DNS server setting of a device or PC to your new DNS server and use ping to try out the A, CNAME and MX records we created. If you are running Linux or another proper OS with a dig command you can use that with the full hostname.

dig mailserver.dragon.lab
 
; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> mailserver.dragon.lab
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 236
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mailserver.dragon.lab.		IN	A
 
;; ANSWER SECTION:
mailserver.dragon.lab.	907200	IN	A	10.1.200.4
 
;; AUTHORITY SECTION:
dragon.lab.		907200	IN	NS	ns.dragon.lab.
 
;; ADDITIONAL SECTION:
ns.dragon.lab.	907200	IN	A	10.1.200.3
 
;; Query time: 1 msec
;; SERVER: 10.1.200.3#53(10.1.200.3)
;; WHEN: Wed Feb 24 19:12:22 GMT 2016
;; MSG SIZE  rcvd: 98

You will see from the above output:

  • We were looking up mailserver.dragon.lab.
  • We performed 1 query
  • Receiving 1 answer in response.
  • mailserver.dragon.lab has an A type record
  • With an IP address of 10.1.200.4.
  • The name server, NS, for the domain dragon.lab is ns.dragon.lab.
  • That name server has an IP address of 10.1.200.3.
  • The query was answered by 10.1.200.3 in 1 msec.

If that worked you are good to carry on. If not you did something wrong which needs to be fixed before you continue. Also worth a mention here. The Synology DNS is a caching name server. This means if you perform the same lookup within a few minutes of each other the DNS does not actually do the lookup it looks in its cache first, it can do this quicker then performing the lookup.

You can use the following command to find the MX records for a domain. Try it out for yourself.

dig dragon.lab mx

DNS Forwarders

The DNS server will now resolve all our local hostnames to IP addresses. But it will not resolve hostnames on the internet. For example google.com or bbc.co.uk. Any queries that cannot be resolved need to be forwarded to another DNS server. We do that by setting the values in the Resolution tab.

In the screen shot I have added one of the DNS servers from open DNS 208.67.220.220. They also provide a secondary server 208.67.222.222. The second address I have used is from Google who also provide a freely available public DNS service. They also provide two servers 8.8.8.8 and 8.8.4.4. You could also use the DNS server values provided by your ISP. Note: The DNS servers from your ISP may stop working when you change ISP.

synology_dns15

After adding these values you will now be able to ping hostnames from the internet such as google.com and bbc.co.uk.

Reverse Lookups

So we now have half a zone setup the other half will allow lookups the other way round. That is, where you have an IP address and you want to lookup the hostname. This is done by some applications to verify the “other” server is who they say they are. Such as mail servers checking for spammers.

Create a new zone this time a Reverse zone. The Domain name is a little weird here. The part you enter is the first three numbers from the IP address of your domain. 10.1.200.0 but reversed so I get 200.1.10. I also selected to use the Date for the serial format, again.

synology_dns11

synology_dns12

Update the SOA record to change the email address to something valid. The value it defaults to is NOT.

synology_dns13

We will only need to add NS and PTR type record here. Create an NS record for the names server of our domain. Then create the PTR type records for mailserver, myblog and mythtvserver, along with the others you may need. For the NS type record we only need to first three numbers: 10.1.200 will become 200.1.10.

For the PTR type records we use the full IP address again this is added backwards. Meaning 10.1.200.4 will become 4.200.1.10.

synology_dns14

Once you click finish again, check that all zones are running and that the sever is running.

Check it is working with dig. This time we use a command line option to tell it we are doing a reverse lookup, -x, and pass in the IP address.

dig -x 10.200.1.5
 
; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> -x 10.200.1.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55333
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.200.1.10.in-addr.arpa.	IN	PTR
 
;; ANSWER SECTION:
5.200.1.10.in-addr.arpa. 907200 IN	PTR	mythtv.dragon.lab.
 
;; AUTHORITY SECTION:
200.1.10.in-addr.arpa.	907200	IN	NS	ns.dragon.lab.
 
;; ADDITIONAL SECTION:
ns.dragon.lab.	907200	IN	A	10.200.1.3
 
;; Query time: 1 msec
;; SERVER: 10.200.1.3#53(10.200.1.3)
;; WHEN: Wed Feb 24 19:35:16 GMT 2016
;; MSG SIZE  rcvd: 122

That is your DNS server running.

Dynamically updating DNS and DHCP on Synology NAS

This section will get DNS and DHCP on Synology NAS working together. If you use DHCP to automatically give out a valid IP address to a network attached device, probably from your broadband router or WiFi box, you will not be able to lookup hostnames to find their IP address as they are not registered with your shiny new DNS server. I found this rather useful script to Update Synology DNS records from DHCP IP address reservation. The documentation is good, and easy to follow.

I based the following on those scripts.

You will need terminal access to you Synology NAS, it can be turned on from the Control panel -> Terminal & SNMP in the terminal tab. Be careful with this if your Synology NAS is accessible via the internet then this may be a security problem.

All the files necessary to update your DNS after the DHCP server has given out a new address are available from here dhcp_dns_changes_synology.tgz. Download and untar the files into a convenient place. If this is you first install rename the file settings.example to settings. Edit the settings file with the details for your system. We will use the following:

YourNetworkName=dragon.lab
ForwardMasterFile=dragon.lab
ReverseMasterFile=200.1.10.in-addr.arpa

That is all you should need to change. If I ever update the scripts all you need do is keep your existing settings file and overwrite the others. There is an install script which does some simple checks before copying files to the correct place. Take a look at it to see where things end up.

With the script /usr/local/etc/rc.d/S99pollDHCP.sh you can start, stop, restart or see the status of the service. The command line looks like this when run from a terminal on your diskstation.

/usr/local/etc/rc.d/S99pollDHCP.sh status
/usr/local/etc/rc.d/S99pollDHCP.sh start
/usr/local/etc/rc.d/S99pollDHCP.sh stop
/usr/local/etc/rc.d/S99pollDHCP.sh restart

You can now test it out by stopping any other DHCP servers you have running, probably on your broadband router, and then start up your one on the Synology diskstation. It’s found under Control Panel -> DHCP Server. Highlight your active interface and then Edit. Then you will find a DHCP Server tab. I expect you can do the rest it is quite straight forward. Remember about jumping into the middle of a river?

With that running start up a device or PC that uses DHCP and you should see entries appearing in the file you redirected the out to. In my case it can be seen from an SSH terminal on diskstation with this command

tail -f /volume1/homes/admin/logs/dhcp-dns.log

If all goes well you can now use hostnames to connect or communicate with your other devices and you have a DNS and DHCP on Synology NAS working together.

nohup broken on Diskstation

When I have tried to use nohup on my diskstation it has never worked. This means you can stop and start the service S99pollDHCP.sh as shown above BUT when you log out of the terminal the service will be killed. You can simply reboot your diskstation but as a Linux admin that seems over the top and very Windows but the alternative is clunky too!

Keeping Log Files Tidy

The log file for this script will over time get rather large filling up the system partition on your diskstation. As this is not Windows but running Linux we can sort that out by configuring a job that will compress and rotate the log files each week keeping the last four weeks.

As part of the work the install did was to copy over a logratate configuration file, dhcp-dns.

To check this is working you can force logrotate to run the config file. Change directory to the where your log files are and list the directory contents.

cd /volume1/homes/admin/logs
ls -l

You should see something like this.

drwxr-xr-x    2 root     root          4096 Feb 28 10:43 .
drwxr-xr-x    4 root     root          4096 Feb 23 19:10 ..
-rw-r--r--    1 root     root           882 Feb 28 10:21 dhcp-dns.log

Run logrotate forcing our script to run right now. Then list the files in the log directory again.

logrotate --force /etc/logrotate.d/dhcp-dns
ls -l /volume1/homes/admin/logs

We have a new log file and the old one has been renamed to dhcp-dns.log.1. This one is not compressed, due to the delaycompress option.

drwxr-xr-x    2 root     root          4096 Feb 28 10:43 .
drwxr-xr-x    4 root     root          4096 Feb 23 19:10 ..
-rw-r--r--    1 root     root           882 Feb 28 10:43 dhcp-dns.log
-rw-r--r--    1 root     root          1764 Feb 28 10:21 dhcp-dns.log.1

When logrotate is run next time we will see dhcp-dns.log.2.gz which is compressed. Try running it a few times to see how it works.

Points To Note

This DNS server will reply to any and all recursive queries from any IP. This is probably not what you want. You should also use the Limit source IP List setting found in the Edit Zone settings to limit the IP addresses that will get a response from your DNS.

6 thoughts on “DNS and DHCP on Synology NAS

  1. barsos

    Great article! There is a small downside for when you’re using short hostnames and want to get these resolved with the above approach. This does ONLY work if you can also configure your DHCP server to add your local domain DNS suffix. In my case, devices are assigned an IP through the DHCP server of my ISP modem, and thus get the wrong DNS suffix.
    E.g.:
    dig rpi1.mydomain.com works fine
    dig rpi1 will resolve to rpi1.myisp.com, which is not working of course

    So when you decide to go for your own DNS server, you would typically also need to employ your own DHCP server.

    Also keep in mind that the Synology DNS server does not support Dynamic A Records at this moment. So dynamic IP to an iPad will not be replicated in the DNS server once the IP is changed.

    Reply
    1. Richard Post author

      Thank you for your comment. You seemed to have missed the point of the post. The post is called “DNS and DHCP on Synology NAS” and not “Using some other DHCP server to talk to DNS on Synology” 🙂
      dig always needs a full qualified domain name you cannot use short hostnames.
      You should add the domain name you want to append to the hostname to the DHCP server in the DHCP server configuration on your Synology NAS.
      The point of the post is to provide dynamic ‘A’ records to the Synology DNS server from the DHCP server ALSO running on Synology. And so an IP address provided via DHCP on a Synology NAS to any networked device including some Apple iDodad will work as expected.

      Reply
  2. Reid

    Thank you for the write-up. I just needed a lab DNS server to resolve my lab hostnames and let everything else query my wireless router. This blog was a big help in setting it up on my Synology!

    Reply
  3. rubricsinger

    This was terrific thanks so much, it’s been annoying me for months that I couldn’t get the DNS to keep a list of current devices on the network !

    On tiny thing I had to change for the log rotate, I was getting the following error with verbose on :-
    sudo logrotate –verbose –force /etc/logrotate.d/dhcp-dns
    Ignoring /etc/logrotate.d/dhcp-dns because of bad file mode.

    I fixed it by doing the following chmod on the dhcp-dns file:-
    sudo chmod 644 /etc/logrotate.d/dhcp-dns
    and
    sudo chmod 755 /volume1/homes/admin/logs

    Then i got what was expected.

    Thanks again!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *