4. DNS and DHCP Services

4.1. DNS Server for the Local Zone

In this scenario, named listens for DNS queries on the internal interface and queries dns-proxy, which provides the response.

Figure 5.19. DNS Server - Proxy configuration

DNS Server - Proxy configuration

The configuration in Figure 5.19, “DNS Server - Proxy configuration” shows Kernun UTM using named as the resolver (server ^system.INT.ipv4.host : 53 in the resolver section). dns-proxy is bound to the loopback interface by non-transparent [] : 53 in the listen-on section of dns-proxy. See Section 3, “Caching Name Server” for further information.

Figure 5.20. DNS Server - BIND configuration

DNS Server - BIND configuration

In the configuration depicted in Figure 5.20, “DNS Server - BIND configuration”, the named daemon is configured in the nameserver section to listen on the internal address on port 53 (listen-sock ^system.INT.ipv4.host : 53) and to forward the request to dns-proxy on the loopback interface (forwarder [] : 53).

Finally, there is the zone pha section. The name pha.tns.cz item assigns its name and the generate item makes KGB generate the zone data from hosts-table. The reverse item makes zone pha-reverse provide reverse DNS records for the local network.

The hosts-table section contains multiple host items, each defining the host name (e.g. "builder.pha.tns.cz") and the IP address (e.g. "") for a certain MAC address (e.g. "00:1D:7D:02:F7:C6").

It is possible to globally force the clients to use SafeSearch functionality for Google, YouTube and Bing by using samples/include/safe-search.cml.

4.2. DHCP Server for the Local Network

The Dynamic Host Configuration Protocol (DHCP) is used by a client to obtain information necessary to connect to an IP network automatically, with no need of manual administration. This information includes the client's IP address, network mask, default gateway, DNS server address, etc.

Figure 5.21. DHCP configuration

DHCP configuration

The DHCP server is configured in the dhcp-server section. In this example, the DNS server address pushed by the DHCP server is (name-server item). The lease time is set to 10 hours (default-lease-time) and the maximum lease time to 1 day (max-lease-time). Furthermore, there is a setting for the domain name (domain), the router address (router) and the NTP server (time-server). There is a range of IP addresses (range [] []) reserved for subnet devel, which also has the domain name altered to (domain devel.tns.cz). The addresses assigned by DHCP server will therefore by between and

The hosts-table section defines a single host with a predefined IP address: the host u2 with the MAC address 00:17:08:3e:a7:ba is assigned the IP address (host [] { u2 } "00:17:08:3e:a7:ba").

See dhcp-server(5) for details.