Basic Networking Services

Leave a Comment / Computing / By

How to setup core networking services like DHCP, DNS, ad-blocking and remote access for the home network.

Background

Some basic network services can be provided by the Internet service provider router. However, running the services on the server enables easier control, enhanced functionalities, and more features. So what are the basic services needed:

DHCP

Dynamic Host Configuration Protocol is a service that enables a host (a device connecting on the network) to automatically receive a configuration so it can connect to the network, and communicate with other hosts, using the TCP-IP protocol. This configuration typically includes an IP address, the network mask, the gateway (or router) address, DNS server(s) to use, and other optional information, like time keeping, proxy servers…
It is a critical service to enable automatic configuration in the home network.

DNS

Domain Name System is a service that allows us, humans, to use words, or domain names, when connecting to devices over a network, and not their IP address. It is much easier to remember “myfavouritewebsite.com” than 172.45.2.125 for example.
However, Internet uses IP addresses to communicate, so DNS actually translates a host or domain name into an IP address, so TCP-IP can do its magic.

Running the service on the home server will make the network more efficient, allows to easily use names for every device on the network, and as a bonus, can also provide a network wide ad-blocking service, with some nice trickery.

Remote access

Being able to remotely access the home network can provide significant benefits, like accessing files, private cloud, home automation, hosting some website…

A few things to consider when enabling remote access:

  • As mentioned above, Internet communicates with IP addresses, and unless you told your Internet Service Provider you need a static IP address, your external IP address, the address that is used to remotely access the home network, is dynamic: it can and will change. It makes it more difficult to access the home network remotely, but this is where DDNS, or Dynamic DNS, can help. We can use a domain name, and the DDNS service will look after making sure it knows the current IP address, so communication works.
  • Security! Nowadays, we hear about security, or security flaws, nearly every day. And if you start looking at what happens to a computer exposed to the Internet, it is easy to understand some precautions are indeed a must to keep the home network safe. We’ll use a mix of encryption and authentication to secure the connections to the home network.
    Encryption means even if someone capture network traffic from or to the home network, the data is encrypted, and can not be easily decrypted.
    Authentication means that for some services, we need to identify who access the service, and check it is indeed allowed to do so. Used with encryption, it means that even if we need to pass some user credential (a username and password for example), no one can just capture the network traffic, and read from it the credentials.

Solution

Luckily enough, a nice little piece of software will provide DHCP, DNS and ad-blocking in one easy to install and manage package: Pi-hole. Pi-hole describes itself as a black hole for Internet advertisements. Now I like this idea! I hate constant advertisement on web pages. It distracts from the content, and has no value to me. The benefit of using Pi-hole for the home network would be:

  • Blocks thousands of Ad-serving domains
  • No client software: don’t need to add anything on devices connected on the home network. They all benefit from Pi-hole automatically.
  • Improve network performance: the adds are not downloaded, so web pages are more responsive, and use less network bandwidth to load. If you’re not on unlimited broadband for example, this is very welcomed. You’d be surprised how much bandwidth is used just to display ads on the pages you browse.
  • Provides DHCP and DNS services. It is using DNSmasq as it core, which means we can even extend the functionalities to provided TFTP/BootP server, so we can boot operating systems from the network, without installing anything on the client. More on this in another article.
  • Can be managed with a nice web interface remotely.

The way it works is by intercepting URL for ad serving services, and serving them locally, as empty content. It does so at the DNS level of the network.
As explained before, Internet works using IP addresses, and in a web page, the ad content is managed by URL, using domain names. Pi-Hole maintains a list of ad serving services, and if a page request some content from one of them, it tells the page the content is local, and serve empty content. Therefore the request never reach the ad service, and the ad is never downloaded from it. This also means it needs to have port 80 and 443 available. As the server will also host web services that need those ports, I will implement Pi-hole in a virtual machine, with it’s own IP address so it is separate from the server IP.

For remote access, I’ll setup the server with SSH remote access, DuckDNS.org free Dynamic DNS and port forwarding on the Internet router.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close