DHCP & DNS
DHCP & DNS
Section titled “DHCP & DNS”Version key: 🟢 = 1.3+ · 🟡 = 1.4+ · 🟣 = 1.5+
DHCP Server 🟢 1.3+
Section titled “DHCP Server 🟢 1.3+”VyOS can serve DHCP on any interface. Standard home-router setup takes ~10 lines.
Basic DHCP Pool
Section titled “Basic DHCP Pool”# Enable DHCP on LAN interfaceset service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 start 192.168.1.100set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 stop 192.168.1.200
# Default gatewayset service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1
# DNS serversset service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 name-server 1.1.1.1set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 name-server 8.8.8.8
# Lease time (default 86400 = 24h)set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400Static Mappings
Section titled “Static Mappings”Reserve IPs for specific MAC addresses:
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 \ static-mapping printer ip-address 192.168.1.10set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 \ static-mapping printer mac-address aa:bb:cc:dd:ee:ff
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 \ static-mapping nas ip-address 192.168.1.20set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 \ static-mapping nas mac-address 11:22:33:44:55:66Multiple Subnets / VLANs
Section titled “Multiple Subnets / VLANs”# VLAN 10 — Guest networkset service dhcp-server shared-network-name GUEST subnet 10.0.10.0/24 range 0 start 10.0.10.100set service dhcp-server shared-network-name GUEST subnet 10.0.10.0/24 range 0 stop 10.0.10.200set service dhcp-server shared-network-name GUEST subnet 10.0.10.0/24 default-router 10.0.10.1set service dhcp-server shared-network-name GUEST subnet 10.0.10.0/24 name-server 1.1.1.1set service dhcp-server shared-network-name GUEST subnet 10.0.10.0/24 lease 3600
# VLAN 20 — IoTset service dhcp-server shared-network-name IOT subnet 10.0.20.0/24 range 0 start 10.0.20.100set service dhcp-server shared-network-name IOT subnet 10.0.20.0/24 range 0 stop 10.0.20.200set service dhcp-server shared-network-name IOT subnet 10.0.20.0/24 default-router 10.0.20.1set service dhcp-server shared-network-name IOT subnet 10.0.20.0/24 name-server 1.1.1.1DHCP Options
Section titled “DHCP Options”Push custom options (e.g., TFTP, NTP, vendor-specific):
# NTP serverset service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 \ subnet-parameters "option ntp-servers 192.168.1.1;"
# TFTP boot server (for PXE)set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 \ subnet-parameters "next-server 192.168.1.10;"set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 \ subnet-parameters "filename \"pxelinux.0\";"
# Custom DNS domainset service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 \ domain home.lanDNS Forwarding
Section titled “DNS Forwarding”VyOS runs a DNS forwarder (PowerDNS recursor). Configure:
# Enable DNS forwardingset service dns forwarding allow-from 192.168.0.0/16set service dns forwarding listen-address 192.168.1.1set service dns forwarding listen-address 10.0.10.1
# Upstream resolversset service dns forwarding name-server 1.1.1.1set service dns forwarding name-server 8.8.8.8
# Cache sizeset service dns forwarding cache-size 10000
# Negative cache (NXDOMAIN caching)set service dns forwarding negative-ttl 300
# Listen on loopback too (for router itself)set service dns forwarding listen-address 127.0.0.1set service dns forwarding systemHost Overrides (Split DNS)
Section titled “Host Overrides (Split DNS)”Override specific hostnames locally:
set service dns forwarding domain home.lan server 192.168.1.100set service dns forwarding domain internal.lab server 10.0.0.53
# Static host entriesset system static-host-mapping host-name router.home.lan inet 192.168.1.1set system static-host-mapping host-name nas.home.lan inet 192.168.1.20Domain Blocking / Ad Blocking
Section titled “Domain Blocking / Ad Blocking”# Forward unwanted domains to 0.0.0.0 (or a sinkhole)set service dns forwarding negative-deliveryset service dns forwarding domain doubleclick.net server 0.0.0.0set service dns forwarding domain googlesyndication.com server 0.0.0.0
# Or use a blocklist via script# Better — use a dedicated adblock container/VMDynamic DNS (DDNS) 🟡 1.4+
Section titled “Dynamic DNS (DDNS) 🟡 1.4+”Update a dynamic DNS provider when your WAN IP changes:
# Cloudflare exampleset service dns dynamic name cf-dynamic interface eth0set service dns dynamic name cf-dynamic service cloudflareset service dns dynamic name cf-dynamic service cloudflare host-name router.example.comset service dns dynamic name cf-dynamic service cloudflare password 'api-token'set service dns dynamic name cf-dynamic service cloudflare zone example.com
# DuckDNSset service dns dynamic name duckdns interface eth0set service dns dynamic name duckdns service dyndnsset service dns dynamic name duckdns service dyndns server www.duckdns.orgset service dns dynamic name duckdns service dyndns host-name myrouter.duckdns.orgset service dns dynamic name duckdns service dyndns login ''set service dns dynamic name duckdns service dyndns password 'your-token'
# Afraid.org (FreeDNS)set service dns dynamic name afraid interface eth0set service dns dynamic name afraid service afraidset service dns dynamic name afraid service afraid host-name your-host.mooo.comset service dns dynamic name afraid service afraid login 'username'set service dns dynamic name afraid service afraid password 'password'Verify & Troubleshoot
Section titled “Verify & Troubleshoot”# Show DHCP leasesshow dhcp server leases
# Show DHCP statisticsshow dhcp server statistics
# Show DNS forwarding statsshow dns forwarding statistics
# Test DNS resolutionnslookup google.com 192.168.1.1
# Check DDNS statusshow dns dynamic statusComplete Home Router DHCP+DNS
Section titled “Complete Home Router DHCP+DNS”Putting it together — minimal config for a home router:
# DHCPset service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 start 192.168.1.100set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 range 0 stop 192.168.1.200set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 name-server 192.168.1.1set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 domain home.lanset service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400
# DNS forwardingset service dns forwarding allow-from 192.168.1.0/24set service dns forwarding listen-address 192.168.1.1set service dns forwarding name-server 1.1.1.1set service dns forwarding name-server 8.8.8.8set service dns forwarding cache-size 5000