Setting up DNS and DHCP Server for Nethserver 8

, ,

NethServer Version:8

I’ve been exploring v8 a bit more this year. One of the features I utilize quite a bit is the DHCP and DNS servers. Is this still being supported in v8? If so, how would I go about doing that?

1 Like

Hello Kevin! :wave:

Currently DHCP and DNS is not part of NS8, but has been moved to NethSecurity (the firewall distribution).
We have plans for an authoritative DNS module, but currently we didn’t think about the DHCP.
It should not be very hard to add it back, but probably a firewall is better suited of this kind of job.
What do you think?


AD needs DNS and should provide such to work…
So there “IS” something there!

Otherwise I agree, Firewall is better place for DNS / DHCP.
But maybe integrated with the AD DNS would be a better solution. Both Unbound and DNSmask can handle this.

How exactly, I leave up to the Devs, they handle that better than I do! :slight_smile:

My 2 cents

1 Like

Hi @giacomo ,

I think that ns8 should provide an option for a DNS server as well. In some settings it could really help to make things easier (eg for blacklist lookups of the mail server, if the ns8 host is the only machine with a fixed IP, or with AD, where a DNS is required anyway).

1 Like


I am testing NS8 on debian 12.
First thing İ looked at was DNS and DHCP for AD.
I must admit that lack of these two services surprised me.
NethSecurity looks promising and I am very excited to test it as well but I don’t see the point of current strategy of NS8 without DNS/DHCP while it is offering AD out of the box.
Do we need to use NethSecurity along with NS8 for AD senarios if DNS/DHCP does not exist on the network?

1 Like

Hi @ytandogan,

Merhaba and welcome in the Nethserver Community.

Any suitable router and any suitable firewall can be used for this.



If you use Proxmox, to run Nethserver as a virtual machine on it, you could use the Hypervisor (since Proxmox version 8.1) to get DHCP and DNS… Software-Defined Network

Hi @fausp

Proxmox does virtualization REALLY well.

This SDN with DNS and DHCP feels like “something made in the East”, like an East German (GDR/DDR) Trabbi car, compared to the West german Brands like Mercedes, Porsche, Audi and BMW…

And I consider mself a Proxmox fan… (Still am, PBS and PVE just rock!).

I still have my reasons for a decent separate firewall, providing decent DNS and DHCP services.


Make no mistake, I do consider PowerDNS one of the top DNS servers around, next to BIND!

My 2 cents

1 Like

Hi @Andy_Wismer, give them a chance, its new…


Quite true.

Then again, a product does NOT have to do everything.
It may be more comfortable, everything in one place.
But that’s not criteria one in life! Not always, at least!

It does remind me of the earlier days of SME server or even NethServer as an all in one box, especially in the days before LetsEncrypt. Server shoots itself in the foot during updating and the self generated SSL cert has issues. IF you had a screen hooked up, you saw fast moving console errors flying over the screen, but as Apache wasn’t working, you couldn’t login via WebGUI (Dashboard / Cockpit / Server-Manager). If you were lucky, it’s still reachable by SSH. if not, first finding a monitor, keyboard or whatever and troubleshooting - without working Internet… :frowning:

The old proverb about putting all your eggs in one basket? It only takes a nice trip…

I still prefer using “Best of Breed” for important stuff. Proxmox is Best of Breed when it comes to Virtualization and Backups - PBS is so efficient.

But in DNS / DHCP / Firewalling, they’re not there.

And also not putting all my eggs in the same basket! Farmers have learned the risks of monocultures, and those don’t only come from using stuff like Mircosoft

PS: Typo Intentional, your eyes still read it right. :slight_smile:

→ Putting Services like DNS / DHCP (-> Defining your Network) and Firewalling (-> Separating & protecting your network from the big bad web!) does make sense.Without working DNS, Internet won’t really work, without DHCP, pushing that info to clients (static IPs!) is tedious and not really failure-tolerant.

There are always different needs and use-cases, each must decide for themselves, what makes sense and is viable, maintainable and affordable.

My 2 cents

1 Like