Dnsmasq DHCP server

Dnsmasq is a lightweight, easy to configure DNS-forwarder and DHCP-server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP-server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. It is already installed and preconfigured on OpenWrt.

The configuration is done with help of the uci-configuration file: /etc/config/dhcp, but you can use this together with the file /etc/dnsmasq.conf.

Depending on the setting in the uci-file, you may also use the files /etc/ethers and /etc/hosts additionally.

/etc/config/dhcp is a UCI configuration file and as such documented exclusively in uci. Almost all settings can be configured with it!

It is possible to mix the traditional /etc/dnsmasq.conf configuration file with the options found in /etc/config/dhcp.

The dnsmasq.conf file does not exist by default but will be processed by dnsmasq on startup if it is present. Note that options in /etc/config/dhcp take precendence over dnsmasq.conf since they are translated to command line arguments.

Example: By default, Dnsmasq comes configured to put your hosts into the .lan domain. This is specified in the configuration file as:

# allow /etc/hosts and dhcp lookups via *.lan
local=/lan/
domain=lan

You can change this to whatever you'd like your home domain to be. Also, if you want your hosts to be available via your home domain without having to specify the domain in your /etc/hosts file, add the expand-hosts directive to your /etc/dnsmasq.conf file.

As an example, without expand-hosts, you can only reach router, ubuntu-desktop and ubuntu-laptop. With expand-hosts on, you can reach router, router.lan, ubuntu-desktop, ubuntu-desktop.lan, etc. This probably matches what you're looking for anyway.

Without this setting, you'll have to add .lan entries to your /etc/hosts.

In /etc/ethers static lease entries can be assigned. See → static_leases.

In /etc/hosts DNS entries are configured. Dnsmasq will utilize these entries to answer DNS queries on your network.

Format:

[IP_address] host_name host_name_short ...

Example:

192.168.1.1 router OpenWrt localhost
192.168.1.2 debian-server
192.168.1.3 ubuntu-laptop

Sometimes when an interface is on the edge of the capacity (especially WiFi over longer distances) a DHCP request could be not replied in time. Therefore the DHCP client will not be able to receive proper network settings. A possible workaround is using static IPs or very long DHCP leases (more than 12h). This is particularly important when one has several WiFi repeaters that use DHCP and are distant from each other or not easily accessible.

Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below (thanks to the excito wiki for the info).

Solution:

uci add_list dhcp.lan.dhcp_option='252,"\n"'
uci commit dhcp
service dnsmasq restart

Windows 7 has introduced a new Microsoft-enhanced feature. It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is NOT active currently (i.e. cable disconnected). This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux.

If you try configure MAC address hot swap on your router, Windows 7 clients will end up in an infinite DORA loop.

Solution:

  1. Create a bridge from the wireless and ethernet interfaces on your client
    • Add the MAC address of the bridge to /etc/config/dhcp
    • Since the bridge will probably take and alter your ethernet MAC address, you will lose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up.
  2. Another solution is IPv6 friendly, you don't need to create a bridge, nor add MAC address to dnsmasq config file, but it involves user interaction:
    • When you plug the ethernet cable in, disable wireless interface in control panel (power off wireless won't do it).
    • When you unplug ethernet cable, enable wireless and disable ethernet.
uci add dhcp host
uci set	dhcp.@host[-1].name="example-host"
uci set	dhcp.@host[-1].ip="192.168.1.230"
uci set	dhcp.@host[-1].mac="00:a0:24:5a:33:69 00:11:22:33:44:55 02:a0:24:5a:33:69 02:11:22:33:44:55"
uci commit dhcp
service dnsmasq restart

If you use Adguard DNS as forwarder (to have a cheap and efficient network adblocker), you need to disable Rebind protection, to avoid lag or site unreachable due to Rebin protection.

If not, you can see lot of this log in system.log, and have lag or host unreachable issue.

daemon.warn dnsmasq[xxx]: possible DNS-rebind attack detected: any.adserver.dns
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/05/12 07:38
  • by jow