User Tools

Site Tools


docs:guide-user:base-system:dhcp.dnsmasq

Dnsmasq

Dnsmasq is a lightweight, easy to configure DNS-forwarder and DHCP-server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP-server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines.

It is already installed and preconfigured on OpenWrt. See → /etc/config/dhcp.

Configuration

The configuration is done with help of the uci-configuration file: /etc/config/dhcp, but you can use this together with the file /etc/dnsmasq.conf.

Depending on the setting in the uci-file, you may also use the files /etc/ethers and /etc/hosts additionally.

/etc/config/dhcp

/etc/config/dhcp is a UCI configuration file and as such documented exclusively in uci. Almost all settings can be configured with it!

/etc/dnsmasq.conf

You can use /etc/dnsmasq.conf in addition, see above.

Example: By default, Dnsmasq comes configured to put your hosts into the .lan domain. This is specified in the configuration file as:

# allow /etc/hosts and dhcp lookups via *.lan
local=/lan/
domain=lan

You can change this to whatever you'd like your home domain to be. Also, if you want your hosts to be available via your home domain without having to specify the domain in your /etc/hosts file, add the expand-hosts directive to your /etc/dnsmasq.conf file.

As an example, without expand-hosts, you can only reach router, ubuntu-desktop and ubuntu-laptop. With expand-hosts on, you can reach router, router.lan, ubuntu-desktop, ubuntu-desktop.lan, etc. This probably matches what you're looking for anyway.

Without this setting, you'll have to add .lan entries to your /etc/hosts.

/etc/ethers

In /etc/ethers static lease entries can be assigned. See → static_leases.

/etc/hosts

In /etc/hosts DNS entries are configured. Dnsmasq will utilize these entries to answer DNS queries on your network.

Format:

[IP_address] host_name host_name_short ...

Example:

192.168.1.1 router OpenWrt localhost
192.168.1.2 debian-server
192.168.1.3 ubuntu-laptop

DNS and DHCP-Ports

DNS needs TCP and UDP port 53 open on the firewall. DHCP needs UDP ports 67 and 68 open from your zone to/from the firewall. See configuration and dnsmasq manual for more information.

Examples

Add a secondary DNS-server

If you already have a DNS-server (secondary DNS-server), but you want your router (primary DNS-server) to resolve some of the DNS-queries.

On your primary DNS-server replace ISP DNS-servers with your secondary server.

uci set network.wan.peerdns="0"
uci set network.wan.dns="192.168.1.2"
uci set network.wan6.peerdns="0"
uci delete network.wan6.dns
uci commit network
service network reload

On your secondary DNS-server replace DHCP-provided servers with ISP DNS-servers or a public DNS-profider.

uci set network.wan.peerdns="0"
uci set network.wan.dns="8.8.8.8 8.8.4.4"
uci set network.wan6.peerdns="0"
uci set network.wan6.dns="2001:4860:4860::8888 2001:4860:4860::8844"
uci commit network
service network reload

Forward DNS-queries to a public DNS-provider

Select a public DNS-provider and configure dnsmasq to forward DNS-requests to the selected provider.

uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server="8.8.8.8"
uci add_list dhcp.@dnsmasq[0].server="8.8.4.4"
uci commit dhcp
service dnsmasq restart

Use different DHCP-ranges for wired and wireless

Suppose you have the following:

vlan0     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:192.168.1.1    Bcast:192.168.1.255    Mask:255.255.255.0
eth1      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:10.75.9.1      Bcast:10.75.9.255      Mask:255.255.255.0

Simply put 2 “dhcp-range” options in your /etc/dnsmasq.conf file:

# dhcp-range=[network-id,],[[,],][,]
dhcp-range=lan,192.168.1.101,192.168.1.104,255.255.255.0,24h
dhcp-range=wlan,10.75.9.111,10.75.9.119,255.255.255.0,2h

You can then use the different “network-id” values with “dhcp-option” to customize the options your DHCP server will supply to your wired and wireless DHCP clients.

for example

#set the default route for dhcp clients on the wlan side to 10.10.6.33
dhcp-option=wlan,3,10.10.6.33
#set the dns server for the dhcp clients on the wlan side to 10.10.6.33
dhcp-option=wlan,6,10.10.6.33
#set the default route for dhcp clients on the lan side to 10.10.6.1
dhcp-option=lan,3,10.10.6.1
#set the dns server for the dhcp clients on the lan side to 10.10.6.1
dhcp-option=lan,6,10.10.6.1

Generate DHCP-responses to ONLY known clients

There are situations where you want Dnsmasq to generate DHCP addresses for only known clients (as defined in /etc/ethers). First, set lan_dhcp_num=0 to indicate that no addresses are to be generated. Then, modify the file /etc/init.d/S60dnsmasq to included the lines after the calls to ipcalc.sh:

        if [ "${num:-150}" = "0" ]; then
                END=static
        fi

Then restart the daemon.

service dnsmasq restart

Broadcast custom default gateway

Use custom default gateway.

uci add_list dhcp.lan.dhcp_option="3,GW_ADDR"
uci commit dhcp
service dnsmasq restart

Reconnect your LAN-clients to apply new DHCP-configuration.

Broadcast custom DNS-server

Provide automatic configuration for your DHCP-clients to use DNS-servers other than one on the router.

uci add_list dhcp.lan.dhcp_option="6,DNS_ADDR1,DNS_ADDR2"
uci commit dhcp
service dnsmasq restart

Reconnect your LAN-clients to apply new DHCP-configuration.

Broadcast WINS-server

Broadcast WINS-server information.

uci add_list dhcp.lan.dhcp_option="44,WINS_ADDR1,WINS_ADDR2"
uci commit dhcp
service dnsmasq restart

Reconnect your LAN-clients to apply new DHCP-configuration.

SRV-Records and SIP-Phones

By default, the option filterwin2k in Dnsmasq is activated, which seems to cause to block queries for SRV-records.

SRV-records are not only used by Windows computers to find their domaincontrollers but also used by e.g SIP-Phones to find the server responsible for a given domain.

SRV-records are a kind of generalized MX-records.

Therefore, the filterwin2k option needs to be disabled in order to let SIP-Phones work that use Dnsmasq as their DNS-server.

uci set dhcp.@dnsmasq[0].filterwin2k="0"
uci commit dhcp
service dnsmasq restart

DNS-filtering

Troubleshooting

Log spammed with DHCPINFORM/DHCPACK

Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below (thanks for http://wiki.excito.org for the info).

Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: DHCPINFORM(br0) 10.69.10.59 00:23:14:c5:33:fc
Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: DHCPACK(br0) 10.69.10.59 00:23:14:c5:33:fc MorgansVaioF12Z

Solution:

uci add_list dhcp.lan.dhcp_option='252,"\n"'
uci commit dhcp
service dnsmasq restart

Assigning Dnsmasq Queryport

The queryport is the outgoing port Dnsmasq uses to query other servers, and is integral to Dnsmasq successfully assigning DNS-values to the DHCP-clients. The default settings create arbitrary high port number connections on a range of ports. You can constrain those connections to a specific port.

uci set dhcp.@dnsmasq[0].queryport="30000"
uci commit dhcp
service dnsmasq restart

Be certain that your firewall allows outbound connections from the router on the query port that you assign. As a caution, Dnsmasq runs as user nobody on OpenWrt so it is not allowed to create listening sockets on ports < 1024. Using the standard DNS-port 53 for these queries will fail. The failure can be found in the logs.

# logread -e dnsmasq.*ignoring.*nameserver
Jan 01 01:01:01 MyRoutersName daemon.warn dnsmasq[3490]: ignoring nameserver 8.8.8.8 - cannot make/bind socket: Permission denied

Do not assign query ports less than 1024 to the queryport.

Notes

docs/guide-user/base-system/dhcp.dnsmasq.txt · Last modified: 2019/03/24 15:31 by vgaetera