Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:base-system:dhcp.dnsmasq [2018/03/03 20:33] – ↷ Links adapted because of a move operation | docs:guide-user:base-system:dhcp.dnsmasq [2019/04/24 11:18] – Correct link to excito wiki jaimet | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Dnsmasq ===== | ====== Dnsmasq ===== | ||
| - | [[wp> | + | [[wp> |
| + | It is designed to provide DNS and, optionally, DHCP, to a small network. | ||
| It can serve the names of local machines which are not in the global DNS. | It can serve the names of local machines which are not in the global DNS. | ||
| - | The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. | + | The DHCP-server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. |
| Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. | Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. | ||
| - | + | It is already installed and preconfigured on OpenWrt. | |
| - | It is already installed and preconfigured on OpenWrt. See -> '' | + | |
| ===== Configuration ===== | ===== Configuration ===== | ||
| - | The configuration is done with help of the uci-configuration file: '' | + | The configuration is done with help of the uci-configuration file: ''/ |
| Depending on the setting in the uci-file, you may also use the files ''/ | Depending on the setting in the uci-file, you may also use the files ''/ | ||
| ==== / | ==== / | ||
| - | -> [[docs: | + | -> [[docs: |
| + | Almost all settings can be configured with it! | ||
| ==== / | ==== / | ||
| - | You can use ''/ | + | It is possible to mix the traditional |
| + | |||
| + | The '' | ||
| + | Note that options in ''/ | ||
| + | |||
| + | You can have dnsmasq execute a script on every action: '' | ||
| Example: | Example: | ||
| - | By default, | + | By default, |
| + | This is specified in the configuration file as: | ||
| - | < | + | < |
| # allow /etc/hosts and dhcp lookups via *.lan | # allow /etc/hosts and dhcp lookups via *.lan | ||
| local=/lan/ | local=/lan/ | ||
| Line 27: | Line 34: | ||
| </ | </ | ||
| - | You can change this to whatever you'd like your home domain to be. Also, if you want your hosts to be available via your home domain without having to specify the domain in your < | + | You can change this to whatever you'd like your home domain to be. |
| - | file, add the '' | + | Also, if you want your hosts to be available via your home domain without having to specify the domain in your '' |
| As an example, without '' | As an example, without '' | ||
| Line 35: | Line 42: | ||
| Without this setting, you'll have to add //.lan// entries to your ''/ | Without this setting, you'll have to add //.lan// entries to your ''/ | ||
| - | |||
| ==== /etc/ethers ==== | ==== /etc/ethers ==== | ||
| - | In ''/ | + | In ''/ |
| + | See -> [[docs: | ||
| ==== /etc/hosts ==== | ==== /etc/hosts ==== | ||
| - | In ''/ | + | In ''/ |
| + | Dnsmasq | ||
| Format: | Format: | ||
| - | < | + | < |
| [IP_address] host_name host_name_short ... | [IP_address] host_name host_name_short ... | ||
| </ | </ | ||
| Line 51: | Line 59: | ||
| Example: | Example: | ||
| - | < | + | < |
| 192.168.1.1 router OpenWrt localhost | 192.168.1.1 router OpenWrt localhost | ||
| 192.168.1.2 debian-server | 192.168.1.2 debian-server | ||
| Line 57: | Line 65: | ||
| </ | </ | ||
| - | ==== DNS and DHCP Ports ==== | + | ===== Troubleshooting ===== |
| - | DNS needs TCP and UDP port 53 open on the firewall. DHCP needs UDP ports 67 and 68 open from your zone to/from the firewall. See http:// | + | ==== DHCP response missing due to network overload |
| + | Sometimes when an interface is on the edge of the capacity (especially WiFi over longer distances) a DHCP request could be not replied in time. | ||
| + | Therefore the DHCP client will not be able to receive proper network settings. | ||
| + | A possible workaround is using static IPs or very long DHCP leases | ||
| + | This is particularly important when one has several WiFi repeaters that use DHCP and are distant from each other or not easily accessible. | ||
| - | ===== Examples ===== | + | ==== Log spammed with DHCPINFORM/ |
| - | ==== Add a secondary DNS ==== | + | Windows 7 among others ask for proxy settings using DHCP. |
| - | What to do if you already | + | The issue is that they do not stop asking until they have received an answer. |
| - | < | + | This results in that the log contains |
| - | rm /etc/resolv.conf | + | |
| - | </code> | + | |
| - | That will remove the resolv.conf symlink. | + | Solution: |
| - | Then we will add the ip address of the secondary DNS inside the / | + | |
| - | < | + | |
| - | echo " | + | |
| - | </ | + | |
| - | Replace 192.168.1.2 by the ip of your dns server | + | <code bash> |
| - | then reboot or restart | + | uci add_list dhcp.lan.dhcp_option=' |
| - | < | + | uci commit dhcp |
| - | reboot | + | service dnsmasq |
| </ | </ | ||
| - | or | + | ==== Static lease issues ==== |
| - | < | + | Windows 7 has introduced a new [[http://answers.microsoft.com/en-us/windows/ |
| - | killall dnsmasq | + | It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is **NOT** active currently (i.e. cable disconnected). |
| - | /etc/init.d/dnsmasq start | + | This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux. |
| - | </code> | + | |
| + | If you try configure MAC address hot swap on your router, Windows 7 clients will end up in an infinite [[http:// | ||
| - | Then you'll need to set up your secondary dns for resolving internet' | + | Solution: |
| - | ssh into your router then: | + | - Create a [[google> |
| - | < | + | * Add the MAC address of the bridge |
| - | cat / | + | * Since the bridge will probably take and alter your ethernet MAC address, |
| - | </ | + | - Another solution is IPv6 friendly, |
| - | + | * When you plug the ethernet cable in, disable wireless interface in control panel (power off wireless won't do it). | |
| - | it will give you something like this: | + | * When you unplug ethernet cable, enable wireless and disable ethernet. |
| - | < | + | |
| - | nameserver 212.68.193.110 | + | |
| - | nameserver 212.68.193.196 | + | |
| - | </ | + | |
| - | + | ||
| - | Copy the information and then add it to your secondary DNS's /etc/resolv.conf: | + | |
| - | into your secondary dns do: | + | |
| - | < | + | |
| - | rm /etc/ | + | |
| - | echo " | + | |
| - | echo " | + | |
| - | </ | + | |
| - | + | ||
| - | Replace 212.68.193.110 | + | |
| - | + | ||
| - | ==== Configuring dnsmasq to forward dns requests to public dns servers ==== | + | |
| - | If you want to use public dns servers((such as [[https:// | + | |
| - | + | ||
| - | Just add the following lines to / | + | |
| - | < | + | |
| - | server=8.8.8.8 | + | |
| - | server=8.8.4.4 | + | |
| - | </ | + | |
| - | In case you prefer to use [[docs: | + | < |
| - | < | + | uci add dhcp host |
| - | uci add_list | + | uci set dhcp.@host[-1].name=" |
| - | uci add_list | + | uci set dhcp.@host[-1].ip="192.168.1.230" |
| + | uci set dhcp.@host[-1].mac=" | ||
| uci commit dhcp | uci commit dhcp | ||
| + | service dnsmasq restart | ||
| </ | </ | ||
| - | |||
| - | You may also edit / | ||
| - | < | ||
| - | config dnsmasq | ||
| - | option domainneeded ' | ||
| - | option boguspriv ' | ||
| - | option localise_queries ' | ||
| - | option local '/ | ||
| - | option domain ' | ||
| - | option expandhosts ' | ||
| - | option authoritative ' | ||
| - | option readethers ' | ||
| - | option leasefile '/ | ||
| - | option resolvfile '/ | ||
| - | option rebind_protection ' | ||
| - | list server ' | ||
| - | list server ' | ||
| - | </ | ||
| - | |||
| - | In case you want to use OpenDNS (there are 4 public dns servers) | ||
| - | < | ||
| - | uci add_list dhcp.@dnsmasq[-1].server=208.67.222.222 | ||
| - | uci add_list dhcp.@dnsmasq[-1].server=208.67.220.220 | ||
| - | uci add_list dhcp.@dnsmasq[-1].server=208.67.222.220 | ||
| - | uci add_list dhcp.@dnsmasq[-1].server=208.67.220.222 | ||
| - | uci commit dhcp | ||
| - | </ | ||
| - | |||
| - | In case you want to use Quad9 (there are 2 public dns servers) | ||
| - | < | ||
| - | uci add_list dhcp.@dnsmasq[-1].server=9.9.9.9 | ||
| - | uci add_list dhcp.@dnsmasq[-1].server=149.112.112.112 | ||
| - | uci commit dhcp | ||
| - | </ | ||
| - | |||
| - | Of course, you can use another dns servers. Just send a SIGHUP to dnsmasq process or restart dnsmasq service to apply the newly added forwarding DNS servers. | ||
| - | |||
| - | ==== Configuring dnsmasq to use different IP ranges for wired and wireless ==== | ||
| - | Suppose you have the following: | ||
| - | |||
| - | < | ||
| - | vlan0 Link encap: | ||
| - | inet addr: | ||
| - | eth1 Link encap: | ||
| - | inet addr: | ||
| - | </ | ||
| - | |||
| - | Simply put 2 " | ||
| - | file: | ||
| - | |||
| - | < | ||
| - | # dhcp-range=[network-id, | ||
| - | dhcp-range=lan, | ||
| - | dhcp-range=wlan, | ||
| - | </ | ||
| - | |||
| - | You can then use the different " | ||
| - | |||
| - | for example | ||
| - | |||
| - | < | ||
| - | #set the default route for dhcp clients on the wlan side to 10.10.6.33 | ||
| - | dhcp-option=wlan, | ||
| - | #set the dns server for the dhcp clients on the wlan side to 10.10.6.33 | ||
| - | dhcp-option=wlan, | ||
| - | #set the default route for dhcp clients on the lan side to 10.10.6.1 | ||
| - | dhcp-option=lan, | ||
| - | #set the dns server for the dhcp clients on the lan side to 10.10.6.1 | ||
| - | dhcp-option=lan, | ||
| - | </ | ||
| - | |||
| - | ==== Configuring dnsmasq to generate DHCP responses to ONLY known clients ==== | ||
| - | There are situations where you want dnsmasq to generate DHCP addresses for | ||
| - | only known clients (as defined in < | ||
| - | ). First, set < | ||
| - | |||
| - | to indicate that no addresses are to be generated. | ||
| - | Then, modify the file < | ||
| - | to included the lines | ||
| - | < | ||
| - | if [ " | ||
| - | END=static | ||
| - | fi | ||
| - | </ | ||
| - | |||
| - | after the calls to < | ||
| - | . Restart the daemon or reboot. | ||
| - | |||
| - | ==== Configuring dnsmasq to associate client hostnames with DHCP-supplied IP addresses ==== | ||
| - | You will need the following lines in your < | ||
| - | file: (Adjust IP address if your router is not 192.168.1.1) | ||
| - | |||
| - | < | ||
| - | dhcp-option=3, | ||
| - | dhcp-option=6, | ||
| - | </ | ||
| - | |||
| - | That's it for dnsmasq on the router. The trick is that the DHCP client must send its hostname during the DHCP negotiation. The < | ||
| - | file, which may be in < | ||
| - | | ||
| - | | ||
| - | |||
| - | < | ||
| - | send host-name " | ||
| - | </ | ||
| - | |||
| - | Save the file, then restart the interface. Repeat on all client systems. | ||
| - | |||
| - | ==== Configuring dnsmasq to broadcast WINS server information ==== | ||
| - | You will need the following line in your < | ||
| - | file: (Adjust IP address if your WINS server is not 192.168.1.2) | ||
| - | |||
| - | < | ||
| - | dhcp-option=44, | ||
| - | </ | ||
| - | |||
| - | Now as your machines release and renew DHCP information they will obtain the address of the WINS server automatically. | ||
| - | |||
| - | ==== Configuring dnsmasq to broadcast External DNS server information ==== | ||
| - | The following change to your ''/ | ||
| - | |||
| - | < | ||
| - | dhcp-option=6, | ||
| - | </ | ||
| - | |||
| - | Or you can do the same in ''/ | ||
| - | |||
| - | < | ||
| - | ... | ||
| - | config ' | ||
| - | list ' | ||
| - | ... | ||
| - | </ | ||
| - | |||
| - | |||
| - | As your machines release and renew their DHCP configuration they will obtain the address of the new DNS servers automatically. | ||
| - | |||
| - | ==== SIP-Phones and dnsmasq ==== | ||
| - | By default, the option filterwin2k in dnsmasq is activated, which seems to cause to block queries for '' | ||
| - | |||
| - | '' | ||
| - | |||
| - | '' | ||
| - | |||
| - | Therefore, the '' | ||
| - | |||
| - | Commented out in ''/ | ||
| - | |||
| - | |||
| - | Or you can do the same in ''/ | ||
| - | |||
| - | < | ||
| - | config ' | ||
| - | option ' | ||
| - | ... | ||
| - | </ | ||
| - | |||
| - | ==== DNS filtering ==== | ||
| - | * [[https:// | ||
| - | |||
| - | ===== Troubleshooting ===== | ||
| - | |||
| - | ==== log continuously filled with DHCPINFORM / DHCPACK ==== | ||
| - | |||
| - | |||
| - | |||
| - | Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below (thanks for http:// | ||
| - | |||
| - | < | ||
| - | Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: | ||
| - | Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: | ||
| - | </ | ||
| - | |||
| - | To solve this, edit / | ||
| - | < | ||
| - | # This will tell DHCP clients to not ask for proxy information | ||
| - | # Some clients, like Windows 7, will constantly ask if not told NO | ||
| - | dhcp-option=252," | ||
| - | </ | ||
| - | and restart dnsmasq with / | ||
| - | |||
| - | ==== Assigning dnsmasq Queryport | ||
| - | |||
| - | The queryport is not the dns server port used by dhcp clients, it is the outgoing port dnsmasq uses to query other servers, and is integral to dnsmasq succesfully assigning DNS values to the DHCP clients. | ||
| - | |||
| - | As a caution, dnsmasq runs as user " | ||
| - | < | ||
| - | Jan 01 01:01:01 MyRoutersName daemon.warn dnsmasq[3490]: | ||
| - | </ | ||
| - | Do not assign query ports less than 1024 to the queryport. | ||
| ===== Notes ===== | ===== Notes ===== | ||
| Line 318: | Line 113: | ||
| * Tutorial http:// | * Tutorial http:// | ||
| * Tutorial http:// | * Tutorial http:// | ||
| + | |||