Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:base-system:dhcp.dnsmasq [2019/03/24 14:43] – formatting vgaetera | docs:guide-user:base-system:dhcp.dnsmasq [2019/04/24 11:18] – Correct link to excito wiki jaimet | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Dnsmasq ===== | ====== Dnsmasq ===== | ||
| - | [[wp> | + | [[wp> |
| + | It is designed to provide DNS and, optionally, DHCP, to a small network. | ||
| It can serve the names of local machines which are not in the global DNS. | It can serve the names of local machines which are not in the global DNS. | ||
| - | The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. | + | The DHCP-server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. |
| Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. | Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. | ||
| - | + | It is already installed and preconfigured on OpenWrt. | |
| - | It is already installed and preconfigured on OpenWrt. See -> '' | + | |
| ===== Configuration ===== | ===== Configuration ===== | ||
| - | The configuration is done with help of the uci-configuration file: '' | + | The configuration is done with help of the uci-configuration file: ''/ |
| Depending on the setting in the uci-file, you may also use the files ''/ | Depending on the setting in the uci-file, you may also use the files ''/ | ||
| ==== / | ==== / | ||
| - | -> [[docs: | + | -> [[docs: |
| + | Almost all settings can be configured with it! | ||
| ==== / | ==== / | ||
| - | You can use ''/ | + | It is possible to mix the traditional |
| + | |||
| + | The '' | ||
| + | Note that options in ''/ | ||
| + | |||
| + | You can have dnsmasq execute a script on every action: '' | ||
| Example: | Example: | ||
| - | By default, | + | By default, |
| + | This is specified in the configuration file as: | ||
| <code bash> | <code bash> | ||
| Line 27: | Line 34: | ||
| </ | </ | ||
| - | You can change this to whatever you'd like your home domain to be. Also, if you want your hosts to be available via your home domain without having to specify the domain in your ''/ | + | You can change this to whatever you'd like your home domain to be. |
| + | Also, if you want your hosts to be available via your home domain without having to specify the domain in your ''/ | ||
| As an example, without '' | As an example, without '' | ||
| Line 36: | Line 44: | ||
| ==== /etc/ethers ==== | ==== /etc/ethers ==== | ||
| - | In ''/ | + | In ''/ |
| + | See -> [[docs: | ||
| ==== /etc/hosts ==== | ==== /etc/hosts ==== | ||
| - | In ''/ | + | In ''/ |
| + | Dnsmasq | ||
| Format: | Format: | ||
| Line 55: | Line 65: | ||
| </ | </ | ||
| - | ==== DNS and DHCP Ports ==== | + | ===== Troubleshooting ===== |
| - | DNS needs TCP and UDP port 53 open on the firewall. DHCP needs UDP ports 67 and 68 open from your zone to/from the firewall. | + | ==== DHCP response missing due to network overload |
| + | Sometimes when an interface is on the edge of the capacity (especially WiFi over longer distances) a DHCP request could be not replied in time. | ||
| + | Therefore the DHCP client will not be able to receive proper | ||
| + | A possible workaround is using static IPs or very long DHCP leases | ||
| + | This is particularly important when one has several WiFi repeaters that use DHCP and are distant from each other or not easily accessible. | ||
| - | ===== Examples ===== | + | ==== Log spammed with DHCPINFORM/ |
| - | ==== Add a secondary DNS-server ==== | + | Windows 7 among others ask for proxy settings using DHCP. |
| - | If you already | + | The issue is that they do not stop asking until they have received an answer. |
| - | + | This results in that the log contains | |
| - | On your primary DNS-server replace ISP DNS-servers with your secondary server. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | uci set network.wan.peerdns=" | + | |
| - | uci set network.wan.dns=" | + | |
| - | uci set network.wan6.peerdns=" | + | |
| - | uci delete network.wan6.dns | + | |
| - | uci commit network | + | |
| - | service network reload | + | |
| - | </ | + | |
| - | + | ||
| - | On your secondary DNS-server replace DHCP-provided servers with ISP DNS-servers or a [[wp> | + | |
| - | + | ||
| - | <code bash> | + | |
| - | uci set network.wan.peerdns=" | + | |
| - | uci set network.wan.dns=" | + | |
| - | uci set network.wan6.peerdns=" | + | |
| - | uci set network.wan6.dns=" | + | |
| - | uci commit network | + | |
| - | service network reload | + | |
| - | </ | + | |
| - | ==== Forward DNS-queries to a public DNS-provider ==== | + | Solution: |
| - | Select a [[wp> | + | |
| <code bash> | <code bash> | ||
| - | uci -q delete dhcp.@dnsmasq[0].server | + | uci add_list dhcp.lan.dhcp_option='252,"\n"' |
| - | uci add_list dhcp.@dnsmasq[0].server="8.8.8.8" | + | |
| - | uci add_list dhcp.@dnsmasq[0].server=" | + | |
| uci commit dhcp | uci commit dhcp | ||
| service dnsmasq restart | service dnsmasq restart | ||
| </ | </ | ||
| - | ==== Use different DHCP-ranges for wired and wireless | + | ==== Static lease issues |
| - | Suppose you have the following: | + | Windows 7 has introduced a new [[http:// |
| + | It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is **NOT** active currently (i.e. cable disconnected). | ||
| + | This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux. | ||
| - | <code bash> | + | If you try configure MAC address hot swap on your router, Windows 7 clients will end up in an infinite [[http://tools.ietf.org/ |
| - | vlan0 Link encap:Ethernet | + | |
| - | inet addr:192.168.1.1 | + | |
| - | eth1 Link encap: | + | |
| - | inet addr: | + | |
| - | </ | + | |
| - | Simply put 2 " | + | Solution: |
| - | + | - Create a [[google> | |
| - | <code bash> | + | * Add the MAC address of the bridge |
| - | # dhcp-range=[network-id, | + | * Since the bridge will probably take and alter your ethernet MAC address, you will lose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up. |
| - | dhcp-range=lan, | + | - Another solution is IPv6 friendly, you don't need to create a bridge, nor add MAC address |
| - | dhcp-range=wlan, | + | * When you plug the ethernet cable in, disable wireless interface in control panel (power off wireless won't do it). |
| - | </ | + | * When you unplug ethernet cable, enable wireless and disable ethernet. |
| - | + | ||
| - | You can then use the different " | + | |
| - | + | ||
| - | for example | + | |
| - | + | ||
| - | <code bash> | + | |
| - | #set the default route for dhcp clients on the wlan side to 10.10.6.33 | + | |
| - | dhcp-option=wlan, | + | |
| - | #set the dns server for the dhcp clients | + | |
| - | dhcp-option=wlan,6,10.10.6.33 | + | |
| - | #set the default route for dhcp clients on the lan side to 10.10.6.1 | + | |
| - | dhcp-option=lan,3,10.10.6.1 | + | |
| - | #set the dns server for the dhcp clients on the lan side to 10.10.6.1 | + | |
| - | dhcp-option=lan,6, | + | |
| - | </ | + | |
| - | + | ||
| - | ==== Generate DHCP-responses to ONLY known clients ==== | + | |
| - | There are situations where you want dnsmasq to generate DHCP addresses for only known clients | + | |
| - | First, set '' | + | |
| - | Then, modify the file ''/ | + | |
| - | + | ||
| - | <code bash> | + | |
| - | if [ " | + | |
| - | END=static | + | |
| - | fi | + | |
| - | </ | + | |
| - | + | ||
| - | Then restart the daemon. | + | |
| <code bash> | <code bash> | ||
| + | uci add dhcp host | ||
| + | uci set dhcp.@host[-1].name=" | ||
| + | uci set dhcp.@host[-1].ip=" | ||
| + | uci set dhcp.@host[-1].mac=" | ||
| + | uci commit dhcp | ||
| service dnsmasq restart | service dnsmasq restart | ||
| </ | </ | ||
| - | |||
| - | ==== Associate client hostnames with DHCP-supplied IP addresses ==== | ||
| - | You will need the following lines in your ''/ | ||
| - | |||
| - | <code bash> | ||
| - | dhcp-option=3, | ||
| - | dhcp-option=6, | ||
| - | </ | ||
| - | |||
| - | Adjust IP address if your router is not '' | ||
| - | |||
| - | That's it for dnsmasq on the router. | ||
| - | The trick is that the DHCP client must send its hostname during the DHCP negotiation. | ||
| - | The '' | ||
| - | |||
| - | <code bash> | ||
| - | send host-name " | ||
| - | </ | ||
| - | |||
| - | Save the file, then restart the interface. | ||
| - | Repeat on all client systems. | ||
| - | |||
| - | ==== Broadcast WINS server information ==== | ||
| - | You will need the following line in your ''/ | ||
| - | |||
| - | <code bash> | ||
| - | dhcp-option=44, | ||
| - | </ | ||
| - | |||
| - | Now as your machines release and renew DHCP information they will obtain the address of the WINS server automatically. | ||
| - | |||
| - | ==== Broadcast external DNS-server information ==== | ||
| - | The following change to your ''/ | ||
| - | |||
| - | <code bash> | ||
| - | dhcp-option=6, | ||
| - | </ | ||
| - | |||
| - | Or you can do the same in ''/ | ||
| - | |||
| - | <code bash> | ||
| - | config ' | ||
| - | list ' | ||
| - | </ | ||
| - | |||
| - | As your machines release and renew their DHCP configuration they will obtain the address of the new DNS servers automatically. | ||
| - | |||
| - | ==== SIP-Phones and dnsmasq ==== | ||
| - | By default, the option filterwin2k in dnsmasq is activated, which seems to cause to block queries for '' | ||
| - | |||
| - | '' | ||
| - | |||
| - | '' | ||
| - | |||
| - | Therefore, the '' | ||
| - | |||
| - | Commented out in ''/ | ||
| - | |||
| - | |||
| - | Or you can do the same in ''/ | ||
| - | |||
| - | <code bash> | ||
| - | config ' | ||
| - | option ' | ||
| - | </ | ||
| - | |||
| - | ==== DNS filtering ==== | ||
| - | * [[https:// | ||
| - | |||
| - | ===== Troubleshooting ===== | ||
| - | ==== log continuously filled with DHCPINFORM / DHCPACK ==== | ||
| - | Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below (thanks for http:// | ||
| - | |||
| - | <code bash> | ||
| - | Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: | ||
| - | Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: | ||
| - | </ | ||
| - | |||
| - | To solve this, edit / | ||
| - | <code bash> | ||
| - | # This will tell DHCP clients to not ask for proxy information | ||
| - | # Some clients, like Windows 7, will constantly ask if not told NO | ||
| - | dhcp-option=252," | ||
| - | </ | ||
| - | and restart dnsmasq with / | ||
| - | |||
| - | ==== Assigning dnsmasq Queryport | ||
| - | |||
| - | The queryport is not the dns server port used by dhcp clients, it is the outgoing port dnsmasq uses to query other servers, and is integral to dnsmasq succesfully assigning DNS values to the DHCP clients. | ||
| - | |||
| - | As a caution, dnsmasq runs as user " | ||
| - | |||
| - | <code bash> | ||
| - | Jan 01 01:01:01 MyRoutersName daemon.warn dnsmasq[3490]: | ||
| - | </ | ||
| - | |||
| - | Do not assign query ports less than 1024 to the queryport. | ||
| ===== Notes ===== | ===== Notes ===== | ||
| Line 246: | Line 113: | ||
| * Tutorial http:// | * Tutorial http:// | ||
| * Tutorial http:// | * Tutorial http:// | ||
| + | |||