Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:base-system:dhcp.dnsmasq [2019/03/24 14:43] – formatting vgaeteradocs:guide-user:base-system:dhcp.dnsmasq [2019/04/24 11:18] – Correct link to excito wiki jaimet
Line 1: Line 1:
 ====== Dnsmasq ===== ====== Dnsmasq =====
-[[wp>Dnsmasq]] is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network.+[[wp>Dnsmasq]] is a lightweight, easy to configure DNS-forwarder and DHCP-server. 
 +It is designed to provide DNS and, optionally, DHCP, to a small network.
 It can serve the names of local machines which are not in the global DNS. It can serve the names of local machines which are not in the global DNS.
-The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file.+The DHCP-server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file.
 Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines.
- +It is already installed and preconfigured on OpenWrt.
-It is already installed and preconfigured on OpenWrt. See -> ''[[docs:guide-user:base-system:dhcp|/etc/config/dhcp]]''.+
  
 ===== Configuration ===== ===== Configuration =====
-The configuration is done with help of the uci-configuration file: ''[[docs:guide-user:base-system:dhcp|/etc/config/dhcp]]'', but you can use this together with the file ''[[docs:guide-user:base-system:dhcp?&#using_plain_dnsmasqconf|/etc/dnsmasq.conf]]''.+The configuration is done with help of the uci-configuration file: ''/etc/config/dhcp'', but you can use this together with the file ''/etc/dnsmasq.conf''.
  
 Depending on the setting in the uci-file, you may also use the files ''/etc/ethers'' and ''/etc/hosts'' additionally. Depending on the setting in the uci-file, you may also use the files ''/etc/ethers'' and ''/etc/hosts'' additionally.
  
 ==== /etc/config/dhcp ==== ==== /etc/config/dhcp ====
--> [[docs:guide-user:base-system:dhcp|/etc/config/dhcp]] is a UCI configuration file and as such documented exclusively in [[docs:guide-user:base-system:uci]]. Almost all settings can be configured with it!+-> [[docs:guide-user:base-system:dhcp|/etc/config/dhcp]] is a UCI configuration file and as such documented exclusively in [[docs:guide-user:base-system:uci]]. 
 +Almost all settings can be configured with it!
  
 ==== /etc/dnsmasq.conf ==== ==== /etc/dnsmasq.conf ====
-You can use ''/etc/dnsmasq.conf'' in addition, see above.+It is possible to mix the traditional ''/etc/dnsmasq.conf'' configuration file with the options found in ''/etc/config/dhcp''. 
 + 
 +The ''dnsmasq.conf'' file does not exist by default but will be processed by dnsmasq on startup if it is present. 
 +Note that options in ''/etc/config/dhcp'' take precendence over ''dnsmasq.conf'' since they are translated to command line arguments. 
 + 
 +You can have dnsmasq execute a script on every action: ''dhcp-script = /sbin/action.sh''
  
 Example: Example:
-By default, dnsmasq comes configured to put your hosts into the ''.lan'' domain. This is specified in the configuration file as:+By default, Dnsmasq comes configured to put your hosts into the ''.lan'' domain. 
 +This is specified in the configuration file as:
  
 <code bash> <code bash>
Line 27: Line 34:
 </code> </code>
  
-You can change this to whatever you'd like your home domain to be. Also, if you want your hosts to be available via your home domain without having to specify the domain in your ''/etc/hosts'' file, add the ''expand-hosts'' directive to your ''/etc/dnsmasq.conf'' file.+You can change this to whatever you'd like your home domain to be. 
 +Also, if you want your hosts to be available via your home domain without having to specify the domain in your ''/etc/hosts'' file, add the ''expand-hosts'' directive to your ''/etc/dnsmasq.conf'' file.
  
 As an example, without ''expand-hosts'', you can only reach //router, ubuntu-desktop and ubuntu-laptop//. As an example, without ''expand-hosts'', you can only reach //router, ubuntu-desktop and ubuntu-laptop//.
Line 36: Line 44:
  
 ==== /etc/ethers ==== ==== /etc/ethers ====
-In ''/etc/ethers'' static lease entries can be assigned. See -> [[docs:guide-user:base-system:dhcp#static_leases]].+In ''/etc/ethers'' static lease entries can be assigned. 
 +See -> [[docs:guide-user:base-system:dhcp#static_leases]].
  
 ==== /etc/hosts ==== ==== /etc/hosts ====
-In ''/etc/hosts'' DNS entries are configured. dnsmasq will utilize these entries to answer DNS queries on your network.+In ''/etc/hosts'' DNS entries are configured. 
 +Dnsmasq will utilize these entries to answer DNS queries on your network.
  
 Format: Format:
Line 55: Line 65:
 </code> </code>
  
-==== DNS and DHCP Ports ==== +===== Troubleshooting ===== 
-DNS needs TCP and UDP port 53 open on the firewall DHCP needs UDP ports 67 and 68 open from your zone to/from the firewall.  See [[docs:guide-user:network:wifi:guestwifi:configuration]] and [[http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html|dnsmasq manual]] (viz "--dhcp-alternate-port") for more information.+==== DHCP response missing due to network overload ==== 
 +Sometimes when an interface is on the edge of the capacity (especially WiFi over longer distances) a DHCP request could be not replied in time. 
 +Therefore the DHCP client will not be able to receive proper network settings. 
 +A possible workaround is using static IPs or very long DHCP leases (more than 12h). 
 +This is particularly important when one has several WiFi repeaters that use DHCP and are distant from each other or not easily accessible.
  
-===== Examples ===== +==== Log spammed with DHCPINFORM/DHCPACK ==== 
-==== Add a secondary DNS-server ==== +Windows 7 among others ask for proxy settings using DHCP. 
-If you already have a DNS-server (secondary DNS-server)but you want your router (primary DNS-server) to resolve some of the DNS-queries. +The issue is that they do not stop asking until they have received an answer. 
- +This results in that the log contains lot information about these requestsan example can be found below (thanks to [[http://wiki.excito.com/w/index.php?title=Stop_DHCP_INFORM_flooding|the excito wiki]] for the info).
-On your primary DNS-server replace ISP DNS-servers with your secondary server. +
- +
-<code bash> +
-uci set network.wan.peerdns="0" +
-uci set network.wan.dns="192.168.1.2" +
-uci set network.wan6.peerdns="0" +
-uci delete network.wan6.dns +
-uci commit network +
-service network reload +
-</code> +
- +
-On your secondary DNS-server replace DHCP-provided servers with ISP DNS-servers or a [[wp>Public_recursive_name_server|public DNS-profider]]. +
- +
-<code bash> +
-uci set network.wan.peerdns="0" +
-uci set network.wan.dns="8.8.8.8 8.8.4.4" +
-uci set network.wan6.peerdns="0" +
-uci set network.wan6.dns="2001:4860:4860::8888 2001:4860:4860::8844" +
-uci commit network +
-service network reload +
-</code>+
  
-==== Forward DNS-queries to a public DNS-provider ==== +Solution:
-Select a [[wp>Public_recursive_name_server|public DNS-provider]] and configure dnsmasq to forward DNS-requests to the selected provider.+
  
 <code bash> <code bash>
-uci -q delete dhcp.@dnsmasq[0].server +uci add_list dhcp.lan.dhcp_option='252,"\n"'
-uci add_list dhcp.@dnsmasq[0].server="8.8.8.8" +
-uci add_list dhcp.@dnsmasq[0].server="8.8.4.4"+
 uci commit dhcp uci commit dhcp
 service dnsmasq restart service dnsmasq restart
 </code> </code>
  
-==== Use different DHCP-ranges for wired and wireless ==== +==== Static lease issues ==== 
-Suppose you have the following:+Windows 7 has introduced a new [[http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/windows-7-refuses-dhcp-addresses-if-they-were/1b72b289-0f58-492f-afb8-e76c80a81f00|Microsoft-enhanced]] feature. 
 +It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is **NOT** active currently (i.e. cable disconnected). 
 +This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux.
  
-<code bash> +If you try configure MAC address hot swap on your router, Windows 7 clients will end up in an infinite [[http://tools.ietf.org/html/rfc1531#section-3.1|DORA]] loop.
-vlan0     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX +
-          inet addr:192.168.1.1    Bcast:192.168.1.255    Mask:255.255.255.0 +
-eth1      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX +
-          inet addr:10.75.9.1      Bcast:10.75.9.255      Mask:255.255.255.0 +
-</code>+
  
-Simply put 2 "dhcp-range" options in your ''/etc/dnsmasq.conf'' file+Solution
- +  Create a [[google>windows 7 create bridge|bridge]] from the wireless and ethernet interfaces on your client 
-<code bash> +    * Add the MAC address of the bridge to ''/etc/config/dhcp'' 
-# dhcp-range=[network-id,],[[,],][,] +    * Since the bridge will probably take and alter your ethernet MAC address, you will lose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up
-dhcp-range=lan,192.168.1.101,192.168.1.104,255.255.255.0,24h +  Another solution is IPv6 friendlyyou don't need to create a bridgenor add MAC address to dnsmasq config filebut it involves user interaction: 
-dhcp-range=wlan,10.75.9.111,10.75.9.119,255.255.255.0,2h +    * When you plug the ethernet cable indisable wireless interface in control panel (power off wireless won't do it). 
-</code> +    * When you unplug ethernet cableenable wireless and disable ethernet.
- +
-You can then use the different "network-id" values with "dhcp-option" to customize the options your DHCP server will supply to your wired and wireless DHCP clients. +
- +
-for example +
- +
-<code bash> +
-#set the default route for dhcp clients on the wlan side to 10.10.6.33 +
-dhcp-option=wlan,3,10.10.6.33 +
-#set the dns server for the dhcp clients on the wlan side to 10.10.6.33 +
-dhcp-option=wlan,6,10.10.6.33 +
-#set the default route for dhcp clients on the lan side to 10.10.6.1 +
-dhcp-option=lan,3,10.10.6.1 +
-#set the dns server for the dhcp clients on the lan side to 10.10.6.1 +
-dhcp-option=lan,6,10.10.6.1 +
-</code> +
- +
-==== Generate DHCP-responses to ONLY known clients ==== +
-There are situations where you want dnsmasq to generate DHCP addresses for only known clients (as defined in ''/etc/ethers''). +
-Firstset ''lan_dhcp_num=0'' to indicate that no addresses are to be generated. +
-Then, modify the file ''/etc/init.d/S60dnsmasq'' to included the lines after the calls to ''ipcalc.sh'': +
- +
-<code bash> +
-        if [ "${num:-150}" = "0" ]; then +
-                END=static +
-        fi +
-</code> +
- +
-Then restart the daemon.+
  
 <code bash> <code bash>
 +uci add dhcp host
 +uci set dhcp.@host[-1].name="example-host"
 +uci set dhcp.@host[-1].ip="192.168.1.230"
 +uci set dhcp.@host[-1].mac="00:a0:24:5a:33:69 00:11:22:33:44:55 02:a0:24:5a:33:69 02:11:22:33:44:55"
 +uci commit dhcp
 service dnsmasq restart service dnsmasq restart
 </code> </code>
- 
-==== Associate client hostnames with DHCP-supplied IP addresses ==== 
-You will need the following lines in your ''/etc/dnsmasq.conf'' file: 
- 
-<code bash> 
-dhcp-option=3,192.168.1.1 
-dhcp-option=6,192.168.1.1 
-</code> 
- 
-Adjust IP address if your router is not ''192.168.1.1''. 
- 
-That's it for dnsmasq on the router. 
-The trick is that the DHCP client must send its hostname during the DHCP negotiation. 
-The ''dhclient.conf'' file, which may be in ''/etc/'' (debian) or ''/etc/dhcp3/'' (kubuntu), needs to have a single line uncommented and edited: 
- 
-<code bash> 
-send host-name "hostname"; 
-</code> 
- 
-Save the file, then restart the interface. 
-Repeat on all client systems. 
- 
-==== Broadcast WINS server information ==== 
-You will need the following line in your ''/etc/dnsmasq.conf'' file: (Adjust IP address if your WINS server is not 192.168.1.2) 
- 
-<code bash> 
-dhcp-option=44,192.168.1.2 
-</code> 
- 
-Now as your machines release and renew DHCP information they will obtain the address of the WINS server automatically. 
- 
-==== Broadcast external DNS-server information ==== 
-The following change to your ''/etc/dnsmasq.conf'' file will allow for automatic configuration of your DHCP clients to use DNS servers other than one on the router. 
- 
-<code bash> 
-dhcp-option=6,ipaddress1,ipaddress2 
-</code> 
- 
-Or you can do the same in ''/etc/config/dhcp'': 
- 
-<code bash> 
-config 'dhcp' 'lan' 
- list 'dhcp_option' '6,ipaddress1,ipaddress2' 
-</code> 
- 
-As your machines release and renew their DHCP configuration they will obtain the address of the new DNS servers automatically. 
- 
-==== SIP-Phones and dnsmasq ==== 
-By default, the option filterwin2k in dnsmasq is activated, which seems to cause to block queries for ''SRV'' records. 
- 
-''SRV'' records are **not only used by Windows** computers to find their  domaincontrollers but also used by e.g SIP-Phones to find the server responsible for a given domain.  
- 
-''SRV'' records are a kind of generalized ''MX'' records.  
- 
-Therefore, the ''filterwin2k'' option needs to be disabled in order to let SIP-Phones work that use dnsmasq as their DNS server. 
- 
-Commented out in ''/etc/dnsmasq.conf'' or de-activate it in the web-interface. 
- 
- 
-Or you can do the same in ''/etc/config/dhcp'': 
- 
-<code bash> 
-config 'dnsmasq' 
- option 'filterwin2k' '0' 
-</code> 
- 
-==== DNS filtering ==== 
-  * [[https://forum.openwrt.org/viewtopic.php?id=35023|OpenWrt Forum: Blocking tracking, ad, spyware sites from router]] 
- 
-===== Troubleshooting ===== 
-==== log continuously filled with DHCPINFORM / DHCPACK ==== 
-Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below (thanks for http://wiki.excito.org for the info). 
- 
-<code bash> 
-Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: DHCPINFORM(br0) 10.69.10.59 00:23:14:c5:33:fc 
-Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: DHCPACK(br0) 10.69.10.59 00:23:14:c5:33:fc MorgansVaioF12Z 
-</code> 
- 
-To solve this, edit /etc/dnsmasq.conf and add the following lines: 
-<code bash> 
-# This will tell DHCP clients to not ask for proxy information 
-# Some clients, like Windows 7, will constantly ask if not told NO 
-dhcp-option=252,"\n" 
-</code> 
-and restart dnsmasq with /etc/init.d/dnsmasq restart 
- 
-==== Assigning dnsmasq Queryport  ==== 
- 
-The queryport is not the dns server port used by dhcp clients, it is the outgoing port dnsmasq uses to query other servers, and is integral to dnsmasq succesfully assigning DNS values to the DHCP clients.  The default settings create arbitrary high port number connections on a range of ports.  By assigning an option line like "''option queryport '30000'''" in ''/etc/config/dhcp'', one can constrain those connections to a port you assign.  Be certain that your firewall allows outbound connections from the router on the query port that you assign.  
- 
-As a caution, dnsmasq runs as user "nobody" on openwrt so it is not allowed to create listening sockets on ports < 1024.  Using the standard DNS port 53 for these queries will fail.  The failure can be found in the logs.  Logread will show an "ignoring nameserver" error line like: 
- 
-<code bash> 
-Jan 01 01:01:01 MyRoutersName daemon.warn dnsmasq[3490]: ignoring nameserver 8.8.8.8 - cannot make/bind socket: Permission denied 
-</code> 
- 
-Do not assign query ports less than 1024 to the queryport. 
  
 ===== Notes ===== ===== Notes =====
Line 246: Line 113:
   * Tutorial http://www.enterprisenetworkingplanet.com/netos/article.php/3377351   * Tutorial http://www.enterprisenetworkingplanet.com/netos/article.php/3377351
   * Tutorial http://martybugs.net/wireless/openwrt/dnsmasq.cgi   * Tutorial http://martybugs.net/wireless/openwrt/dnsmasq.cgi
 +
  • Last modified: 2022/05/12 07:38
  • by jow