Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:base-system:dhcp.dnsmasq [2019/04/08 02:38] – [/etc/config/dhcp] redundant vgaetera | docs:guide-user:base-system:dhcp.dnsmasq [2019/04/24 11:18] – Correct link to excito wiki jaimet | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| The DHCP-server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. | The DHCP-server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. | ||
| Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. | Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of disk-less machines. | ||
| - | |||
| It is already installed and preconfigured on OpenWrt. | It is already installed and preconfigured on OpenWrt. | ||
| - | See -> '' | ||
| ===== Configuration ===== | ===== Configuration ===== | ||
| - | The configuration is done with help of the uci-configuration file: '' | + | The configuration is done with help of the uci-configuration file: ''/ |
| Depending on the setting in the uci-file, you may also use the files ''/ | Depending on the setting in the uci-file, you may also use the files ''/ | ||
| + | ==== / | ||
| + | -> [[docs: | ||
| + | Almost all settings can be configured with it! | ||
| ==== / | ==== / | ||
| - | You can use ''/ | + | It is possible to mix the traditional |
| + | |||
| + | The '' | ||
| + | Note that options in ''/ | ||
| + | |||
| + | You can have dnsmasq execute a script on every action: '' | ||
| Example: | Example: | ||
| Line 59: | Line 65: | ||
| </ | </ | ||
| - | ==== DNS and DHCP-Ports | + | ===== Troubleshooting ===== |
| - | DNS needs TCP and UDP port 53 open on the firewall. | + | ==== DHCP response missing due to network overload |
| - | DHCP needs UDP ports 67 and 68 open from your zone to/from the firewall. | + | Sometimes when an interface is on the edge of the capacity (especially WiFi over longer distances) a DHCP request could be not replied in time. |
| - | See [[docs: | + | Therefore the DHCP client will not be able to receive proper |
| + | A possible workaround is using static IPs or very long DHCP leases (more than 12h). | ||
| + | This is particularly important when one has several WiFi repeaters that use DHCP and are distant from each other or not easily accessible. | ||
| - | ===== Examples ===== | ||
| - | ==== Add a secondary DNS-server ==== | ||
| - | If you already have a DNS-server (secondary DNS-server), | ||
| - | |||
| - | On your primary DNS-server replace ISP DNS-servers with your secondary server. | ||
| - | |||
| - | <code bash> | ||
| - | uci set network.wan.peerdns=" | ||
| - | uci set network.wan.dns=" | ||
| - | uci set network.wan6.peerdns=" | ||
| - | uci delete network.wan6.dns | ||
| - | uci commit network | ||
| - | service network reload | ||
| - | </ | ||
| - | |||
| - | On your secondary DNS-server replace DHCP-provided servers with ISP DNS-servers or a [[wp> | ||
| - | |||
| - | <code bash> | ||
| - | uci set network.wan.peerdns=" | ||
| - | uci set network.wan.dns=" | ||
| - | uci set network.wan6.peerdns=" | ||
| - | uci set network.wan6.dns=" | ||
| - | uci commit network | ||
| - | service network reload | ||
| - | </ | ||
| - | |||
| - | ==== Forward DNS-queries to a public DNS-provider ==== | ||
| - | Select a [[wp> | ||
| - | |||
| - | <code bash> | ||
| - | uci -q delete dhcp.@dnsmasq[0].server | ||
| - | uci add_list dhcp.@dnsmasq[0].server=" | ||
| - | uci add_list dhcp.@dnsmasq[0].server=" | ||
| - | uci commit dhcp | ||
| - | service dnsmasq restart | ||
| - | </ | ||
| - | |||
| - | ==== Use different DHCP-ranges for wired and wireless ==== | ||
| - | Suppose you have the following: | ||
| - | |||
| - | <code bash> | ||
| - | vlan0 Link encap: | ||
| - | inet addr: | ||
| - | eth1 Link encap: | ||
| - | inet addr: | ||
| - | </ | ||
| - | |||
| - | Simply put 2 " | ||
| - | |||
| - | <code bash> | ||
| - | # dhcp-range=[network-id, | ||
| - | dhcp-range=lan, | ||
| - | dhcp-range=wlan, | ||
| - | </ | ||
| - | |||
| - | You can then use the different " | ||
| - | |||
| - | for example | ||
| - | |||
| - | <code bash> | ||
| - | #set the default route for dhcp clients on the wlan side to 10.10.6.33 | ||
| - | dhcp-option=wlan, | ||
| - | #set the dns server for the dhcp clients on the wlan side to 10.10.6.33 | ||
| - | dhcp-option=wlan, | ||
| - | #set the default route for dhcp clients on the lan side to 10.10.6.1 | ||
| - | dhcp-option=lan, | ||
| - | #set the dns server for the dhcp clients on the lan side to 10.10.6.1 | ||
| - | dhcp-option=lan, | ||
| - | </ | ||
| - | |||
| - | ==== Generate DHCP-responses to ONLY known clients ==== | ||
| - | There are situations where you want Dnsmasq to generate DHCP addresses for only known clients (as defined in ''/ | ||
| - | First, set '' | ||
| - | Then, modify the file ''/ | ||
| - | |||
| - | <code bash> | ||
| - | if [ " | ||
| - | END=static | ||
| - | fi | ||
| - | </ | ||
| - | |||
| - | Then restart the daemon. | ||
| - | |||
| - | <code bash> | ||
| - | service dnsmasq restart | ||
| - | </ | ||
| - | |||
| - | ==== Broadcast custom default gateway ==== | ||
| - | Use custom default gateway. | ||
| - | |||
| - | <code bash> | ||
| - | uci add_list dhcp.lan.dhcp_option=" | ||
| - | uci commit dhcp | ||
| - | service dnsmasq restart | ||
| - | </ | ||
| - | |||
| - | Reconnect your LAN-clients to apply new DHCP-configuration. | ||
| - | |||
| - | ==== Broadcast custom DNS-server ==== | ||
| - | Provide automatic configuration for your DHCP-clients to use DNS-servers other than one on the router. | ||
| - | |||
| - | <code bash> | ||
| - | uci add_list dhcp.lan.dhcp_option=" | ||
| - | uci commit dhcp | ||
| - | service dnsmasq restart | ||
| - | </ | ||
| - | |||
| - | Reconnect your LAN-clients to apply new DHCP-configuration. | ||
| - | |||
| - | ==== Broadcast WINS-server ==== | ||
| - | Broadcast WINS-server information. | ||
| - | |||
| - | <code bash> | ||
| - | uci add_list dhcp.lan.dhcp_option=" | ||
| - | uci commit dhcp | ||
| - | service dnsmasq restart | ||
| - | </ | ||
| - | |||
| - | Reconnect your LAN-clients to apply new DHCP-configuration. | ||
| - | |||
| - | ==== SRV-Records and SIP-Phones ==== | ||
| - | By default, the option filterwin2k in Dnsmasq is activated, which seems to cause to block queries for SRV-records. | ||
| - | |||
| - | SRV-records are **not only used by Windows** computers to find their domaincontrollers but also used by e.g SIP-Phones to find the server responsible for a given domain. | ||
| - | |||
| - | SRV-records are a kind of generalized MX-records. | ||
| - | |||
| - | Therefore, the '' | ||
| - | |||
| - | <code bash> | ||
| - | uci set dhcp.@dnsmasq[0].filterwin2k=" | ||
| - | uci commit dhcp | ||
| - | service dnsmasq restart | ||
| - | </ | ||
| - | |||
| - | ==== DNS-filtering ==== | ||
| - | * [[https:// | ||
| - | |||
| - | ===== Troubleshooting ===== | ||
| ==== Log spammed with DHCPINFORM/ | ==== Log spammed with DHCPINFORM/ | ||
| Windows 7 among others ask for proxy settings using DHCP. | Windows 7 among others ask for proxy settings using DHCP. | ||
| The issue is that they do not stop asking until they have received an answer. | The issue is that they do not stop asking until they have received an answer. | ||
| - | This results in that the log contains a lot information about these requests, an example can be found below (thanks | + | This results in that the log contains a lot information about these requests, an example can be found below (thanks |
| - | + | ||
| - | <code bash> | + | |
| - | Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: | + | |
| - | Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: | + | |
| - | </ | + | |
| Solution: | Solution: | ||
| Line 221: | Line 85: | ||
| </ | </ | ||
| - | ==== Assigning Dnsmasq queryport | + | ==== Static lease issues |
| - | The queryport is the outgoing port Dnsmasq uses to query other servers, and is integral to Dnsmasq successfully assigning DNS-values to the DHCP-clients. | + | Windows 7 has introduced |
| - | The default settings create arbitrary high port number connections on a range of ports. | + | |
| - | You can constrain those connections to a specific port. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | uci set dhcp.@dnsmasq[0].queryport=" | + | |
| - | uci commit dhcp | + | |
| - | service dnsmasq restart | + | |
| - | </ | + | |
| - | + | ||
| - | Be certain that your firewall allows outbound connections from the router on the query port that you assign. | + | |
| - | As a caution, Dnsmasq runs as user '' | + | |
| - | Using the standard DNS-port 53 for these queries will fail. | + | |
| - | The failure can be found in the logs. | + | |
| - | + | ||
| - | <code bash> | + | |
| - | # logread -e dnsmasq.*ignoring.*nameserver | + | |
| - | Jan 01 01:01:01 MyRoutersName daemon.warn dnsmasq[3490]: ignoring nameserver 8.8.8.8 - cannot make/bind socket: Permission denied | + | |
| - | </code> | + | |
| - | + | ||
| - | Do not assign query ports less than 1024 to the queryport. | + | |
| - | + | ||
| - | ==== Losing connection due to missing | + | |
| - | Sometimes when an interface is on the edge of the capacity (especially wifi over longer distances) a dhcp request could be not replied in time and therefore the dhcp client will not be | + | |
| - | able to receive proper network settings. | + | |
| - | A possible workaround is using static | + | |
| - | IPs or very long dhcp leases (more than 12h). | + | |
| - | This is particularly important | + | |
| - | when one has several wifi repeaters that use dhcp and are distant from each other or not easily | + | |
| - | accessible. | + | |
| - | + | ||
| - | ==== Windows-related issues ==== | + | |
| - | :!: **Windows 7** has introduced a new // | + | |
| It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is **NOT** active currently (i.e. cable disconnected). | It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is **NOT** active currently (i.e. cable disconnected). | ||
| This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux. | This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux. | ||
| Line 261: | Line 93: | ||
| Solution: | Solution: | ||
| - | - Create a bridge from the wireless and ethernet interfaces on your client | + | - Create a [[google> |
| - | * it's trivial: | + | * Add the MAC address of the bridge to ''/ |
| - | * you will have to add the MAC address of the bridge to ''/ | + | * Since the bridge will probably take and alter your ethernet MAC address, you will lose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up. |
| + | - Another solution is IPv6 friendly, you don't need to create a bridge, nor add MAC address to dnsmasq config file, but it involves user interaction: | ||
| + | * When you plug the ethernet cable in, disable wireless interface in control panel (power off wireless won't do it). | ||
| + | * When you unplug ethernet cable, enable wireless and disable ethernet. | ||
| <code bash> | <code bash> | ||
| Line 273: | Line 108: | ||
| service dnsmasq restart | service dnsmasq restart | ||
| </ | </ | ||
| - | |||
| - | * Since the bridge will probably take and alter your ethernet MAC address, you will lose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up. | ||
| - | - Another solution is IPv6 friendly, you don't need to create a bridge, nor add MAC address to dnsmasq config file, but it involves user interaction: | ||
| - | * When you plug the ethernet cable in, disable wireless interface in control panel (power off wireless won't do it). | ||
| - | * When you unplug ethernet cable, enable wireless and disable ethernet. | ||
| - | |||
| - | Notes: | ||
| - | * http:// | ||
| - | * //force// is a bool option that will force dhcp-option to always be sent, even if the client does not ask for it in the parameter request list. This is sometimes needed, for example when sending options to PXELinux. | ||
| ===== Notes ===== | ===== Notes ===== | ||
| Line 287: | Line 113: | ||
| * Tutorial http:// | * Tutorial http:// | ||
| * Tutorial http:// | * Tutorial http:// | ||
| + | |||