Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:base-system:dhcp.dnsmasq [2019/04/10 13:20] – [Add a secondary DNS-server] typo vgaeteradocs:guide-user:base-system:dhcp.dnsmasq [2019/04/24 11:18] – Correct link to excito wiki jaimet
Line 65: Line 65:
 </code> </code>
  
 +===== Troubleshooting =====
 +==== DHCP response missing due to network overload ====
 +Sometimes when an interface is on the edge of the capacity (especially WiFi over longer distances) a DHCP request could be not replied in time.
 +Therefore the DHCP client will not be able to receive proper network settings.
 +A possible workaround is using static IPs or very long DHCP leases (more than 12h).
 +This is particularly important when one has several WiFi repeaters that use DHCP and are distant from each other or not easily accessible.
  
-===== Examples ===== 
-==== Add a secondary DNS-server ==== 
-If you already have a DNS-server (secondary DNS-server), but you want your router (primary DNS-server) to resolve some of the DNS-queries. 
- 
-On your primary DNS-server replace ISP DNS-servers with your secondary server. 
- 
-<code bash> 
-uci set network.wan.peerdns="0" 
-uci set network.wan.dns="192.168.1.2" 
-uci set network.wan6.peerdns="0" 
-uci delete network.wan6.dns 
-uci commit network 
-service network reload 
-</code> 
- 
-On your secondary DNS-server replace DHCP-provided servers with ISP DNS-servers or a [[wp>Public_recursive_name_server|public DNS-provider]]. 
- 
-<code bash> 
-uci set network.wan.peerdns="0" 
-uci set network.wan.dns="8.8.8.8 8.8.4.4" 
-uci set network.wan6.peerdns="0" 
-uci set network.wan6.dns="2001:4860:4860::8888 2001:4860:4860::8844" 
-uci commit network 
-service network reload 
-</code> 
- 
-==== Forward DNS-queries to a public DNS-provider ==== 
-Select a [[wp>Public_recursive_name_server|public DNS-provider]] and configure dnsmasq to forward DNS-requests to the selected provider. 
- 
-<code bash> 
-uci -q delete dhcp.@dnsmasq[0].server 
-uci add_list dhcp.@dnsmasq[0].server="8.8.8.8" 
-uci add_list dhcp.@dnsmasq[0].server="8.8.4.4" 
-uci commit dhcp 
-service dnsmasq restart 
-</code> 
- 
-==== Use different DHCP-ranges for wired and wireless ==== 
-Suppose you have the following: 
- 
-<code bash> 
-vlan0     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX 
-          inet addr:192.168.1.1    Bcast:192.168.1.255    Mask:255.255.255.0 
-eth1      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX 
-          inet addr:10.75.9.1      Bcast:10.75.9.255      Mask:255.255.255.0 
-</code> 
- 
-Simply put 2 "dhcp-range" options in your ''/etc/dnsmasq.conf'' file: 
- 
-<code bash> 
-# dhcp-range=[network-id,],[[,],][,] 
-dhcp-range=lan,192.168.1.101,192.168.1.104,255.255.255.0,24h 
-dhcp-range=wlan,10.75.9.111,10.75.9.119,255.255.255.0,2h 
-</code> 
- 
-You can then use the different "network-id" values with "dhcp-option" to customize the options your DHCP server will supply to your wired and wireless DHCP clients. 
- 
-for example 
- 
-<code bash> 
-#set the default route for dhcp clients on the wlan side to 10.10.6.33 
-dhcp-option=wlan,3,10.10.6.33 
-#set the dns server for the dhcp clients on the wlan side to 10.10.6.33 
-dhcp-option=wlan,6,10.10.6.33 
-#set the default route for dhcp clients on the lan side to 10.10.6.1 
-dhcp-option=lan,3,10.10.6.1 
-#set the dns server for the dhcp clients on the lan side to 10.10.6.1 
-dhcp-option=lan,6,10.10.6.1 
-</code> 
- 
-==== Generate DHCP-responses to only known clients ==== 
-There are situations where you want Dnsmasq to generate DHCP addresses for only known clients (as defined in ''/etc/ethers''). 
-First, set ''lan_dhcp_num=0'' to indicate that no addresses are to be generated. 
-Then, modify the file ''/etc/init.d/S60dnsmasq'' to included the lines after the calls to ''ipcalc.sh'': 
- 
-<code bash> 
-        if [ "${num:-150}" = "0" ]; then 
-                END=static 
-        fi 
-</code> 
- 
-Then restart the daemon. 
- 
-<code bash> 
-service dnsmasq restart 
-</code> 
- 
- 
-==== DNS-filtering ==== 
-  * [[https://forum.openwrt.org/viewtopic.php?id=35023|OpenWrt Forum: Blocking tracking, ad, spyware sites from router]] 
- 
-===== Troubleshooting ===== 
 ==== Log spammed with DHCPINFORM/DHCPACK ==== ==== Log spammed with DHCPINFORM/DHCPACK ====
 Windows 7 among others ask for proxy settings using DHCP. Windows 7 among others ask for proxy settings using DHCP.
 The issue is that they do not stop asking until they have received an answer. The issue is that they do not stop asking until they have received an answer.
-This results in that the log contains a lot information about these requests, an example can be found below (thanks for http://wiki.excito.org for the info). +This results in that the log contains a lot information about these requests, an example can be found below (thanks to [[http://wiki.excito.com/w/index.php?title=Stop_DHCP_INFORM_flooding|the excito wiki]] for the info).
- +
-<code bash> +
-Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: DHCPINFORM(br0) 10.69.10.59 00:23:14:c5:33:fc +
-Jul 1 06:34:09 MorganB3 dnsmasq-dhcp[1638]: DHCPACK(br0) 10.69.10.59 00:23:14:c5:33:fc MorgansVaioF12Z +
-</code>+
  
 Solution: Solution:
Line 176: Line 85:
 </code> </code>
  
-==== Assigning Dnsmasq queryport ==== +==== Static lease issues ==== 
-The queryport is the outgoing port Dnsmasq uses to query other servers, and is integral to Dnsmasq successfully assigning DNS-values to the DHCP-clients. +Windows 7 has introduced new [[http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/windows-7-refuses-dhcp-addresses-if-they-were/1b72b289-0f58-492f-afb8-e76c80a81f00|Microsoft-enhanced]] feature.
-The default settings create arbitrary high port number connections on range of ports. +
-You can constrain those connections to a specific port. +
- +
-<code bash> +
-uci set dhcp.@dnsmasq[0].queryport="30000" +
-uci commit dhcp +
-service dnsmasq restart +
-</code> +
- +
-Be certain that your firewall allows outbound connections from the router on the query port that you assign. +
-As a caution, Dnsmasq runs as user ''nobody'' on OpenWrt so it is not allowed to create listening sockets on ports < 1024. +
-Using the standard DNS-port 53 for these queries will fail. +
-The failure can be found in the logs. +
- +
-<code bash> +
-# logread -e dnsmasq.*ignoring.*nameserver +
-Jan 01 01:01:01 MyRoutersName daemon.warn dnsmasq[3490]ignoring nameserver 8.8.8.8 cannot make/bind socket: Permission denied +
-</code> +
- +
-Do not assign query ports less than 1024 to the queryport. +
- +
-==== Losing connection due to missing dhcp response when the network is overloaded ==== +
-Sometimes when an interface is on the edge of the capacity (especially wifi over longer distances) a dhcp request could be not replied in time and therefore the dhcp client will not be +
-able to receive proper network settings. +
-A possible workaround is using static +
-IPs or very long dhcp leases (more than 12h). +
-This is particularly important +
-when one has several wifi repeaters that use dhcp and are distant from each other or not easily +
-accessible. +
- +
-==== Windows-related issues ==== +
-:!: **Windows 7** has introduced a new //Microsoft-enhanced// feature.+
 It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is **NOT** active currently (i.e. cable disconnected). It won't assign IP address obtained from a DHCP server to an interface, if the IP was used before for another interface, even if that other interface is **NOT** active currently (i.e. cable disconnected).
 This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux. This behaviour is unique and was not reported for older Windows versions, Mac OS nor Linux.
Line 216: Line 93:
  
 Solution: Solution:
-  - Create a bridge from the wireless and ethernet interfaces on your client +  - Create a [[google>windows 7 create bridge|bridge]] from the wireless and ethernet interfaces on your client 
-    * it's trivial: [[google>windows 7 create bridge|google it]] +    * Add the MAC address of the bridge to ''/etc/config/dhcp'' 
-    * you will have to add the MAC address of the bridge to ''/etc/config/dhcp''+    * Since the bridge will probably take and alter your ethernet MAC address, you will lose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up. 
 +  - Another solution is IPv6 friendly, you don't need to create a bridge, nor add MAC address to dnsmasq config file, but it involves user interaction: 
 +    * When you plug the ethernet cable in, disable wireless interface in control panel (power off wireless won't do it). 
 +    * When you unplug ethernet cable, enable wireless and disable ethernet.
  
 <code bash> <code bash>
Line 228: Line 108:
 service dnsmasq restart service dnsmasq restart
 </code> </code>
- 
-    * Since the bridge will probably take and alter your ethernet MAC address, you will lose SLAAC on wifi interface, making your laptop IPv6-disabled when only wireless is up. 
-  - Another solution is IPv6 friendly, you don't need to create a bridge, nor add MAC address to dnsmasq config file, but it involves user interaction: 
-    * When you plug the ethernet cable in, disable wireless interface in control panel (power off wireless won't do it). 
-    * When you unplug ethernet cable, enable wireless and disable ethernet. 
- 
-Notes: 
-  * http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/windows-7-refuses-dhcp-addresses-if-they-were/1b72b289-0f58-492f-afb8-e76c80a81f00 
-  * //force// is a bool option that will force dhcp-option to always be sent, even if the client does not ask for it in the parameter request list. This is sometimes needed, for example when sending options to PXELinux. 
  
 ===== Notes ===== ===== Notes =====
  • Last modified: 2022/05/12 07:38
  • by jow