Modify

Opened 4 years ago

Last modified 18 months ago

#17079 new enhancement

Add support for handing out different domain names for networks managed by dnsmasq in Barrier Breaker

Reported by: braveheart_leo@… Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: dnsmasq Cc:

Description

This is my current /etc/config/dhcp config file:

config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0
option localise_queries 1
option rebind_protection 1
option rebind_localhost 1
option local /router.lan/
option domain router.lan
option expandhosts 1
option nonegcache 1
option authoritative 1
option readethers 1
option strictorder 1
option leasefile /tmp/dhcp.leases
option resolvfile /tmp/resolv.conf.auto
option noresolv 1
option cachesize 300
list server 208.67.222.222
list server 208.67.220.220

config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 2h
#option dhcpv6 'server'
#option ra 'server'

config dhcp wifi1
option interface wifi1
option start 100
option limit 150
option leasetime 2h
#option dhcpv6 'server'
#option ra 'server'

config dhcp wan
option interface wan
option ignore 1

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'

'lan' and 'wifi1' are defined in /etc/config/network as follows:

config interface lan
option type bridge
option proto static
option ipaddr 192.168.101.1
option netmask 255.255.255.0
option ifname eth0.1
#option ip6assign '60'
option force_link '1'

config interface wifi1
option proto static
option ipaddr 192.168.105.1
option netmask 255.255.255.0
#option ip6assign '60'

As per dnsmasq manpage [1-]:

-s, --domain=<domain>[,<address range>[,local]]
    Specifies DNS domains for the DHCP server. Domains may be be given unconditionally (without the IP range) or for limited IP ranges. This has two effects; firstly it causes the DHCP server to return the domain to any hosts which request it, and secondly it sets the domain which it is legal for DHCP-configured hosts to claim. The intention is to constrain hostnames so that an untrusted host on the LAN cannot advertise its name via dhcp as e.g. "microsoft.com" and capture traffic not meant for it. If no domain suffix is specified, then any DHCP hostname with a domain part (ie with a period) will be disallowed and logged. If suffix is specified, then hostnames with a domain part are allowed, provided the domain part matches the suffix. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part. Eg on my network I can set --domain=thekelleys.org.uk and have a machine whose DHCP hostname is "laptop". The IP address for that machine is available from dnsmasq both as "laptop" and "laptop.thekelleys.org.uk". If the domain is given as "#" then the domain is read from the first "search" directive in /etc/resolv.conf (or equivalent).

    The address range can be of the form <ip address>,<ip address> or <ip address>/<netmask> or just a single <ip address>. See --dhcp-fqdn which can change the behaviour of dnsmasq with domains.

    If the address range is given as ip-address/network-size, then a additional flag "local" may be supplied which has the effect of adding --local declarations for forward and reverse DNS queries. Eg. --domain=thekelleys.org.uk,192.168.0.0/24,local is identical to --domain=thekelleys.org.uk,192.168.0.0/24 --local=/thekelleys.org.uk/ --local=/0.168.192.in-addr.arpa/ The network size must be 8, 16 or 24 for this to be legal. 

Then I should be able to do this:

#option local /router.lan/
list domain router.lan,192.168.101.0/24,local
list domain router.wifi1,192.168.105.0/24,local

Unfortunately, the configuration generator for dnsmasq in OpenWrt creates a malformed configuration file, such that dnsmasq would fail to start:

domain=router.lan,192.168.101.0/24,local asus-router.wifi1,192.168.105.0/24,local

host-record=RT-N13U.router.lan,192.168.101.0/24,local,router.wifi1,192.168.105.0/24,local,RT-N13U,192.168.101.1

It seems that the configuration options for dnsmasq in OpenWrt does not currently allow for dnsmasq to be able to hand out different domain names for different networks that dnsmasq is setup to serve, even if the feature is built-in.

May I request that this feature be added into OpenWrt.

[1-] http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

Attachments (0)

Change History (1)

comment:1 Changed 18 months ago by jin42@…

Since I had the same problem the solution is to add

domain=router.lan,192.168.101.0/24,local
domain=router.wifi1,192.168.105.0/24,local

to /etc/dnsmasq.conf

I know it is not a nice solution, but hey it is something.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.