DNS for LAN

Dne 2016-11-08 13:32

Look at this topic on discourse: https://discourse.labs.nic.cz/t/dnsmasq-lan-domain-while-still-using-knot-resolver/1253/8

Od dgrb Dne 2016-11-09 05:01

Sorry, must be dim, but I don't see how that thread relates to my problem.

Also, the Luci Network->Hostnames page: what is the point of that? It seems to allow you to tie a name to an IP address (even though I've already done that with the static ip assignments) but it doesn't seem to do anything.

I've ssh'ed in and added my systems to /etc/hosts and still no joy.

Surely this should be simple...

Od horada

Dne 2016-11-09 16:30

I'll try to explain (hopefully correctly)...

In "classic" OpenWRT is only dnsmasq for both DNS and DHCP services.
The configuration you did in the Network ->DHCP and DNS and Network -> Hostnames is only for dnsmasq.

Turris Omnia founders decided to use dnsmasq only as DHCP service and then Knot as DNS service (because dnsmasq is not able to validate DNSSEC).

DNS functionality of dnsmasq is disabled by setting Network -> DHCP and DNS -> Advanced Settings -> DNS server port to 0.

So you have to enable dnsmasq DNS functionality (on some non standard port, because on standard port 53 is running Knot) and then you have to configure Knot to ask your dnsmasq for hostnames from your local domain.

In particular:

1) set DNS server port to 53535 (Network -> DHCP and DNS -> Advanced Settings -> DNS server port)

2) add following line to the file /etc/init.d/kresd, before the end of init_header() function (probably around line 41):

echo "policy.add(policy.suffix(policy.FORWARD('127.0.0.1@53535'), policy.todnames({'lan'})))" >>$CONFIGFILE

So the part of the file will looks like this:


 28 init_header() {
 29         echo "--Automatically generated file; DO NOT EDIT" > $CONFIGFILE
 30         echo "modules = {" >> $CONFIGFILE
 31         config_get_bool prefetch common prefetch 0
 32         echo "    'policy'" >> $CONFIGFILE
 33         if [ "$prefetch" \!= 0 ]; then
 34                 echo "  , 'stats'" >> $CONFIGFILE
 35                 echo "  , predict = {" >> $CONFIGFILE
 36                 echo "        window = 30 -- 30 minutes sampling window" >> $CONFIGFILE
 37                 echo "      , period = 24*(60/30) -- track last 24 hours" >> $CONFIGFILE
 38                 echo "  }" >> $CONFIGFILE
 39         fi
 40         echo "}" >> $CONFIGFILE
 41         echo "policy.add(policy.suffix(policy.FORWARD('127.0.0.1@53535'),  policy.todnames({'lan'})))" >>$CONFIGFILE

44 }

3) Restart all affected services:


/etc/init.d/dnsmasq restart
/etc/init.d/kresd restart

If it will not work, check /var/log/messages for errors/debug information.
It might be also helpful to try to resolve some name (pc.lan in following example) just via the dnsmasq by running following command on the router:

dig +short @127.0.0.1 -p 53535 pc.lan

(Hopefully dig command is there installed by default - package bind-dig.)

Be aware, that this is WORKAROUND and the file /etc/init.d/kresd will be overwritten with next update of Knot (so you will have to perform the step 2 again. Hopefully we will get better/official solution for this in the near future.

Od dgrb Dne 2016-11-09 21:22

Thanks for your time; I think I'll just stick with putting /etc/hosts files on all my local systems until we have a non-workaround solution.

But thanks again.