Difference between revisions of "Bering-uClibc 4.x - User Guide - IPv4 Networking - Configure Dnsmasq"

From bering-uClibc
Jump to: navigation, search
m (Firewall settings)
(Validated dhcpcd; added link to DNS-SD; removed "needs to be checked" warning; general tidyup)
Line 8: Line 8:
 
----
 
----
  
 
'''This material copied directly from http://leaf.sourceforge.net/doc/buci-dnsmasq3.html - needs to be checked/updated for Bering-uClibc 4.x!'''<br>[[User:Davidmbrooke|Davidmbrooke]] 19:55, 8 November 2010 (UTC)
 
  
 
==Objectives==
 
==Objectives==
Line 23: Line 21:
  
 
==Configure dnsmasq dns forwarder==
 
==Configure dnsmasq dns forwarder==
dnsmasq works with various sources to provide resolving domain names on your local network. It is capable of using /etc/hosts, /etc/resolv.conf, additional resolv.conf files created by other applications like ppp, acting as secondary DNS in addition to primary DNS and is well integrated with the dhcpd part of dnsmasq.
+
dnsmasq works with various sources to provide resolving domain names on your local network. It is capable of using <code class="filename">/etc/hosts</code>, <code class="filename">/etc/resolv.conf</code>, additional <code class="filename">resolv.conf</code> files created by other applications like ppp, acting as secondary DNS in addition to primary DNS and is well integrated with the dhcpd part of dnsmasq.
  
 
Again we advise you to read the configuration file carefully, to understand how dnsmasq integrates into your network. We will describe a few standard settings for a basic LEAF image setup.
 
Again we advise you to read the configuration file carefully, to understand how dnsmasq integrates into your network. We will describe a few standard settings for a basic LEAF image setup.
  
The first decision you have to make, is whether you like to use your own resolv.conf, or one created by an another application (see below ).
+
The first decision you have to make, is whether you like to use your own <code class="filename">resolv.conf</code>, or one created by an another application (see below ).
  
 
  <nowiki> # Change this line if you want dns to get its upstream servers from
 
  <nowiki> # Change this line if you want dns to get its upstream servers from
Line 33: Line 31:
 
  #resolv-file=</nowiki>
 
  #resolv-file=</nowiki>
  
In case you use your own /etc/resolv.conf, leave this as is.
+
In case you use your own <code class="filename">/etc/resolv.conf</code>, leave this as is.
  
If you want dnsmasq to resolve your local and private domain as well (either from /etc/hosts or dhcp) set your domain as local
+
If you want dnsmasq to resolve your local and private domain as well (either from <code class="filename">/etc/hosts</code> or dhcp) set your domain as local
  
 
  <nowiki> # Add local-only domains here, queries in these domains are answered
 
  <nowiki> # Add local-only domains here, queries in these domains are answered
Line 68: Line 66:
 
  domain=private.network</nowiki>
 
  domain=private.network</nowiki>
  
For debugging purposes you can enable "log-queries" at the end of dnsmasq.conf.
+
For debugging purposes you can enable "log-queries" at the end of <code class="filename">dnsmasq.conf</code>.
 +
This will log every DNS query and reply in <code class="filename">/var/log/syslog</code>.
  
 
Now you're nearly done with a default setup. Read on in one of the following sections best describing your Internet connection.
 
Now you're nearly done with a default setup. Read on in one of the following sections best describing your Internet connection.
Line 121: Line 120:
 
  dhcp-range=192.168.1.1,192.168.1.199,12h</nowiki>
 
  dhcp-range=192.168.1.1,192.168.1.199,12h</nowiki>
  
Additionally dnsmasq supports various methods setting fixed ip's in your LAN, e.g. by name, MAC adress - please have a look for examples in dnsmasq conf.
+
Add one additional lines for each subnet if you have more than one.
 +
These <tt>dhcp-range</tt> lines must be specified to switch on DHCP for a subnet even if you decide that fixed IP addresses should be allocated for all hosts using that subnet.
 +
Additionally dnsmasq supports various methods setting fixed IP addresses in your LAN, e.g. by name, MAC address etc. - please have a look for examples in <code class="filename">dnsmasq.conf</code>.
  
dnsmasq integrated DHCP server also supports sending options to the hosts asking for a lease as described in [http://www.faqs.org/rfcs/rfc2132.html RFC2132]. For the common setting (subnet mask, default router, DNS server and broadcast address) dnsmasq sets sane defaults.
+
The dnsmasq integrated DHCP server also supports sending options to the hosts asking for a lease as described in [http://www.faqs.org/rfcs/rfc2132.html RFC2132]. For the common settings (subnet mask, default router, DNS server and broadcast address) dnsmasq sets sane defaults.
  
 
==Adjust your firewall settings==
 
==Adjust your firewall settings==
 
===Configure shorewall for dhcpd===
 
===Configure shorewall for dhcpd===
You need to open the ports 67 and 68 on your LEAF Bering-uClibc router for your LAN to get access to your dnsmasq dhcpd server:
+
You need to open UDP ports 67 and 68 on your LEAF Bering-uClibc router for your LAN to get access to your dnsmasq dhcpd server.
  
Specify the ''dhcp'' option on each interface to be served by your dhcpd server in the <code class="filename">/etc/shorewall/interfaces</code> file. This will generate rules that will allow DHCP to and from your firewall system.  
+
Specify the ''dhcp'' option on each interface to be served by your dhcpd server in the <code class="filename">/etc/shorewall/interfaces</code> file. This will generate rules that will allow DHCP traffic to and from your firewall system.  
See example below for eth1 - this allows dhcpd requests from the local net on eth1 to the router.
+
See example below for eth1; this allows dhcpd requests from the local net on <tt>eth1</tt> to the router (and is included in the default configuration):
  
  <nowiki>#ZONE  INTERFACE      BROADCAST      OPTIONS
+
  <nowiki> #ZONE  INTERFACE      BROADCAST      OPTIONS
  loc       eth1         detect          dhcp</nowiki>
+
  loc     eth1           detect          dhcp</nowiki>
  
 
===Configure shorewall for DNS===
 
===Configure shorewall for DNS===
 
The default setup supports DNS requests from the LAN to the router out of the box.
 
The default setup supports DNS requests from the LAN to the router out of the box.
In case you want to disable it or enable an additional interface (like WLAN), it is set in <code="filename">/etc/shorewall/rules</code>. The example below allows the router to serve DNS requests from a WLAN zone.
+
In case you want to disable it or enable an additional interface (like WLAN), it is set in <code="filename">/etc/shorewall/rules</code>. The example below allows the router to serve DNS requests to clients located in a custom WLAN zone.
 +
 
 +
<nowiki>DNS(ACCEPT)  wlan        fw</nowiki>
 +
 
 +
==Advanced configuration==
 +
Other sections of this User Guide cover configuring some more advanced features of dnsmasq:
 +
* [[Bering-uClibc 4.x - User Guide - Advanced Topics - Setting Up Zeroconf Networking#Implementing_DNS-SD_using_Dnsmasq|Zeroconf DNS-SD configuration]]
  
<nowiki>DNS/ACCEPT  wlan        fw</nowiki>
 
  
 
----
 
----

Revision as of 20:17, 22 November 2010

IPv4 Networking - Configure Dnsmasq
Prev Bering-uClibc 4.x - User Guide


Objectives

dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file.

dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.

An almost complete feature list can be found on the author's page.

The configuration documentation is contained in the configuration file /etc/dnsmasq.conf.

Here you'll find a few hints how to get a basic configuration of dnsmasq done. It is advised that you read the configuration file carefully, to get most out this application.

Configure dnsmasq dns forwarder

dnsmasq works with various sources to provide resolving domain names on your local network. It is capable of using /etc/hosts, /etc/resolv.conf, additional resolv.conf files created by other applications like ppp, acting as secondary DNS in addition to primary DNS and is well integrated with the dhcpd part of dnsmasq.

Again we advise you to read the configuration file carefully, to understand how dnsmasq integrates into your network. We will describe a few standard settings for a basic LEAF image setup.

The first decision you have to make, is whether you like to use your own resolv.conf, or one created by an another application (see below ).

 # Change this line if you want dns to get its upstream servers from
 # somewhere other that /etc/resolv.conf
 #resolv-file=

In case you use your own /etc/resolv.conf, leave this as is.

If you want dnsmasq to resolve your local and private domain as well (either from /etc/hosts or dhcp) set your domain as local

 # Add local-only domains here, queries in these domains are answered
 # from /etc/hosts or DHCP only.
 local=/private.network/

Next choose the interface(s) dnsmasq should listen - the one connected your LAN. In a simple LEAF setup it is usually eth1.

 # If you want dnsmasq to listen for requests only on specified interfaces
 # (and the loopback) give the name of the interface (eg eth0) here.
 # Repeat the line for more than one interface.
 interface=eth1

If you have more than one interface connected to local LAN's you may define the interface not to listen on - the interface to the Internet:

 # Or you can specify which interface _not_ to listen on
 except-interface=eth0

At last you should configure to expand hostnames in your LAN and your domain:

 # Set this (and domain: see below) if you want to have a domain
 # automatically added to simple names in a hosts-file.
 expand-hosts

 # Set the domain for dnsmasq. this is optional, but if it is set, it
 # does the following things.
 # 1) Allows DHCP hosts to have fully qualified domain names, as long
 #     as the domain part matches this setting.
 # 2) Sets the "domain" DHCP option thereby potentially setting the
 #    domain of all systems configured by DHCP
 # 3) Provides the domain part for "expand-hosts"
 domain=private.network

For debugging purposes you can enable "log-queries" at the end of dnsmasq.conf. This will log every DNS query and reply in /var/log/syslog.

Now you're nearly done with a default setup. Read on in one of the following sections best describing your Internet connection.

Using dnsmasq with ppp/pppoe

pppd (and so pppoe) is capable to receive the upstream nameservers from your provider during connect and store them in /etc/ppp/resolv.conf.

To enable that feature you have to set the option usepeerdns either in /etc/ppp/peers/dsl-provider or /etc/ppp/options.

Next you have to change/enable dnsmasq to use that resolv.conf (probably additionally to /etc/hosts).

Edit /etc/dnsmasq.conf and set the resolv-file:

 # Change this line if you want dns to get its upstream servers from
 # somewhere other that /etc/resolv.conf
 resolv-file=/etc/ppp/resolv.conf

Using dnsmasq with dhcpcd

dhcpd gets upstream DNS servers while connecting to your ISP and stores them in /etc/dhcpc/resolv.conf.

Edit /etc/dnsmasq.conf file and point to the /etc/dhcpc/resolv.conf file.

 # Change this line if you want dns to get its upstream servers from
 # somewhere other that /etc/resolv.conf
 resolv-file=/etc/dhcpc/resolv.conf

Note: Save your configuration before you reboot.

Using dnsmasq with static ip

Edit /etc/resolv.conf and add the upstream DNS servers. There is no extra configuration needed for dnsmasq.

Note: Save your configuration before you reboot.

Using dnsmasq with pump

Remove "nodns" in pump.conf to let pump update/overwrite /etc/resolv.conf.

Note: Save your configuration before you reboot.

Using dnsmasq as dhcpd server

dnsmasq provides an integrated DHCP server for your local network. At least two steps are required to enable the dhcp daemon and make it available to your LAN.

Configure dnsmasq dhcpd

The integrated DHCP server dhcpd is disabled by default.

To enable it supply the range of addresses available for lease, and optionally a lease time:

 # Uncomment this to enable the integrated DHCP server, you need
 # to supply the range of addresses available for lease and optionally
 # a lease time. If you have more than one network, you will need to
 # repeat this for each network on which you want to supply DHCP
 # service.
 dhcp-range=192.168.1.1,192.168.1.199,12h

Add one additional lines for each subnet if you have more than one. These dhcp-range lines must be specified to switch on DHCP for a subnet even if you decide that fixed IP addresses should be allocated for all hosts using that subnet. Additionally dnsmasq supports various methods setting fixed IP addresses in your LAN, e.g. by name, MAC address etc. - please have a look for examples in dnsmasq.conf.

The dnsmasq integrated DHCP server also supports sending options to the hosts asking for a lease as described in RFC2132. For the common settings (subnet mask, default router, DNS server and broadcast address) dnsmasq sets sane defaults.

Adjust your firewall settings

Configure shorewall for dhcpd

You need to open UDP ports 67 and 68 on your LEAF Bering-uClibc router for your LAN to get access to your dnsmasq dhcpd server.

Specify the dhcp option on each interface to be served by your dhcpd server in the /etc/shorewall/interfaces file. This will generate rules that will allow DHCP traffic to and from your firewall system. See example below for eth1; this allows dhcpd requests from the local net on eth1 to the router (and is included in the default configuration):

 #ZONE   INTERFACE       BROADCAST       OPTIONS
 loc     eth1            detect          dhcp

Configure shorewall for DNS

The default setup supports DNS requests from the LAN to the router out of the box. In case you want to disable it or enable an additional interface (like WLAN), it is set in <code="filename">/etc/shorewall/rules</code>. The example below allows the router to serve DNS requests to clients located in a custom WLAN zone.

DNS(ACCEPT)  wlan         fw

Advanced configuration

Other sections of this User Guide cover configuring some more advanced features of dnsmasq:



Prev Up