http://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_6.x_-_User_Guide_-_IPv4_Networking_-_Configure_Dnsmasq&feed=atom&action=historyBering-uClibc 6.x - User Guide - IPv4 Networking - Configure Dnsmasq - Revision history2024-03-29T12:43:41ZRevision history for this page on the wikiMediaWiki 1.26.0http://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_6.x_-_User_Guide_-_IPv4_Networking_-_Configure_Dnsmasq&diff=2788&oldid=prevKapeka: Created page with "{| summary="Navigation header" width="100%" ! colspan="3" align="center" | Bering-uClibc 6.x - User Guide - IPv4 Networking - Configure Dnsmasq|IPv4 Networking - Configure D..."2016-10-09T15:03:27Z<p>Created page with "{| summary="Navigation header" width="100%" ! colspan="3" align="center" | Bering-uClibc 6.x - User Guide - IPv4 Networking - Configure Dnsmasq|IPv4 Networking - Configure D..."</p>
<p><b>New page</b></p><div>{| summary="Navigation header" width="100%"<br />
! colspan="3" align="center" | [[Bering-uClibc 6.x - User Guide - IPv4 Networking - Configure Dnsmasq|IPv4 Networking - Configure Dnsmasq]]<br />
|-<br />
| width="20%" align="left" | [[Bering-uClibc 6.x - User Guide - IPv4 Networking - Configure Traffic Management|Prev]]<br />
! width="60%" align="center" | [[Bering-uClibc 6.x - User Guide]]<br />
| width="20%" align="right" | [[Bering-uClibc 6.x - User Guide - IPv4 Networking - Configure 802.1Q VLANs|Next]]<br />
|}<br />
----<br />
<br />
<br />
==Objectives==<br />
dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file.<br />
<br />
dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.<br />
<br />
An almost complete feature list can be found on the [http://thekelleys.org.uk/dnsmasq/doc.html author's page.]<br />
<br />
The configuration documentation is contained in the configuration file <code class="filename">/etc/dnsmasq.conf</code>.<br />
<br />
Here you'll find a few hints how to get a basic configuration of dnsmasq done. It is advised that you read the configuration file carefully, to get most out this application.<br />
<br />
==Configure dnsmasq dns forwarder==<br />
dnsmasq works with various sources to provide resolving domain names on your local network. It is capable of using <code class="filename">/etc/hosts</code>, <code class="filename">/etc/resolv.conf</code>, additional <code class="filename">resolv.conf</code> files created by other applications like ppp, acting as secondary DNS in addition to primary DNS and is well integrated with the dhcpd part of dnsmasq.<br />
<br />
Again we advise you to read the configuration file carefully, to understand how dnsmasq integrates into your network. We will describe a few standard settings for a basic LEAF image setup.<br />
<br />
The first decision you have to make, is whether you like to use your own <code class="filename">resolv.conf</code>, or one created by an another application (see below ).<br />
<br />
<nowiki> # Change this line if you want dns to get its upstream servers from<br />
# somewhere other that /etc/resolv.conf<br />
#resolv-file=</nowiki><br />
<br />
In case you use your own <code class="filename">/etc/resolv.conf</code>, leave this as is.<br />
<br />
If you want dnsmasq to resolve your local and private domain as well (either from <code class="filename">/etc/hosts</code> or dhcp) set your domain as local<br />
<br />
<nowiki> # Add local-only domains here, queries in these domains are answered<br />
# from /etc/hosts or DHCP only.<br />
local=/private.network/</nowiki><br />
<br />
Next choose the interface(s) dnsmasq should listen - the one connected your LAN. In a simple LEAF setup it is usually eth1.<br />
<br />
<nowiki> # If you want dnsmasq to listen for requests only on specified interfaces<br />
# (and the loopback) give the name of the interface (eg eth0) here.<br />
# Repeat the line for more than one interface.<br />
interface=eth1</nowiki><br />
<br />
If you have more than one interface connected to local LAN's you may define the interface <span class="emphasis">''not''</span> to listen on - the interface to the Internet:<br />
<br />
<nowiki> # Or you can specify which interface _not_ to listen on<br />
except-interface=eth0</nowiki><br />
<br />
At last you should configure to expand hostnames in your LAN and your domain:<br />
<br />
<nowiki> # Set this (and domain: see below) if you want to have a domain<br />
# automatically added to simple names in a hosts-file.<br />
expand-hosts<br />
<br />
# Set the domain for dnsmasq. this is optional, but if it is set, it<br />
# does the following things.<br />
# 1) Allows DHCP hosts to have fully qualified domain names, as long<br />
# as the domain part matches this setting.<br />
# 2) Sets the "domain" DHCP option thereby potentially setting the<br />
# domain of all systems configured by DHCP<br />
# 3) Provides the domain part for "expand-hosts"<br />
domain=private.network</nowiki><br />
<br />
For debugging purposes you can enable "log-queries" at the end of <code class="filename">dnsmasq.conf</code>.<br />
This will log every DNS query and reply in <code class="filename">/var/log/syslog</code>.<br />
<br />
Now you're nearly done with a default setup. Read on in one of the following sections best describing your Internet connection.<br />
<br />
===Using dnsmasq with ppp/pppoe===<br />
pppd (and so pppoe) is capable to receive the upstream nameservers from your provider during connect and store them in <code class="filename">/etc/ppp/resolv.conf</code>.<br />
<br />
To enable that feature you have to set the option <code class="option">usepeerdns</code> either in <code class="filename">/etc/ppp/peers/dsl-provider</code> or <code class="filename">/etc/ppp/options</code>.<br />
<br />
Next you have to change/enable dnsmasq to use that resolv.conf (probably additionally to /etc/hosts).<br />
<br />
Edit <code class="filename">/etc/dnsmasq.conf</code> and set the <code class="option">resolv-file</code>:<br />
<br />
<nowiki> # Change this line if you want dns to get its upstream servers from<br />
# somewhere other that /etc/resolv.conf<br />
resolv-file=/etc/ppp/resolv.conf</nowiki><br />
<br />
===Using dnsmasq with dhcpcd===<br />
Package <code class="filename">dhcpcd.lrp</code> (DHCP Client Daemon) is the default DHCP client for [[Bering-uClibc 6.x]].<br />
<code class="filename">dhcpcd</code> gets upstream DNS servers while connecting to your ISP and stores them in <code class="filename">/etc/dhcpc/resolv.conf</code>.<br />
<br />
Edit <code class="filename">/etc/dnsmasq.conf</code> file and point to the <code class="filename">/etc/dhcpc/resolv.conf</code> file.<br />
<br />
<nowiki> # Change this line if you want dnsmasq to get its upstream servers from<br />
# somewhere other that /etc/resolv.conf<br />
resolv-file=/etc/dhcpc/resolv.conf</nowiki><br />
<br />
'''Note:''' Save your configuration before you reboot.<br />
<br />
===Using dnsmasq with static ip===<br />
Edit <code class="filename">/etc/resolv.conf</code> and add the upstream DNS servers. There is no extra configuration needed for dnsmasq.<br />
<br />
'''Note:''' Save your configuration before you reboot.<br />
<br />
==Using dnsmasq as dhcpd server==<br />
dnsmasq provides an integrated IPv4 DHCP server for your local network. At least two steps are required to enable the dhcp daemon and make it available to your LAN.<br />
<br />
===Configure dnsmasq dhcpd===<br />
The integrated DHCP server dhcpd is disabled by default.<br />
<br />
To enable it supply the range of addresses available for lease, and optionally a lease time:<br />
<br />
<nowiki> # Uncomment this to enable the integrated DHCP server, you need<br />
# to supply the range of addresses available for lease and optionally<br />
# a lease time. If you have more than one network, you will need to<br />
# repeat this for each network on which you want to supply DHCP<br />
# service.<br />
dhcp-range=192.168.1.1,192.168.1.199,12h</nowiki><br />
<br />
Add one additional lines for each subnet if you have more than one.<br />
These <tt>dhcp-range</tt> lines must be specified to switch on DHCP for a subnet even if you decide that fixed IP addresses should be allocated for all hosts using that subnet. (Add "<tt>,static</tt>" to the <tt>dhcp-range</tt> line to prevent addresses being dynamically allocated in such cases.)<br />
Additionally dnsmasq supports various methods setting fixed IP addresses in your LAN, e.g. by name, MAC address etc. - please have a look for examples in <code class="filename">dnsmasq.conf</code>.<br />
<br />
The dnsmasq integrated DHCP server also supports sending options to the hosts asking for a lease as described in [http://www.faqs.org/rfcs/rfc2132.html RFC2132]. For the common settings (subnet mask, default router, DNS server and broadcast address) dnsmasq sets sane defaults.<br />
<br />
==Adjust your firewall settings==<br />
===Configure shorewall for dhcpd===<br />
You need to open UDP ports 67 and 68 on your LEAF Bering-uClibc router for your LAN to get access to your dnsmasq dhcpd server.<br />
<br />
Specify the ''dhcp'' option on each interface to be served by your dhcpd server in the <code class="filename">/etc/shorewall/interfaces</code> file. This will generate rules that will allow DHCP traffic to and from your firewall system. <br />
See example below for eth1; this allows dhcpd requests from the local net on <tt>eth1</tt> to the router (and is included in the default configuration):<br />
<br />
<nowiki> #ZONE INTERFACE BROADCAST OPTIONS<br />
loc eth1 detect dhcp</nowiki><br />
<br />
===Configure shorewall for DNS===<br />
The default setup supports DNS requests from the LAN to the router out of the box.<br />
In case you want to disable it or enable an additional interface (like WLAN), it is set in <code="filename">/etc/shorewall/rules</code>. The example below allows the router to serve DNS requests to clients located in a custom WLAN zone.<br />
<br />
<nowiki>DNS(ACCEPT) wlan fw</nowiki><br />
<br />
==Advanced configuration==<br />
Other sections of this User Guide cover configuring some more advanced features of dnsmasq:<br />
* [[Bering-uClibc 6.x - User Guide - Advanced Topics - Setting Up Zeroconf Networking#Implementing_DNS-SD_using_Dnsmasq|Zeroconf DNS-SD configuration]]<br />
<br />
<br />
----<br />
{| summary="Navigation footer" width="100%"<br />
| width="40%" align="left" | [[Bering-uClibc 6.x - User Guide - IPv4 Networking - Configure Traffic Management|Prev]]<br />
| width="20%" align="center" | [[Bering-uClibc 6.x - User Guide - IPv4 Networking|Up]]<br />
| width="40%" align="right" | [[Bering-uClibc 6.x - User Guide - IPv4 Networking - Configure 802.1Q VLANs|Next]]<br />
<br />
|}<br />
<br />
[[Category:Bering-uClibc 6.x]]<br />
[[Category:User Guide]]</div>Kapeka