DNSmasq Configuration Problem

[Rob]

Hi,

I’m having an issue customizing dnsmasq.

I have a new ASUS RT-N16 and installed Asuswrt-Merlin Version 3.0.0.2.246.19 after my testing showed that the DD-WRT versions for this router have wireless issues that are not exhibited by ASUS' versions of the firmware.

I have successfully configured dnsmasq on both Redhat Linux and DD-WRT to provide DNS to my home office network and would like to do the same on the new RT-N16. The 'README' file with the 3.0.0.2.246.19 version indicates that the dnsmasq.conf and the hosts file can be appended or replaced by placing them in the /jffs/configs directory. I created the two files appending their filenames with ".add" as instructed but after a reboot neither the /etc/dnsmasq.conf file nor the /etc/hosts file was appended. FYI: Before you ask, both files I added are still in the /jffs/configs directory after the reboot.

Is there something I missed in the configuration? If required, I could write a script to append the files and then restart the daemon but this way looked simpler. Also, are files appended/replaced before the daemons start?

Thanks in advance for any help that is provided.

 

[Rob]

Update: my bad - had spelling error in the file names. DNS is now working!

Sorry for the post.

Rob

 

[Builder71]

Can you tell me how you did?
I'm trying to set this up right now but I'm confused.
Do I need to alter the hosts file and/or the dnsmasq.conf file?
I did search the wiki but can't find how this works.

Thx.

 

[Builder71]

The hosts.add seems to work fine.

However what is there to do with the dnsmasq.conf file?

 

[Rob]

Builder71,

You most likely will not need to add anything to the dnsmasq.conf file but it is recommended to add the following three options to the 'dnsmasq.conf.add' file:

domain-needed
bogus-priv
filterwin2k

It is also recommended to add a valid domain name for your LAN. This is done via the WEB Interface page LAN -> DHCP Server and entering it in the 'RT-N16's Domain Name' field. This could be a sub-domain for your business domain or any other domain you own. For example if you own the domain 'myname.net' you would use something like 'home.myname.net'. This is to make sure your LAN's DNS names don't conflict with any real names out on the WAN.

It may work without doing this but I have not taken the time to test.

You will need to have the router connected to the Internet before your connected LAN clients will start returning the correct values. Use nslookup or ping to check.

If you still have problems, I will try to help but it has been over 15 years since I have managed DNS servers. ;-)

Rob

 

[Builder71]

All my PC's don't connect to a Domain Controller, just a workgroup.
(Small home network.)
In this case, is it still advisable to enter a name on the routers domain name field?

 

[Rob]

Builder71,

It has nothing to do with a Domain Controller. The domain I was referring to is the domain name used within DNS to translate names to IP addresses. The domain can be local or Internet.

If you don't own an Internet domain, give it a try by leaving it blank. It should only take about 5 minutes to test it out. If it works let us know. If not, an option may be to use a domain name provided by a DDNS provider. For example, you could obtain a free DDNS name like 'build71.dyndns-home.com' from Dyn. Then you could use 'home.build71.dyndns-home.com' for your local domain (at your home) name. This name would be unique on the Internet.

Rob

 

[RMerlin]

For the local domain, you can use a fake domain. For example my Internet domain is lostrealm.ca, but my devices at home use lostrealm.lan.

A registered domain is only needed if you need resolution from outside your LAN.

 

[Rob]

For the local domain, you can use a fake domain. For example my Internet domain is lostrealm.ca, but my devices at home use lostrealm.lan.

A registered domain is only needed if you need resolution from outside your LAN.

True, that should work as 'lan' is currently not a valid Top-Level-Domain (TLD) maintained by ICANN/IANA. When not using a registered domain, care would need to taken so that the local domain used would never be a registered one as a look-up conflict on the local DNS server would occur.

 

[Builder71]

Nice!
It all makes sense.
I added the word "lan" into the domain name field. (LAN -> DHCP Server -> RT-N66U's Domain Name)
I can reach my nas with ch3snas.lan as expected.
Maybe it is better to use "local", If I remember correctly .local is reserved for inside your LAN and will never be resolved by DNS on the internet.

One question though, the router logfile shows something funny.
The /tmp/var/log/nmbd.log file gives me this:

[2012/10/31 20:47:31, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(392)
Samba name server RT-N66U is now a local master browser for workgroup WORKGROUP on subnet 10.0.0.254
[2012/10/31 20:47:31, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(392)
Samba name server RT-N66U is now a local master browser for workgroup WORKGROUP on subnet 188.142.*.*

The second line makes me like
WTF, a local master browser on my WAN IP address.
Is this OK?

 

[Rob]

I have seen discussions on the net stating that the use of '.local' as the TLD is not a good idea. Problems noted are: issues with MAC OS and even heavy traffic on the Internet related to the '.local' TLD. Feel free to search on the '.local domain name' for more information.

Not sure about the items in the log. I think that Master Browser is a MS Windows term used by their networking protocol.

 

[Builder71]

I changed it to .Spongebob
I hope RMerlin can say something about the log in my previous post.

 

[RMerlin]

Asus has Samba bind to all available interfaces, including the WAN interface. The firewall doesn't open any of the Samba-used ports on the WAN interface however so your network is still safe.

 

[RMerlin]

I have seen discussions on the net stating that the use of '.local' as the TLD is not a good idea. Problems noted are: issues with MAC OS and even heavy traffic on the Internet related to the '.local' TLD. Feel free to search on the '.local domain name' for more information.

Not sure about the items in the log. I think that Master Browser is a MS Windows term used by their networking protocol.

Considering .local has been quite widely used in the past for internal LANs (most of my customers' Windows domains use domain.local for local hostnames), it's pretty stupid allowing .local to become accepted as a valid TLD. ICANN is on a cash-grab run lately with all those idiotic TLDs, charging hundred of thousands of dollars for vanity TLDs. The current system was great because it was fairly well organizedl - the whole DNS structure is designed as a completely hierarchical organisation for starter. This will confuse the heck out of everyone, and will make hostnames more difficult to remember. Now, the TLD will become yet another marketing window for large corporations. This makes me sad. </rant off>

 

[Builder71]

Asus has Samba bind to all available interfaces, including the WAN interface. The firewall doesn't open any of the Samba-used ports on the WAN interface however so your network is still safe.

Indeed, I checked the firewall and it doesn't open any port because of this.
Seems safe indeed.

After I power cycle the router it doesn't seem to happen again.
Also the log file /tmp/var/log/nmbd.log doesn't appear at all.
Hmmm, well, all is working fine so who cares.

 

[Builder71]

..., it's pretty stupid allowing .local to become accepted as a valid TLD. ...

That is not going to happen.

You can read here it's an additional reserved TLD: (Chapter 3.)

.local
.localdomain
.domain
.lan
.home
.host

 

[Builder71]

Builder71,

You most likely will not need to add anything to the dnsmasq.conf file but it is recommended to add the following three options to the 'dnsmasq.conf.add' file:

domain-needed
bogus-priv
filterwin2k

...

Rob, I did the above but without the "filterwin2k" option.

I read this option can break SIP and some other stuff.
Because I use SIP phones I didn't want to risk.

Works fine so far.
Thx.

 

[RMerlin]

That is not going to happen.

You can read here it's an additional reserved TLD: (Chapter 3.)

/hits Rob on the head.

Yet, my rant stands on all those new TLDs they recently took submissions for.