What's new

Question regarding Merlin's dnsmasq.conf file

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

johnathonm

Regular Contributor
Hello there,

I was looking over the default configuration of Merlin's dnsmasq.conf file and was hoping that someone could explain several of the entries. I will post the conf:

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic - Excuse my noob question here but why would you use bind-dynamic over bind-interface? As
interface=br0
interface=pptp* - what is the purpose of this interface? If we delete it from the conf will it be gone completely in terms of dnsmasq seeing it or communicating with it?

no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
dhcp-range=lan,192.168.1.2,192.168.1.50,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,252,"\n"
dhcp-authoritative

interface=tun21 - what is the purpose of this interface? If we delete it from the conf will it be gone completely in terms of dnsmasq seeing it or communicating with it?

interface=tun22- what is the purpose of this interface? If we delete it from the conf will it be gone completely in terms of dnsmasq seeing it or communicating with it?

quiet-dhcp
quiet-dhcp6

I am just trying to shut down points of entry/exit whenever or wherever possible and I am unclear on what these are and how to do it (since DHCP and DNS services are being provided by DNSMASQ).

Thank you,

Johnathon
 
The pptp and tun interfaces are the VPN servers (PPTP and OpenVPN).
If you know you will not need to use PPTP or OpenVPN you can remove them.
I have and all still works perfectly fine.
As long as you are not making wholesale changes to the scripts and you understand what you are doing it should be safe.
Just keep backups of the originals and roll-back if you have an issue you cannot fix. (Or re-install fresh.)
[Typos are the usual cause when making small changes/edits :) ]

As per usual, don't expect other people to fix problems if you completely change the setup to something totally unsupported/unsupportable of your own, which is fair enough. !!!
(The basis I personally work to ....... if I break it by 'changing' everything ..... then I 'fix it', my problem !!! :) ]
 
If you know you will not need to use PPTP or OpenVPN you can remove them.
I have and all still works perfectly fine.]
Unless there's some change/bug in the newer firmwares those interface lines won't be present unless you are running the associated VPN server. In which case they need to be left in.
 
Unless there's some change/bug in the newer firmwares those interface lines won't be present unless you are running the associated VPN server. In which case they need to be left in.
They appeared after a recent update / enablement of 'Aiprotection' etc which I disabled in the end.
(I was trying some options/changes out and after a few 'bounces' :) they had appeared !!!)
I know I do not need or use VPN on the router, so removed the lines.

I do not have a repeatable set of steps to follow to reproduce it so put it down to me 'playing' with the configuration !!!

As I said 'know' what you are doing ........ or not as the case may be !!! :)
 
Then I shall break my internet again, because that's how I roll. I will post my modified conf for your feedback, if that's alright.
 
And behold... doomsday.

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
max-cache-ttl=44300
interface=br0
localise-queries
except-interface=interface=pptp*
no-resolv
servers-file=/jffs/resolv.dnsmasq
no-poll
selfmx
all-servers
dns-loop-detect
stop-dns-rebind
bogus-priv
filterwin2k
dhcp-sequential-ip
no-negcache
local-service
cache-size=10000
min-port=4096
dhcp-range=lan,192.168.1.2,192.168.1.254,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,252,"\n"
dhcp-authoritative
except-interface=interface=tun21
except-interface=interface=tun22
quiet-dhcp
quiet-dhcp6
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
dnssec
dnssec-no-timecheck
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top