With it being the Thanksgiving weekend in the US and me finally getting tired of fighting updates that reset my dnsmasq based setup, I took the time to get kresd, dnsmasq and dhcp provided addresses all playing nice, “Simple” IOT devices getting directed to Google’s name servers and persistent-across-reboot dhcp addresses all working correctly. Below are the steps I took and some config file sections. This all kicked off with me installing the Suricata based ‘new device on network’ feature ( which in it’s basic form looks like it could have just been done with writing new dhcp requests to the user alerts message function. I guess that wouldn’t catch hard coded address clients… maybe the Turris guys are going to make the full IDS services configurable soon to make this worth while) which wasn’t initially finding host names because it contains a hard coded file location for dhcp.leases.
Why do I need persistant DHCP allocations across reboots? I use Icinga in my house to monitor the place and don’t want a whole bunch of emails stating a service is down while waiting for the devices to renew their IPs and therefore I write the dhcp.leases to an mSata device. I read that KNOT can persist the cache so maybe that’s an option.
Setup based on 3.8.6
Knot, resolver, dnsmasq all set to start at boot. In Foris, enable DNSSEC and 'Enable DHCP clients in DNS. Add whatever you like to the Domain field since we’re going to change it later ( OR… Foris could allow the use of domain.root entries).
Then we go edit files.
/etc/config/dhcp key settings:
option domain ‘REDACTED.com’ ( no need to share my domain so substitute yours here)
option local ‘/REDACTED.com/’ ( Note, the field in Foris won’t let you add the .com so edit the file directly. Everything works fine. )
option port ‘0’ ( necessary to prevent port conflicts - disables dnsmasq’s DNS service)
option leasefile ‘/mnt/sda1/dhcp.leases’ ( for persistent storage of dhcp allocated addresses)
config dhcp 'WLAN’
option start '100’
option interface 'WLAN’
option limit '140’
option leasetime '6h’
list dhcp_option '6,192.XX.XX.1’
list dhcp_option ‘set:googledns,option:dns-server,126.96.36.199’
(The last line allows me to then give certain devices access directly to the external DNS, working around the KNOT issue of vending unusuable domain names. )
and any device that needs this external DNS gets:
option name 'washing’
option mac 'XX:XX:XX:XX:XX:XX’
option ip '192.XX.XX.XX’
option tag ‘googledns’ <---- the important bit.
Leave the dhcpscript entry alone.
Now onto /etc/config/kresd. Not many changes:
Because I have a number of statically allocated hosts in my network ( mainly switches etc) I added them to /etc/hosts.
ln -s /mnt/sda1/dhcp.leases /tmp/dhcp.leases
( A number of scripts look in /tmp/dhcp.leases so because I want these persistent across boots, a quick symbolic link removes the need to edit the scripts).
( this allows me to now do lookups on ‘hostname’ and ‘hostname.REDACTED.com’ depending on how lazy I feel or if I have devices dependent on FQDN)
And MAYBE in /etc/kresd/kres.config.local ( I really cant remember if I edited this file so it may be auto generated):
set_param_func “hints.config” “’/mnt/sda1/dhcp.leases’”
And that’s it. Reboot and KNOT should become the primary name server, using dnsmasq to vend local DHCP addresses and appear in name searches using either just the host name or the FQDN. This is also persistent across boots due to the dhcp.leases being stored on an mSata, giving fast recovery of DNS lookups on local devices even if they haven’t renewed their IP address recently.
OR you just kill KNOT, install dnsmasq-full to get the dnssec functionality and have a single daemon doing all this