I thought it would be easy, but I’m struggling with this for a few days now without solving it.
I want my Turris Omnia to resolve everthing by itself besides addresses from my internal lan, for which it should ask an internal DNS server. This should work for clients in the internal lan asking the router and also for the router itself.
I tried lots of things I found in this forum and on the openwrt website, but it doesn’t work.
The curly braces lead to “;; connection timed out; no servers could be reached” - without them, everything works as expected - are you sure, I need them?
No, you were right - I need the curly braces - there was a sytnax error in some other line.
So at the moment everything regardings dns works for me as intended.
I’ve got this set up and mostly working on my local domain: it is forwarding local reverse lookups to dnsmasq on the Turris Omnia OK. However reverse lookups forwarded by kresd have the local domain stripped from the result, whereas reverse lookups sent directly to dnsmasq do not.
That must be because dnsmasq returns the reverse records that way. I can just guess that you can instruct DHCP to make all hosts (or particular hosts) part of a domain and that might make dnsmasq return what you want. It’s perhaps good even for the individual machines to know their full name (e.g. the domainname command on Linux systems).
I assumed that first, but I’ve verified that doesn’t appear to be the case. I have dnsmasq running on port 5353 and kresd on 53. The local domain and reverse lookups are forwarded by kresd to dnsmasq:
dnsmasq:
root@turris:~# khost 192.168.100.1 localhost@5353
1.100.168.192.in-addr.arpa. points to turris.mydomain.net.
kresd:
root@turris:~# khost 192.168.100.1 localhost@53
1.100.168.192.in-addr.arpa. points to turris.
The hosts do know their domainname via hostname -f and dnsdomainname (domainname relates to NIS), however GSSAPI uses a reverse lookup on the IP to select the kerberos principal for authentication, hence my issue.
There are multiple sources combined and fed to kresd via a temporary file /tmp/kresd/hints.tmp. I know mainly about kresd itself, not much yet about how it gets its configuration on Omnia.
I was just looking at that file simultaneously! And I think I’ve discovered the issue:
In my /etc/hosts I have:
192.168.100.1 turris.mydomain.net turris
And /etc/hosts gets copied verbatim into /tmp/kresd/hints.tmp
If I take the non-FQDN alias out:
192.168.100.1 turris.mydomain.net
… then the FQDN is correctly returned (so I’m guessing it’s actually not forwarding these known hosts to dnsmasq due to the hints being available?).
man 5 hosts
confirms the format of /etc/hosts is meant to be
IP_address canonical_hostname [aliases...]
So in the kresd hints file, when there are aliases, what happens? Is there a way to make the canonical_hostname take priority by modifying some lua? (If not then I think I can safely take out the non qualified aliases anyway.)
Thanks for your help getting to the bottom of things. I’ve fixed this for my network now.
It might be worth a note in the documentation for kresd that the hints file interpretation is not 100% the same as the definition of entries in /etc/hosts, and how it differs. Though in this case it was actually the unexpected copying of /etc/hosts to the hints file by the startup script that was more confusing.