I am trying to implement this solution to get dnsmasq working along knot. However, after setting it up, dnsmasq does not propagate any DNS server to its DHCP clients. When disabling knot completely and setting dnsmasq to port 53, all clients can resolve URLs, but not when setting dnsmasq to port 54 and starting knot. The /etc/resolv.conf of a linux client stays empty.
Can anyone give me a hint how to fix this?
I’m not saying I’m doing it right, but this works for me:
In LuCi, LAN interface settings, in “DHCP Server”->“Advanced Settings” under “DHCP-Options” I have 6,1.2.3.4 where “6” means dhcp option for “DNS/resolver” and “1.2.3.4” is my DNS resolver which is advertised to dhcp clients.
Same result can be done by:
uci set dhcp.lan.dhcp_option=“6,1.2.3.4”
uci commit
/etc/init.d/dnsmasq restart
in CLI.
(I delete this post when someone write more correct solution)
BTW, lan. should work just fine in the default setup (if you select it in Foris web UI). If it doesn’t, that should get reported and fixed.
Only limited, e.g no CNAMEs (which dnsmasq supports on that), so it’s easier to do with kresds policy.STUB pointing to dnsmasq (or even completely different NS even on different IP address) on different port.
But I think the point is how to force dnsmasq (aka dhcp server at this moment) to send dhcp clients who is dns resolver when dnsmasq?
Maybe I’m completely lost today because since Omnia arrived, I always had to do some hack (and hack over hack) to make it work with kresd too. If something changed then I don’t know that because since it works for me, I kept it.
Actually it reminds me systemd on Linux distros nowadays - some things somewhat works, but if you want full support, you have to do it by own/old way.
@vcunat I have my own domain for my LAN, which is already configured in dnsmasq. I like to resolve it locally, but i’ll figure this out.
@kmarty The point is: I configured kresd to query dnsmasq for local hostnames according to the tutorial. I started dnsmasq on port 54 and kresd on port 53. dnsmasq still handles the DHCP. After that, none of my hosts was able to resolve anything, and the resolv.conf of a linux client was empty. I thought this was because maybe dnsmasq realizes that it isn’t the default DNS itself (since it isn’t running on port 53) and so it isn’t announcing its IP via DHCP, so i needed a way to make dnsmasq propagate an IP with a DNS running on it.
Just in case, you can use custom domains instead of .lan, if that’s what you mean. (I know almost nothing about dnsmasq…)
@simonszu If you want to do it in your setup, i.e. dnsmasq has enabled dns (option port is set e.g. on port 54), kresd configured to ask dnsmasq to local DNS records, then dhcp.lan.dhcp_option is probably only way).
What @vcunat suggests is to keep dnsmasq dns disabled (option port '0' in /etc/config/dhcp in dnsmasq section which is default) and select DNS->Enable DHCP clients in DNS in LuCI (am I right, @vcunat?) which results to dynamically adding “hints” into kresd while dnsmasq assign IP addresses to dhcp clients (I am not really certain how it exactly works but it seems to me it works just like that). So if you don’t need any speciality above that, it would be sufficient.
Yes, that’s the default setup. There’s a Turris-custom script that mines names from dnsmasq and feeds them into the resolver.
I think i solved it. I configured dnsmasq to propagate the router’s IP as a nameserver via DHCP, like @kmarty suggested. I configured dnsmasq to listen on port 54 for DNS queries, and started both dnsmasq and kresd. I added a custom.conf for kresd like in the thread i linked to in my opening post, and changed the policy.todnames to my own domain which isn’t .lan but .home.simonszu.de, and changed the IP range for reverse lookup.
At least this results in an entry in a client’s /etc/resolv.conf, and local host names are correctly resolved as specified in dnsmasq’s config. I still have to test if DNSSEC works for external domains, which should get resolved by kresd.
EDIT: I thought DNSSEC test was more complex. In the foris UI i enabled “use forwarding” and made sure that the other checkboxes were disabled. The test button shows that DNS and DNSSEC are working. However, i am unsure what “use forwarding” means in my case. Both options work for me.
Without forwarding knot-resolver contacts individual authoritative nameservers directly; with forwarding it only asks other resolvers that are either configured or obtained from DHCP (ISP’s servers typically). I’ve posted something about the choice on the wiki.
@vcunat Thanks for clarifying this. I think i finally resolved all inital issues i had with my Omnia, it works as a perfect replacement for my old TP-Link WDR3600 with OpenWRT. Now, let the tinkering begin.