So I have a domain that points to my router using DDNS and I liked to use that to access my local machines so machine1.foobar.house, machine2.foobar.house, etc.
I can’t for the life of me figure out how to recreate that using luci, it was really nice having it injected into the dns.
You can use dnsmasq’s built-in .lan domain:
Does that fit what you want?
I know about the .lan but I would rather have all my dhcp clients be subdomains of my DDNS domain. So for example if I owned foobar.house laptop.foobar.house etc
I’ve been trying to set the same thing up for hours but I can’t figure it out. It doesn’t help that things like reading syslog doesn’t really seem to be working either when trying to debug. So far my Turris Omnia seems like a massive waste of time compared to pfSense that I’m used to but which doesn’t give me the performance I need on the hardware I have.
yeah, the lack of clarity is really frustrating, the hardware looks awesome but I’m having trouble figuring out how to set it up the way I like it.
I did that. I had similar setup before with openwrt and this is what was needed for Omnia:
those defined as Static Leases (DHCP reservations, scroll down on the same page)
those defined in Network | Hostnames (static ip adresses)
all DHCP clients, that send hostnames with their DHCP request
for IPv6 reservations, you must define DUIDs over in /etc/config/dhcp:
config host
option name 'hostname’
option duid ‘_duid’
You will lose DNSSEC. I didn’t care for DNSSEC as much, as I did for hostnames in my network.
Edit: one more thing: in Network | DHCP and DNS | Advanced settings set DNS server port to 53.
I did this and works great, but from home I did nessus scan targeting the omnia from outside, and the port 53 is open to the network… does it have to be to have it work properly ?
Dnsmasq listens on the port 53 on all interfaces and accepts connections only from IPs from local subnet of each interface - and that includes wan. Normally, however, you should have firewall on the wan side to drop packets not related to established connections (it’s the default).
Are you sure you didn’t open the firewall?
I haven’t touched firewall yet, and as far as I remember for wan port is reject, accept, reject:
Nessus detect following issues:
Port: 53 / udp / dns - The DNS query was 17 bytes long, the answer is 228 bytes long.
*Solution (Restrict access to your DNS server from public network or reconfigure it to reject such queries.)
Port: 53 / udp / dns - Nessus sent a non-recursive query for example.com and received 1 answer : 93.184.216.34
*DNS Server Cache Snooping Remote Information Disclosure
It seems that its the only port open towards public, and this issues are marked as “Medium Risk” but still I would rather have this covered as well…also I thought that only internal LAN needs the DNS port and nothing from outside needs that.
Nessus is drunk or something, I just scan the IP with nmap tcp and udp and it reported all ports filtered… I’m confused :-/