More .LAN troubles

craibuc · October 13, 2017, 8:39pm

History

I made the changes to my router’s configuration as suggested by the Dnsmasq .lan domain while still using knot resolver thread to get the .LAN domain working on my local network.

Issue

When Turris OS was upgraded to 3.8.3 (or 3.8?), the .LAN stopped functioning.

Symptoms

Commands issued from OS X Terminal while connected to the WiFi device associated w/ the LAN.

# google.com found
$ host google.com
google.com has address 216.58.216.238
google.com has IPv6 address 2607:f8b0:4009:809::200e
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.

# router not found
$ host turris.lan
Host turris.lan not found: 2(SERVFAIL)

# but?
$ host 192.168.1.1
1.1.168.192.in-addr.arpa domain name pointer turris.lan.

# laptop (pippin) connected to wifi not found
$ host pippin.lan
Host pippin.lan not found: 2(SERVFAIL)

# but...
$ host 192.168.1.112
112.1.168.192.in-addr.arpa domain name pointer pippin.lan.

~$ dig +short -x 192.168.1.112 @192.168.1.1
pippin.lan.

~$ dig +short -x 192.168.1.112 @192.168.1.1 -p 5353
Pippin.lan.

What am I missing?

Do I really need the knot resolver (kresd) AND dnsmasq?

Configurations

/etc/config/resolver:

config resolver 'common'
	list interface '0.0.0.0'
	list interface '::0'
	option port '53'
	option keyfile '/etc/root.keys'
	option verbose '0'
	option msg_buffer_size '4096'
	option msg_cache_size '20M'
	option net_ipv6 '1'
	option net_ipv4 '1'
	option prefered_resolver 'kresd'
	option ignore_root_key '0'
	option prefetch 'yes'
	option forward_upstream '0'

config resolver 'kresd'
	option rundir '/tmp/kresd'
	option log_stderr '1'
	option log_stdout '1'
	option forks '1'
	option include_config '/etc/kresd/custom.conf'

config resolver 'unbound'
	option outgoing_range '60'
	option outgoing_num_tcp '1'
	option incoming_num_tcp '1'
	option msg_cache_slabs '1'
	option num_queries_per_thread '30'
	option rrset_cache_size '100K'
	option rrset_cache_slabs '1'
	option infra_cache_slabs '1'
	option infra_cache_numhosts '200'
	list access_control '0.0.0.0/0 allow'
	list access_control '::0/0 allow'
	option pidfile '/var/run/unbound.pid'
	option root_hints '/etc/unbound/named.cache'
	option target_fetch_policy '2 1 0 0 0'
	option harden_short_bufsize 'yes'
	option harden_large_queries 'yes'
	option key_cache_size '100k'
	option key_cache_slabs '1'
	option neg_cache_size '10k'
	option prefetch_key 'yes'

config resolver 'unbound_remote_control'
	option control_enable 'no'
	list control_interface '0.0.0.0'
	list control_interface '::0'

/etc/kresd/custom.conf:

local lan_rule = policy.add(policy.suffix(policy.FORWARD('127.0.0.1@5353'), policy.todnames({'lan','168.192.in-addr.arpa'})))
policy.del(lan_rule.id)
table.insert(policy.rules, 1, lan_rule)

/etc/config/dhcp:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'
	option nonwildcard '0'
	option domain 'lan'
	option port '5353'
	option dhcpscript '/etc/resolver/dhcp_host_domain_ng.py'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	list dhcp_option '6,192.168.1.1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

config dhcp 'guest_interface'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'guest_interface'
	list dhcp_option '6,192.168.2.1'

vcunat · October 14, 2017, 12:42am

s/FORWARD/STUB/ Since Turris 3.8.0, forwarding now validates DNSSEC by default, and dnsmasq of course can’t prove the LAN names.

The LAN names should work even without doing this, by switching the feature on somewhere, but this forwarding is certainly also a way of getting them.

craibuc · October 14, 2017, 2:51am

Could you elaborate on your answer a bit more. What does s/FORWARD/STUB/ do? Is this added to /etc/kresd/custom.conf somehow?

Thanks for your reply and assistance.

vcunat · October 14, 2017, 10:33am

Oh, I’m sorry. I meant that in your custom.conf you need to replace FORWARD by STUB.

craibuc · October 14, 2017, 1:10pm

Thanks so much for the help!

By the way, can I use the # for comments in a .CONF file? Do they also support /**/ for multi-line comments?

I added documentation to the Wiki: Enable the .LAN Domain

vcunat · October 14, 2017, 3:25pm

We touched knot-resolver’s config, and that’s just lua language, so one-line comments start by double dash and long comments are done e.g. with [[ comment ]]. More details in reference manual. I don’t really know the syntax of openwrt’s /etc/config/foo.

Martin_Der_M · November 29, 2018, 9:45am

I just found out, that despite the checkbox in foris is set, *.lan domains don’t work for me. I also tried the old way which isn’t working either. Do you have any tips where to start to solve the issue?