Setup DNS on Turris Omnia

Software SW help
,
1

Hi All,

On a Turris Omnia I wish to setup a private DNS server to resolve my internal home-lab DNS records to a private IP in the range of 192.168.10.0/24 such as

test.mydomain.com → 192.168.10.50
staging.mydomain.com → 192.168.10.70
...
...
___.mydomain.com → 192.168.10.x

and more along with setting up DNS to my ISP to resolve internet routable DNS records such as google, facebook etc… via any open-source software available dnsmasq or bind9

Could someone please let me know if this is possible and the steps to do-so?

2

Yes. In reForis if you tick network / DNS / “Enable DHCP clients in DNS”, all DHCP-assigned names will be added into the default DNS. There you can also change the default suffix from lan to mydomain.com.

2 Likes
3

@vcunat thanks for the response.
Will the method you described help me use the Turris Omnia device as a DNS server?

dns-setup
dns-setup1422×840 154 KB

Please refer a sample diagram of my intended setup. Note the Desktop device would be the one from wherein I’d primarily perform CRUD operations on the DNS records that I’d like to be stored in the Turris Omnia Router under reForis

If the above is not possible natively in reForis, could I install any open-source software available like knot, bind9, unbound on the Turris Omnia Router to do so?

4

Turris Omnia runs Knot Resolver by default, and that’s what serves as the default DNS in LAN. The setting I posted just tweaks some script that feed additional data into it.

5

Do you mean the Knot resolver software on the Turris Omnia router functions both like:

  • A resolver: that helps connected clients fetch any requested DNS queries?
  • An authoritative DNS server: where we can add DNS records to be fetched by the above resolver?

Please let me know if I got it correctly, if not a brief explanation would be very helpful.

6

Yes. It is a resolver, but due to popular demand, there is some limited functionality to answer some records “authoritatively” – and that’s what is used here. Basically all resolvers can do it to some extent.

7

Thanks this helps. Since Turris Omnia Router supports package installation via SSH connections - could installing knot DNS or bind9 on it work correctly to serve as a full-featured authoritative DNS server?

8

Yes, it could, but I’m not aware of anyone running authoritative DNS on Turris. It’s much more complex, e.g. you don’t have integration into DHCP by default. (I think the kea server has integration to DDNS commands.)

9

Thanks, my original idea was to setup a custom forwarder wherein:

  1. one forwarder’s IPv4 would be the Turris device’s own private IP (e.g: 192.168.10.1) containing the internal DNS records for my home-lab as an alternative to publishing them on a public DNS server
  2. 2nd forwarder could be either Cloudflare or Google DNS with TLS for public DNS queries.

Yes. In reForis if you tick network / DNS / “Enable DHCP clients in DNS”, all DHCP-assigned names will be added into the default DNS. There you can also change the default suffix from lan to mydomain.com.

Then I found the DHCP clients in DNS and the page for List of DHCP clients inline with your answer to understand how Knot resolver would form the internal DNS records using the Hostname.Domain of DHCP Clients in DNS fields such as test.mydomain.com and resolve it as well.

This negates the need of point 1 in the custom forwarder setup above but retain point 2.

However some caveats here:

  • For each connected client, I’ve to add hostname prefix as the desired sub-domain along with the Domain of DHCP Clients in DNS set to mydomain.com. This is ok if there are not too many clients.
  • All connected clients will have an IP address based on the Lease Time parameter in DHCP changing every 12 hours meaning their A record’s IP address will also change similarly. Basically these are dependent on the DHCP service running in the Turris.

Please let me know if I got the inner working of Turris Omnia’s DNS correctly.

10

You can configure (TLS-)forwarding to Google or Cloudflare in ReForis, too. (and other options) That’s orthogonal.

Well, these weeks Google’s is broken: Google Issue Tracker

I don’t know the DHCP parts well. It certainly can be further customized, but not in reForis really. Something in luci, or other general OpenWrt recipes.

By default the individual machines choose their own hostnames, and those appear with the configured suffix (.lan by default), at least if they follow reasonable patterns.

11

Indeed my point 1 of custom forwarder in my previous comment was exactly via ReForis itself, nothing else. Thanks for the heads-up on Google’s DNS, will review Quad9 and Cloudflare.

TL;DR of this thread:

  1. Turris DNS’s default resolver is Knot DNS functioning both as a resolver + DNS server via the DHCP clients in DNS feature.

  2. For each connected client to form a consistent DNS, the hostname prefix should be the desired sub-domain along with the Domain of DHCP Clients in DNS set to mydomain.com in the above feature itself.

  3. All connected clients get an IP address based on the Lease Time parameter in DHCP meaning their corresponding A record’s IP addresses would be valid for a maximum of 12 hrs.

  4. Subsequently, if we refer the List of DHCP clients as an example in conjunction with the above, we can deduce the following 3 DNS A records.

A bob.lan     5m00s   192.168.1.123
A alice.lan   5m00s   192.168.1.137
A peter.lan   5m00s   192.168.1.138

Again, thank you @vcunat for your guidance to help me understand this better. We could resolve this discussion thread if there’s no further pointers.

12

Nit: it’s “Knot Resolver”. Knot DNS is authoritative-only sister project of ours.

13

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.