Dhcp-option=6,10.1.4.10, but only on ONE interface

ShadowWizard · July 31, 2024, 12:46am

I use dns-option=6,10.1.4.10 in dnsmasq.config to pass the DNS server I want my devices to use. That works great...
Then I set up a guest network. I want to have the guest network use different DNS servers, as they don't have access to my 10.1.1.1/17 network.
How would I do this?

egc · July 31, 2024, 1:03am

See https://github.com/egc112/OpenWRT-egc-add-on/tree/main/stop-dns-leak#option-6

And
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dhcp_options

lleachii · July 31, 2024, 1:23am

As the other poster notes, it's easy in OpenWrt to configure a particular DHCP Option on one interface. Take a look at the Wiki linked above.

By default, OpenWrt would announce the IP assigned to the interface. ~~It seems you may have significantly altered the underlying dnsmasq~~ so it does not function as we'd expect in OpenWrt.

Can you provide your /etc/config/dhcp contents please?

takimata · July 31, 2024, 1:34am

All of the above being said, seeing as they already need explicit access for DHCP, what prevents you from giving them access to the DNS?

ShadowWizard · July 31, 2024, 2:30am

Thank you for the information. Its just, as usual (not just with openwrt, it is common in many places), these guides assume I know more then I do. In the first link, I was able to comprehend the first two sentences. Then I was lost. The second link I was unable to understand any of it.
I am either going to need an in depth explanation of exactly what the documents mean, or some more direct assistance.

I think you very much for providing the links however. I am sure if I had a deeper knowledge of whatever it is they are trying to explain, they would be very helpful.

ShadowWizard · July 31, 2024, 2:32am

I don't know. Thats why I am here. They don't have access to the DNS. The resolution I want however gives them a public DNS.

ShadowWizard · July 31, 2024, 2:37am

Happy to:


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '513'
	option limit '254'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

<DHCP reservations>

config dhcp 'Guest'
	option interface 'Guest'
	option start '100'
	option limit '150'
	option leasetime '12h'

There are also a lot of DHCP reservations, I have stripped the out for this post.

takimata · July 31, 2024, 3:43am

You probably followed one of the tutorials for creating a "guest wifi" which probably told you to add two firewall rules: one to allow the guest network access to the router's DHCP server, and one to allow the guest network access to the router's DNS server. You seem to have skipped the latter.

grrr2 · July 31, 2024, 6:04pm

simply add your dhcp options to your dhcp config, for example:

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,a.a.a.a'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,b.b.b.b.'

# obviously replace placeholders with your desired DNS servers address

note: if you followed the guest network tutorial the firewall rules others mentioned are only needed
if you run DHCP server on openwrt (which you do apparently) but the DNS allow rule is not required if you want to use a different DNS server than owrt (which you do apparently).

ShadowWizard · August 1, 2024, 1:10am

Awesome, thank you.
Obviously I will delete the entries in the dnsmasq.config, but out of interest to further my knowledge more, assuming I didn't, which one would take precedence?

lleachii · August 1, 2024, 1:14am

We can't guess how your clients request or implement the Option.

But the example only listed 1 server.

ShadowWizard · August 1, 2024, 2:23am

Thank you, it has been implemented and tested. After a couple of other issues I managed to get resolved, I think my setup is complete!
And thank you to all the others that chimed in with a bit of help here and there. I appreciate you taking the time.

grrr2 · August 1, 2024, 12:45pm

i hope my assumption what you mean in your question is correct, so:

first, by default owrt uses "uci" framework (https://openwrt.org/docs/guide-user/base-system/uci) to manage configuration.

second, services (such as dnsmasq which provides the dhcp and dns functionality) are re-generating their application specific configuration from the uci format every time they start (or in case of reload). in many cases only a subset of application features are translated to uci config hence a service might overwrite or append app specific configuration over the uci config.

third, in case of dnsmasq service /etc/dnsmasq.conf can be used to append additional advanced configuration. so to answer your question: /etc/config/dhcp is the primary source but merged with content from /etc/dnsmasq.conf. (and some other files, details are in the /etc/init.d/dnsmasq).

system · August 11, 2024, 12:45pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.