DNSMASQ as DHCP server only

I have a secondary router running OpenWrt, configured as a "dumb AP"; it must not act as a DHCP or DNS server for the "main" network, as those services are already being provided by the main router. If I disable the DNSMASQ service completely, everything works as expected. So far, so good.

This device has also an "AUX" network (not connected to the main router at all) on one of the ethernet ports, where it must act as a DHCP server; so I must use DNSMASQ on this secondary router, but just for this specific "AUX" network. Still good enough.

If I enable the DNS service on DNSMASQ, it tries to be smart about local names, and wrecks all the configuration; I could not configure it as a "dumb forwarder" and send all request (bogus or not) directly to the main router. If I disable the DNS service ("option port 0"), then the start script ("/etc/init.d/dnsmasq") will put "127.0.0.1" at "/etc/resolv.conf" and break everything.

Can I configure DNSMASQ to act exclusively as a DHCP server and not configure itself as the local resolver?
... or ...
Can I configure DNSMASQ to just forward absolutely all DNS requests to the upstream server?
... or ...
Does anybody know of a better solution?

This can be easily fixed.
/etc/resolv.conf is symlink to /tmp/resolv.conf
Delete the symlink and recreate the file with the nameserver you'd like.

3 Likes

Yes, thanks for the idea; I think that would fix the issue, and I could probably write a script to do that each time DNSMASQ reboots. But I would rather find a more stable solution, or is that the only viable option?

Dnsmasq doesn't mess with the resolv in /etc, only with the resolves in /tmp.
As long as you delete the symlink and recreate the file, it will be fine until you flash the router.

1 Like

Ok, I will try that, thanks!

https://openwrt.org/docs/guide-user/base-system/dhcp

local and domain enable dnsmasq to serve entries in /etc/hosts, as well as DHCP client's names if configured under lan domain.

domainneeded, boguspriv, localise_queries, and expandhosts ensure requests for local host names are not forwarded to upstream DNS servers.

Did you try to modify those setitngs?

//edit
Removed the dhcp relay part, because it doesn't seem to be useful in this case.

There is a setting for specifying resolvfile in the advanced section of the web gui.

https://openwrt.org/docs/guide-user/base-system/dhcp?s[]=resolvfile

Or don't use a resolve file at all and instead use
list server <main router dns server ip> in dnsmasq config section.

//edit
Hmm...
Actually, dhcp relay can be used here.
But I have no clue how to configure multiple dhcp scopes on a single interface through uci.
Is it even possible?

Something like:
dump ap:

  • disable resolve file in dnsmasq config (option noresolve)
  • configure dnsmasq to use the main routers dns server (list server)
  • configure/disable all other options mentioned in my previous post. (maybe still use domain option)
  • configure dhcp relay:
    -- option local_addr
    -- option server_addr
    -- option interface 'br-lan' (optional? change accordingly)

main router:

  • set up new dhcp scope for the dump ap subnet
1 Like

But I need the DNS on the secondary router to serve names that are only known to the DNS on the main router.

domainneeded, boguspriv, localise_queries, and expandhosts ensure requests for local host names are not forwarded to upstream DNS servers.

Did you try to modify those setitngs?
[/quote]

Yes, I tried... this is probably the "dumb forwarder" path, but I did not manage to find a combination of values for those options that did not block some or all local queries; I should probably give it a second try.

Thanks, but I do not need to use a specific resolvfile as an input for DNSMASQ: the DHCP on the main router already triggers a suitable configuration to the secondary router. What I need is for the DNSMASQ init script to stop touching that resolvfile.

I finally managed to find the right combination of parameters to make it act as a "dumb forwarder":

config dnsmasq
        option domainneeded '0'
        option boguspriv '0'
        option localise_queries '1'
        option rebind_protection '0'
        option rebind_localhost '1'
        option domain 'intranet'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        list interface 'aux'

Thanks everybody for your help!

2 Likes

The hostnames of the clients in the subnet of the main router?
You can use

list server '/intranet/<ip of main router>'
list server '<ip of other dns server>'

All requests for the intranet domain will be forwarded to your main routers dns server.
All other requests will be forwarded to other servers.
But I'm not sure if requests for the dhcp hostnames in the dump ap subnet then also get forwarded to the main routers dns server or if they have precedence,

Would be better to have dhcp managed also on the main router and use a relay.
So the local hostnames can be resolved on all networks.
With the above approach the clients in the main routers subnet can't resolve hostnames from the dump ap subnet.

But because you configured the dump ap dns server as dump forwarder it will make no difference.

But I'm glad you got it working. :slightly_smiling_face:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.