DNSMASQ as DHCP server only

eduperez · November 18, 2019, 9:30pm

I have a secondary router running OpenWrt, configured as a "dumb AP"; it must not act as a DHCP or DNS server for the "main" network, as those services are already being provided by the main router. If I disable the DNSMASQ service completely, everything works as expected. So far, so good.

This device has also an "AUX" network (not connected to the main router at all) on one of the ethernet ports, where it must act as a DHCP server; so I must use DNSMASQ on this secondary router, but just for this specific "AUX" network. Still good enough.

If I enable the DNS service on DNSMASQ, it tries to be smart about local names, and wrecks all the configuration; I could not configure it as a "dumb forwarder" and send all request (bogus or not) directly to the main router. If I disable the DNS service ("option port 0"), then the start script ("/etc/init.d/dnsmasq") will put "127.0.0.1" at "/etc/resolv.conf" and break everything.

Can I configure DNSMASQ to act exclusively as a DHCP server and not configure itself as the local resolver?
... or ...
Can I configure DNSMASQ to just forward absolutely all DNS requests to the upstream server?
... or ...
Does anybody know of a better solution?

trendy · November 18, 2019, 10:29pm

This can be easily fixed.
/etc/resolv.conf is symlink to /tmp/resolv.conf
Delete the symlink and recreate the file with the nameserver you'd like.

eduperez · November 18, 2019, 11:46pm

Yes, thanks for the idea; I think that would fix the issue, and I could probably write a script to do that each time DNSMASQ reboots. But I would rather find a more stable solution, or is that the only viable option?

trendy · November 18, 2019, 11:50pm

Dnsmasq doesn't mess with the resolv in /etc, only with the resolves in /tmp.
As long as you delete the symlink and recreate the file, it will be fine until you flash the router.

eduperez · November 19, 2019, 12:21am

Ok, I will try that, thanks!

shm0 · November 19, 2019, 5:31am

local and domain enable dnsmasq to serve entries in /etc/hosts, as well as DHCP client's names if configured under lan domain.

domainneeded, boguspriv, localise_queries, and expandhosts ensure requests for local host names are not forwarded to upstream DNS servers.

Did you try to modify those setitngs?

//edit
Removed the dhcp relay part, because it doesn't seem to be useful in this case.

mikma · November 19, 2019, 7:14am

There is a setting for specifying resolvfile in the advanced section of the web gui.

https://openwrt.org/docs/guide-user/base-system/dhcp?s[]=resolvfile

shm0 · November 19, 2019, 1:26pm

Or don't use a resolve file at all and instead use
list server <main router dns server ip> in dnsmasq config section.

//edit
Hmm...
Actually, dhcp relay can be used here.
But I have no clue how to configure multiple dhcp scopes on a single interface through uci.
Is it even possible?

Something like:
dump ap:

disable resolve file in dnsmasq config (option noresolve)
configure dnsmasq to use the main routers dns server (list server)
configure/disable all other options mentioned in my previous post. (maybe still use domain option)
configure dhcp relay:
-- option local_addr
-- option server_addr
-- option interface 'br-lan' (optional? change accordingly)

main router:

set up new dhcp scope for the dump ap subnet

eduperez · November 19, 2019, 9:20pm

But I need the DNS on the secondary router to serve names that are only known to the DNS on the main router.

domainneeded, boguspriv, localise_queries, and expandhosts ensure requests for local host names are not forwarded to upstream DNS servers.

Did you try to modify those setitngs?
[/quote]

Yes, I tried... this is probably the "dumb forwarder" path, but I did not manage to find a combination of values for those options that did not block some or all local queries; I should probably give it a second try.

eduperez · November 19, 2019, 9:23pm

Thanks, but I do not need to use a specific resolvfile as an input for DNSMASQ: the DHCP on the main router already triggers a suitable configuration to the secondary router. What I need is for the DNSMASQ init script to stop touching that resolvfile.

eduperez · November 19, 2019, 9:32pm

I finally managed to find the right combination of parameters to make it act as a "dumb forwarder":

config dnsmasq
        option domainneeded '0'
        option boguspriv '0'
        option localise_queries '1'
        option rebind_protection '0'
        option rebind_localhost '1'
        option domain 'intranet'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        list interface 'aux'

Thanks everybody for your help!

shm0 · November 19, 2019, 10:27pm

The hostnames of the clients in the subnet of the main router?
You can use

list server '/intranet/<ip of main router>'
list server '<ip of other dns server>'

All requests for the intranet domain will be forwarded to your main routers dns server.
All other requests will be forwarded to other servers.
But I'm not sure if requests for the dhcp hostnames in the dump ap subnet then also get forwarded to the main routers dns server or if they have precedence,

Would be better to have dhcp managed also on the main router and use a relay.
So the local hostnames can be resolved on all networks.
With the above approach the clients in the main routers subnet can't resolve hostnames from the dump ap subnet.

But because you configured the dump ap dns server as dump forwarder it will make no difference.

But I'm glad you got it working.

system · November 29, 2019, 10:27pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.