Dnsmasq on OpenWrt 18.06.1

radomir · September 16, 2018, 6:33pm

Hi. I have been using openWRT for years. After latest upgrade for 18.06.1 I lost DHCP support in LAN and DNS don't work not only in LAN but on localhost also. I know uci show dhcp

uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].nonwildcard='0'
dhcp.@dnsmasq[0].domain='doma'
dhcp.@dnsmasq[0].dnssec='1'
dhcp.@dnsmasq[0].filterwin2k='1'
dhcp.@dnsmasq[0].rebind_protection='0'
dhcp.@dnsmasq[0].local='doma'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='256'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.@host[0]=host
dhcp.@host[0].name='dnopytle'
dhcp.@host[0].dns='1'
dhcp.@host[0].mac='70:85:c2:0a:c8:e9'
dhcp.@host[0].ip='10.0.0.10'
dhcp.@host[0].hostid='aa10'
dhcp.@host[1]=host
dhcp.@host[1].name='carbon'
dhcp.@host[1].dns='1'
dhcp.@host[1].mac='18:5e:0f:ca:38:52 54:ee:75:83:45:34'
dhcp.@host[1].ip='10.0.0.19'
dhcp.@host[1].hostid='aa19'
dhcp.@host[2]=host
dhcp.@host[2].name='gondor'
dhcp.@host[2].dns='1'
dhcp.@host[2].mac='f4:6d:04:d8:36:f1'
dhcp.@host[2].ip='10.0.0.1'
dhcp.@host[2].hostid='aa01'
dhcp.@host[3]=host
dhcp.@host[3].name='rohan'
dhcp.@host[3].mac='00:23:8b:80:fb:93 00:22:FA:2B:09:A6'
dhcp.@host[3].ip='10.0.0.16'
dhcp.@host[3].hostid='aa16'
dhcp.@host[4]=host
dhcp.@host[4].name='samtablet'
dhcp.@host[4].mac='68:05:71:6a:98:38'
dhcp.@host[4].ip='10.0.0.22'
dhcp.@host[4].hostid='aa22'
dhcp.@host[5]=host
dhcp.@host[5].name='capitanpicard'
dhcp.@host[5].mac='5c:93:a2:d0:44:92 d0:bf:9c:dd:39:89'
dhcp.@host[5].ip='10.0.0.23'
dhcp.@host[5].hostid='aa23'
dhcp.@host[6]=host
dhcp.@host[6].name='noraza'
dhcp.@host[6].mac='d0:bf:9c:5e:c7:28 ac:d1:b8:2d:59:a1'
dhcp.@host[6].ip='10.0.0.26'
dhcp.@host[6].hostid='aa26'

but DHCP Discover dont work

sudo nmap --script broadcast-dhcp-discover
Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-16 20:18 CEST
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 10.42 seconds

DNS ports seem to be open

sudo nmap -sU 10.0.0.140                  
Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-16 19:20 CEST
Nmap scan report for 10.0.0.140
Host is up (0.00036s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
53/udp  open  domain
123/udp open  ntp
$ nmap 10.0.0.140
Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-16 18:32 CEST
Nmap scan report for 10.0.0.140
Host is up (0.00042s latency).
Not shown: 997 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
53/tcp open  domain
80/tcp open  http

but no answer (from server)

nslookup www.google.com
Server:         10.0.0.140
Address:        10.0.0.140#53

** server can't find www.google.com: REFUSED

from router

root@router:~# nslookup www.google.com
;; connection timed out; no servers could be reached

as DNS is dont work, opkg dont work either, and additional packages can not be installed. As i.e. tcpdump to know what goes through interfaces.

root@router:~# opkg install tcpdump
Unknown package 'tcpdump'.
Collected errors:
 * opkg_install_cmd: Cannot install package tcpdump.

How to solve problem? (local workstation with static IP and resolv.conf to public DNS work. odhcpd and IPv6 work.)

radomir · September 16, 2018, 6:36pm

Oh, and system is:

Hostname|router|
|Model|TP-Link TL-WDR4300 v1|
|Architecture|Atheros AR9344 rev 2|
|Firmware Version|OpenWrt 18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152)|
|Kernel Version|4.9.120|

lleachii · September 16, 2018, 6:42pm

Where did you do these lookups?
On the router?
The machine that doesn't have DHCP?

Please provide the entire copy.

hnyman · September 16, 2018, 6:43pm

Look at you system log for dnsmasq entries. Possibly there is complaint about invalid settings and dnsmasq has not start at all. Then DNS and DHCP would not work.

You did not show anything about your network config (subnet, netmask etc.), so this is somewhat guess: default subnet is just x.x.x.(0-255), and you start dhcp pool from .256. That will work if you have set a larger subnet, but is invalid with the default settings.

Default dhcpstart is 100 and limit 150, so that the default dhcp range is (.100-.250)

EDIT:
example of log entries:

root@router1:~# logread | grep dnsmasq
Sun Sep 16 17:39:23 2018 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Sun Sep 16 17:39:23 2018 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Sun Sep 16 17:39:24 2018 daemon.info dnsmasq[1086]: started, version 2.80test3 cachesize 1000
Sun Sep 16 17:39:24 2018 daemon.info dnsmasq[1086]: DNS service limited to local subnets
Sun Sep 16 17:39:24 2018 daemon.info dnsmasq[1086]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Sun Sep 16 17:39:24 2018 daemon.info dnsmasq[1086]: using local addresses only for domain test

And the running process shown in "ps":

root@router1:~# ps | grep dnsmasq
 3538 dnsmasq   1272 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid

radomir · September 16, 2018, 7:02pm

directly from openWRT

root@router:~# nslookup www.google.com
;; connection timed out; no servers could be reached

that on localhost interface is no reply.
and from worstation with static IP

$ nslookup www.google.com
Server:         10.0.0.140
Address:        10.0.0.140#53

** server can't find www.google.com: REFUSED

IP 10.0.0.140 is LAN interface of an openWRT router.

lleachii · September 16, 2018, 7:09pm

Is it also the router for the network?
Please provide network config (/etc/config/network), as @hnyman noted

radomir · September 16, 2018, 7:23pm

Very thanks. Yes server did not start.

Sun Sep 16 21:10:41 2018 daemon.crit dnsmasq[12931]: cannot read /usr/share/dnsmasq/trust-anchors.conf: No such file or directory
Sun Sep 16 21:10:41 2018 daemon.crit dnsmasq[12931]: FAILED to start up

Poll is OK. I have 10.0.0.0/16 in local net. 10.0.0.x are static address and 10.0.1.x dynamic.

radomir · September 16, 2018, 7:28pm

/etc/config/network

cat /etc/config/network 

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ip6assign '60'
        option _orig_ifname 'eth0.1 wlan0 wlan1'
        option _orig_bridge 'true'
        option ipaddr '10.0.0.140'
        option ifname 'eth0.1'
        option netmask '255.255.0.0'

config interface 'wan'
        option ifname 'eth0.2'
        option _orig_ifname 'eth0.2'
        option _orig_bridge 'false'
        option proto 'dhcp'
        option auto '0'

config interface 'wan6'
        option ifname '@wan_vdsl'
        option _orig_ifname '@wan_vdsl'
        option _orig_bridge 'false'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option peerdns '0'
        option dns '2606:4700:4700::1111 2606:4700:4700::1001'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 3 4 5'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 1'

config interface 'wan_vdsl'
        option ifname 'eth0.2'
        option _orig_ifname 'eth0.2'
        option _orig_bridge 'false'
        option proto 'pppoe'
        option username 'adsl'
        option password 'adsl'
        option peerdns '0'
        option dns '1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001'
        option ipv6 'auto'

config interface 'bridge'
        option proto 'dhcp'
        option ifname 'eth0.2'
        option auto '0'

(wan and bridge are the same and are disabled. I will use it to access to VDSL modem in bridge mode. )

radomir · September 16, 2018, 7:29pm

yes. It is default gateway.

radomir · September 16, 2018, 7:33pm

When I create trust-anchors.conf from https://github.com/imp/dnsmasq/blob/master/trust-anchors.conf server did not start either. Error:

Sun Sep 16 21:13:58 2018 daemon.crit dnsmasq[13231]: FAILED to start up
Sun Sep 16 21:16:58 2018 daemon.crit dnsmasq[13455]: unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support) at line 6 of /usr/share/dnsmasq/trust-anchors.conf

hnyman · September 16, 2018, 7:42pm

How about using a correct variant of dnsmasq...

You are apparently using DNSsec settings, but have installed the vanilla dnsmasq that does not support dnssec, so your config is invalid.

EDIT:
example of the default compile options can be seen from my log example:

Sun Sep 16 17:39:24 2018 daemon.info dnsmasq[1086]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile

radomir · September 16, 2018, 7:58pm

Great. Thank you. Setting dnssec='0' made a server start. I expect that dnsmasq-full will be able to work with dnssec option.

system · September 26, 2018, 7:58pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.