Hi,
I have configured unbound and odhcp according to the documentation:
# cat /etc/config/unbound
config unbound
option dns64 '0'
option edns_size '1280'
option extended_stats '0'
option hide_binddata '1'
option localservice '1'
option manual_conf '0'
option num_threads '1'
option protocol 'default'
option rebind_localhost '0'
option rebind_protection '1'
option recursion 'default'
option resource 'default'
option root_age '9'
option ttl_min '120'
option verbosity '1'
option enabled '1'
option validator '1'
option unbound_control '1'
option listen_port '53'
option dhcp4_slaac6 '1'
option domain 'home.lan'
option add_local_fqdn '1'
option add_extra_dns '1'
option domain_type 'static'
option validator_ntp '1'
option dhcp_link 'odhcpd'
option add_wan_fqdn '1'
list trigger_interface 'lan'
list trigger_interface 'wan'
# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option domain 'home.lan'
option local '/home.lan/'
option dnssec '1'
option port '1053'
config odhcpd 'odhcpd'
option maindhcp '1'
option leasefile '/var/lib/odhcpd/dhcp.leases'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
option loglevel '4'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
list dhcp_option '6,192.168.1.1'
option dns '192.168.1.1'
option domain 'home.lan'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '1h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
list dhcp_option '6,192.168.2.1'
option dns '192.168.2.1'
option domain 'home.lan'
config host
option name 'nas'
option mac 'XX:XX:XX:XX:XX:XX'
option ip '192.168.1.10'
option dns '1'
One of the nice advantages over dnsmasq is that odhcp seems to have no problem with devices with multiple IP address on the same network (e.g. a laptop connected on both wired and wireless, or a server with multiple network cards). With dnsmasq, Luci shows a hostname for only one of the IP addresses. The others just shows up as a "-", which is annoying to identify which devices are connected. And unbound also nicely returns all IP addresses when doing DNS lookups. Great!
But I'm also having some issues:
When trying to uninstall (instead of just disabling dnsmasq), I can no longer configure static DHCP leases in Luci because the "DHCP and DNS" page is completely gone. But odhcp also uses the same settings. I can still configure static leases manually (editing /etc/config/dhcp or uci command-line), but that's less convenient.
Static DHCP leases are only resolved by unbound while the lease is active. With dnsmasq they seem to be available permanently, even if there is no active lease at the moment. Usually this isn't a problem, except in cases where the lease information is not up-to-date. For example if the router is rebooted after installing updates, some devices do not request a new IP address because they still have a valid lease. But that means their hostname does not resolve anymore until the release is renewed (up to 12h in my configuration).
There is the unbound add_extra_dns=1
option, but it doesn't seem to take into account uci host
entries, only domain
entries. But that means I have to enter all static hosts twice: a host
entry for the static DHCP lease, and another identical domain
entry for the DNS. That's not very practical, especially because the host entries already have the dns=1 option, to indicate they should be entered into dns.
The hostname of the router itself does not seem to resolve at all. I have configured 'router' as hostname, but a DNS query for router.home.lan fails with NXDOMAIN:
$ dig a router.home.lan
; <<>> DiG 9.11.5-P4-5.1ubuntu2.2-Ubuntu <<>> a router.home.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36181
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;router.home.lan. IN A
;; AUTHORITY SECTION:
home.lan. 7200 IN SOA localhost. nobody.invalid. 26528266 3600 1200 9600 300
;; Query time: 4 msec
;; SERVER: fd81:631b:716f:10::1#53(fd81:631b:716f:10::1)
;; WHEN: di jun 09 11:53:35 CEST 2020
;; MSG SIZE rcvd: 103
With the DDNS name of the router I have a similar problem. A DNS query returns an empty response with no A record at all:
$ dig a ddns.domain.tld
; <<>> DiG 9.11.5-P4-5.1ubuntu2.2-Ubuntu <<>> a ddns.domain.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16933
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;ddns.domain.tld. IN A
;; Query time: 32 msec
;; SERVER: fd81:631b:716f:10::1#53(fd81:631b:716f:10::1)
;; WHEN: di jun 09 11:46:32 CEST 2020
;; MSG SIZE rcvd: 51
dnsmasq returns the correct result:
$ dig -p1053 a ddns.domain.tld
; <<>> DiG 9.11.5-P4-5.1ubuntu2.2-Ubuntu <<>> -p1053 a ddns.domain.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29189
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ddns.domain.tld. IN A
;; ANSWER SECTION:
ddns.domain.tld. 268 IN A A.B.C.D
;; Query time: 5 msec
;; SERVER: fd81:631b:716f:10::1#1053(fd81:631b:716f:10::1)
;; WHEN: di jun 09 11:50:35 CEST 2020
;; MSG SIZE rcvd: 67
This is a major issue for me. It also cause trouble for updating the DDNS record. I assume that's because the ddns-script can't check the current IP address. The strange thing is that this problem doesn't happen all the time.
Jef