Proper way to disable DHCP and DNS servers completely

zorxd · August 21, 2018, 4:04pm

Hello

What is the proper (ideally UCI) way of completely disabling DHCP and DNS servers that will survive accross updates?

Currently I have to manually remove /etc/resolv.conf and create a symlink pointing to /tmp/resolv.conf.auto instead of /tmp/resolv.conf otherwise dns resolution fails.

I also I have to perform
/etc/init.d/dnsmasq disable
/etc/init.d/odhcpd disable

even though I think I disabled everything through /etc/config/dhcp

config dnsmasq
        option domain ''
        option port 0

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

thanks.

lleachii · August 21, 2018, 3:27pm

You could uninstall them...or better yet, make a custom firmware without them included.

Are you asking they not serve DHCP and DNS, or to stop the process from running completely?

If you settings are correct and saved, they should survive.

zorxd · August 21, 2018, 3:31pm

Ideally I would stop the processes from running since I don't need them.
I don't want to create a custom firmware just for that. I don't think uninstalling is worthwhile since they will be reinstalled after every update and no space will be saved. Plus I might need them one day.

The thing bugging me the most is the resolv.conf thing. It could almost be considered a bug that DNS resolution fails by default with the provided /etc/config/dhcp even though valid DNS servers are received by the DHCP client.

lleachii · August 21, 2018, 3:35pm

How do you stop DHCP; but still get DNS addresses handed out via a DHCP server?

This shouldn't be the case...unless you're resolving LAN addresses!

zorxd · August 21, 2018, 3:40pm

I stop DHCP server. I keep the DHCP client running. They are not the same processes or configuration files.
Typical access point (not router) configuration.

I am trying to ping google.com from the openwrt device and it fails unless I do the resolv.conf hack described above. By default openwrt uses 127.0.0.1 as its DNS server. Obviously it fails in my case.

lleachii · August 21, 2018, 3:43pm

I'm lost...

Are you talking about on the router, or on LAN clients???

On the router: You cannot ping a domain name from the server, since you've stopped the DNS server at 127.0.0.1. You will need to assign DNS servers to another interface, and specify that interface when testing ping, downloads, etc.

On LAN clients: you will have to statically address them. Use a Public DNS server, do not use 127.0.0.1, this is a Loopback Address and means "this host."

zorxd · August 21, 2018, 3:52pm

On the openwrt router, which I am configuring as a non-router, WiFi to Ethernet access-point / bridge only.

It works fine AFTER I make the resolv.conf hack. I was asking is there was a proper way of doing that with the UCI configuration system, that would survive across updates.

All my LAN clients work fine since they get their DHCP lease from another server.

anomeome · August 21, 2018, 3:57pm

dumbap

zorxd · August 21, 2018, 4:03pm

thanks, but with this configuration the dumb AP itself isn't able to ping google.com (or to resolv any other DNS), as /etc/resolv.conf points to the wrong file

anomeome · August 21, 2018, 4:06pm

Sure it does, it still has its dhcp client running, and picks things up from a dhcp server. At least my dumbap does that for me.

zorxd · August 21, 2018, 4:06pm

it does but it writes the DNS servers received by the DHCP client to /tmp/resolv.conf.auto

and /etc/resolv.conf points to /tmp/resolv.conf which contains 127.0.0.1 only. So it doesn't work.

lleachii · August 21, 2018, 4:10pm

But you just said you want this turned off!

You do understand that Dnsmasq does both DHCP and DNS?

Your hack will not work once you succeed in disabling Dnsmasq. You have to properly assign an outside DNS for your router to use.

jow · August 21, 2018, 4:17pm

Hmm... /etc/init.d/boot is supposed to do this on every startup:

ln -sf /tmp/resolv.conf.auto /tmp/resolv.conf

Later, in the dnsmasq init script, the following happens on start:

1004         [ "$resolvfile" = "/tmp/resolv.conf.auto" ] && {
1005                 rm -f /tmp/resolv.conf
1006                 [ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && {
1007                         echo "search $DOMAIN" >> /tmp/resolv.conf
1008                 }
1009                 DNS_SERVERS="$DNS_SERVERS 127.0.0.1"
1010                 for DNS_SERVER in $DNS_SERVERS ; do
1011                         echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf
1012                 done
1013         }

and on /etc/init.d/dnsmasq stop, the following is supposed to happen (basically revert to the /e/i/boot state):

1034         #relink /tmp/resolve.conf only for main instance
1035         [ "$resolvfile" = "/tmp/resolv.conf.auto" ] && {
1036                 [ -f /tmp/resolv.conf ] && {
1037                         rm -f /tmp/resolv.conf
1038                         ln -s "$resolvfile" /tmp/resolv.conf
1039                 }
1040         }

So at least the case of a disabled dnsamsq init script should work after a clean boot. I agree however that this would be no pure uci solution as the disable state is not yet conveyed in sysupgrades.

My attempt to shutdown dnsmasq uci-wise would be the following:

config dnsmasq
  ...
  option port 0  # upstream suggested way to disable DNS service
  option resolvfile /dev/null  # stop mangling the /tmp/resolv.conf -> /tmp/resolv.conf.auto symlink
  option nonwildcard 1  # stop listening on 0.0.0.0
  list interface lo  # only listen on loopback to get rid of DHCP service
  ...

zorxd · August 21, 2018, 5:11pm

thanks jow

I tried /etc/init.d/dnsmasq stop and it didn't restore a link between /tmp/resolv.conf and /tmp/resolv.conf.auto. They were still two different standard files, so there might be a bug there or something in my configuration was preventing the link to be restored.
However with your suggested configuration lines, after reboot the link is there (probably because of /etc/init.d/boot).

I still disable dnsmasq and odhcpd, which I don't need. But at least now even if I forget to disable them and change the /etc/resolv.conf symlink after an OS upgrade, my device is still able to resolve DNS now.

danielo515 · January 21, 2021, 10:48am

Wow, I don't understand how disabling the DHCP server it's so hard. On every comercial router all you have to do is flip a switch and let your own DHCP server do it's work.
Is this still the case? I don't want DNS or DHCP now on the router, but I want it to route and switch. Is this the only option today?

trendy · January 21, 2021, 12:05pm

System->Startup
Stop and Disable dnsmasq and odhcpd