Hi all,
Just joined this forum after days of research and trying out different methods suggested here.
I want to use dnsmasq to forward my clients requests to a specific DNS. This works fine with the following config:
uci set dhcp.@dnsmasq[0].noresolv='1'
uci set dhcp.@dnsmasq[0].server='x.x.x.x'
However, this causes my openwrt system to use the same DNS. see below:
-rw-r--r-- 1 root root 47 Aug 15 11:32 resolv.conf
drwxr-xr-x 2 root root 60 Aug 13 14:42 resolv.conf.d/
cat /tmp/resolv.conf
search lan
nameserver 127.0.0.1
nameserver ::1
cat /etc/resolv.conf
search lan
nameserver 127.0.0.1
nameserver ::1
cat /tmp/resolv.conf.d/resolv.conf.auto
nameserver 192.168.2.1
search lan
How do I force the system not to use dnsmasq, but to use the entry in /tmp/resolv.conf.d/resolv.conf.auto which is obtained via wan interface ?
UPDATE: it works if I just point /etc/resolv.conf to /tmp/resolv.conf.d/resolv.conf.auto , but what is the purpose of /tmp/resolf.conf then ? Need to understand what can break in this case. What would be the proper way of doing this?
You want your LAN clients to use a specific DNS server and not the routers DNSMasq (192.168.2.1)?
If so you might look into DNSMasq option 6, from my notes:
Option 6
DNSMasq by default sends the routers address as DNS server to your local LAN clients.
You can alter this with option 6 and send specific DNS server to use by your clients.
As your client now does the DNS query instead of DNSMasq the DNS query just follows the routing of the client, so if the client is routed via the VPN the DNS query will go out of the VPN.
Tagging options are set in /etc/config/dhcp
First you make a tag (in this case tag1) with the option and the DNS servers of choice.
Then you add clients (e.g. static leases) and assign a tag to these clients, Below an example of three clients.
It is possible to assign option 6 to a whole interface.
config tag 'tag1'
option dhcp_option '6,8.8.8.8,8.8.4.4'
config host
option name 'client1'
option mac '00:21:63:75:aa:17'
option ip '10.11.12.14'
option tag 'tag1'
config host
option name 'client2'
option mac '01:22:64:76:bb:18'
option ip '10.11.12.15'
option tag 'tag1'
by design the default owrt concept is the following:
dnsmasq is used as a caching dns service which provides local dns service for your lan clients and using the dns servers captured in option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' as upstream dns providers. latter file content is automatically generated, using dns servers defined by your ISP for example.
as you correctly pointing out there is also /etc/resolv.conf because owrt is a linux based solution and traditionally linux machines are using /etc/resolv.conf to define their dns upstream servers, in order owrt router as a linux machine to run for example opkg update / install or anything as a linux machine and not as proxy for your lan clients, will need a resolv.conf file. and again, by design, due to router's physical memory architecture things which can be auto-generated and or temporary are stored under /tmp which is a volatile storage. if you reboot your router /tmp will be flushed. hence /tmp/resolv.conf is auto-created and linked as /etc/resolv.conf.
the point with this setup, that owrt router as a linux machine will also use dnsmasq, so can access all lan clients by name, and also use the resolv.conf.auto upstream dns servers, by default. thus out-of-box both your lan clients and the owrt router itself can use dns service (by default whatever your ISP set) to reach internet hosts and access local machines by name.
of course, if you want to use something other than your ISP-defined dns upstream you can ignore them and use different ones.
Thanks everyone for your time and detailed replies.
So as far as I understand, I need to write a script in hotplug.d folder - after wan interface comes up it needs to read network config and get dns server obtained via wan dhcp, then put that server value/ip to /tmp/resolv.conf. Since /etc/resolv.conf points to /tmp/resolv.conf it should work?
The DHCP DNS IPs from wan should be picked up automatically.
But the router doesn't really need DNSes, for the clients to have working internet access, they're mostly used for ntp sync (unless you use IPs), and package installation.
uci set dhcp.@dnsmasq[0].localuse='0'
uci commit dhcp
Then reboot. During boot, /tmp/resolv.conf will be linked to /tmp/resolv.conf.d/resolv.conf.auto, and /etc/init.d/dnsmasq will no longer re-write it with 127.0.0.1.
thank you grrr:) my case was 2) I didnt want my system to talk to dnsmasq, because dnsmasq will be used for clients only to point them to a specific local dns server in the network.
Also, dhcp option to delegate the exact ip to the clients wasn't my preferred solution as I didnt eant the clients to see what is going on in the background, so their DNS is just their local router.