Hi...
I need to use my ISP DNS server(s) for my lan voip client, otherwise it doesn't register my number.
But i dont want to use the ISP DNS server for the rest of my network.
Can i setup a specific DNS server per host ? If yes where and how ?
With tomato fw i could do it like this (dnsmasq custom config, GUI):
Well for the moment it's fixed via "DNS forwardings"...
If i understand it correctly im using the hostname of my SIP registrar/proxy and forward it with my isp DNS server.
DNS forwardings: /sip.host.name/XX.XX.XX.XX
(XX=isp DNS server ip)
My voip client is now able to register the number.
But i'm still wondering if there is (better) way to force my voip client to use my ISP DNS server(s) without changing my custom DNS servers for my other clients.
Please let me know if anyone has another/better solution...
It's another router and already tried to set up the DNS servers within the router but it didn't work out.
Could be because "Rebind protection" is active in my Lede setup.
I will try to set "list 'dhcp_option' '6,dns-server-ip'" under my "config host" for the voip client.
config host
option name 'Voip-client'
option dns '1'
option mac '00:00:00:00:00:00'
option ip '192.168.10.10'
option leasetime 'infinite'
list 'dhcp_option' '6,123.456.789.10'
Not sure if i even understand the config part... at least DNS forwardings are working out so far.
If the 2nd router is connected to the LAN ports of the WAN facing router, Rebind Protection, along with several other DHCP options, should be disabled.
For example, my LEDE router is configured as a smart switch with no WAN, and here's my /etc/config/dhcp
@Kherby - I wonder if you would be be better served by running VLANs. With a dedicated VLAN for your VOIP network vs your regular LAN (and maybe other VLANs for guest, IoT, etc.), you can set the DHCP servers to hand out whatever DNS servers you want on a per-VLAN basis, making it easier than trying to map it out per-host.
Not only does the VOIP VLAN give you the DHCP server flexibility, it also provides these other benefits (and more):
QoS - you can set quality of service/traffic shapers to give high priority to your VOIP network, reducing dropouts/delays and other issues that are much less tolerable on a real-time voice call than typical internet activities (including streaming audio/video which have features designed to handle network congestion and out of order packets, etc.).
LAN isolation - aside from the general QoS considerations, isolating your VOIP will reduce any issues that a high traffic LAN might create, given that there can be a lot of broadcast traffic in a given subnet.
Thanks for the suggestions but i forgot to mention that i'm using two smartphones over wlan as normal telephones via an app with the voip router.
So i think a VOIP VLAN wouldn't work out for me as they have to be on the same bridge to work.
And to be honest i don't even understand the vlan config with my WRT 3200acm...
I use SQM QoS Cake - Layer_Cake at the moment and as far as I can tell have no voip problems.
Which QoS service would u suggest to use for VOIP ?
I've figured out how to setup VLANs with my router but i still got my VOIP-Router within my private local LAN for the above reason (smartphone app).
I could change this if I figure out how to use the smartphone app while the voip-router is in its own(different) VLAN, maybe it could be done via iptables if always the same port(s) are being used for the voip app.
I've also started to use dnscrypt-proxy...
So far my tests are showing that their are no DNS leaks in my local LAN(Wifi+Guest), NTP is working and my voip router is still able to register my sip number.
All done via dnsmasq config.
option localservice '1'
option noresolv '1'
option allservers '1'
list server '127.0.0.1#5353'
list server '127.0.0.1#5454'
list server '/pool.ntp.org/8.8.8.8'
list server '/sip.voip-reg/ISP.DNS.SERVER.IP'
list server '/sip.voip-reg/ISP.DNS.SERVER.IP2'
So my next adventure would be TR-064 via Wifi over another VLAN, if it is even possible.
Anyway, I will mark my actual problem as solved but I am still open to any hint !!
For the VLAN question, one way it could be done is through OpenVPN [there may be other, and better, ways], as OpenVPN for Android [Apple likely has an equivalent] allows one to specify what apps' traffic should be pushed through the VPN.
If you did it this way, the VPN for VOIP only could be configured with no encryption, limiting it's access to the ports needed, allowing access to the Router's LAN IP, while preventing access to all other LAN devices [except for the IP of the phone].
If your phone is Android and rooted, you could compliment the above by installing AFWall+, limiting the VOIP app to a VPN connection only.