[Solved] How do I set up the ISP DNS server per host for VOIP registration of a client?

Kherby · December 10, 2017, 4:41am

Hi...
I need to use my ISP DNS server(s) for my lan voip client, otherwise it doesn't register my number.
But i dont want to use the ISP DNS server for the rest of my network.
Can i setup a specific DNS server per host ? If yes where and how ?

With tomato fw i could do it like this (dnsmasq custom config, GUI):

dhcp-mac=set:altdns,XX:XX:XX:XX:XX:XX
dhcp-option=tag:altdns,option:dns-server,xx.xx.xx.x,xx.xx.xx.xx

Please help me !

"Edit, Solution"

dnsmasq config:
list server '/sip.provider-voip-registrar/ISP.DNS.SERVER.IP'
list server '/sip.provider-voip-registrar/ISP.DNS.SERVER.IP2'

or via GUI (Network >> DHCP and DNS >> DNS forwardings):
/sip.provider-voip-registrar/ISP.DNS.SERVER.IP
/sip.provider-voip-registrar/123.456.789.10

Kherby · December 10, 2017, 5:24am

Well for the moment it's fixed via "DNS forwardings"...
If i understand it correctly im using the hostname of my SIP registrar/proxy and forward it with my isp DNS server.

DNS forwardings: /sip.host.name/XX.XX.XX.XX
(XX=isp DNS server ip)

My voip client is now able to register the number.
But i'm still wondering if there is (better) way to force my voip client to use my ISP DNS server(s) without changing my custom DNS servers for my other clients.

Please let me know if anyone has another/better solution...

JW0914 · December 10, 2017, 1:46pm

You'll configure it via /etc/config/dhcp, see DHCP Pools under DHCP Configuration.

With LEDE, all hyphens need to be changed to underscores (i.e. dhcp_option in lieu of dhcp-option)
You may also need to refer to the DNSmasq manpage for explanations of certain option formats

If it's a desktop, you can also change the DNS on the PC itself (not convenient if it's a laptop)

Kherby · December 10, 2017, 5:19pm

It's another router and already tried to set up the DNS servers within the router but it didn't work out.
Could be because "Rebind protection" is active in my Lede setup.

I will try to set "list 'dhcp_option' '6,dns-server-ip'" under my "config host" for the voip client.

config host
option name 'Voip-client'
option dns '1'
option mac '00:00:00:00:00:00'
option ip '192.168.10.10'
option leasetime 'infinite'
list 'dhcp_option' '6,123.456.789.10'

Not sure if i even understand the config part... at least DNS forwardings are working out so far.

JW0914 · December 10, 2017, 5:37pm

If the 2nd router is connected to the LAN ports of the WAN facing router, Rebind Protection, along with several other DHCP options, should be disabled.

For example, my LEDE router is configured as a smart switch with no WAN, and here's my /etc/config/dhcp

#

    ##::[[---  LEDE LAN DHCP Config  ---]]::##

####################################################
             ##----- DNS Server -----##
####################################################

    # DNS Masq #
#---------------------------------------------------
config dnsmasq
    option  domain                  'WRT'
    option  local                   '/lan/'
    option  leasefile               '/tmp/dhcp.leases'
    option  resolvfile              '/tmp/resolv.conf.auto'
    option  localise_queries        1
    option  readethers              1
    option  localservice            1
    option  logquerries             1
    option  domainneeded            1
    option  filterwin2k             0
    option  authoritative           0
    option  rebind_protection       0
    option  sequential_ip           1
    option  nonwildcard             0

####################################################
           ##----- oDHCPd Server -----##
####################################################

    # oDHCPd #
#---------------------------------------------------
config odhcpd 'odhcpd'
    option  maindhcp            0
    option  leasefile           '/tmp/hosts/odhcpd'
    option  leasetrigger        '/usr/sbin/odhcpd-update'
    option  loglevel            4

####################################################
           ##----- DHCP Settings -----##
####################################################

psherman · December 10, 2017, 10:13pm

@Kherby - I wonder if you would be be better served by running VLANs. With a dedicated VLAN for your VOIP network vs your regular LAN (and maybe other VLANs for guest, IoT, etc.), you can set the DHCP servers to hand out whatever DNS servers you want on a per-VLAN basis, making it easier than trying to map it out per-host.

JW0914 · December 10, 2017, 10:25pm

That's how VOIP configurations should be done.

psherman · December 10, 2017, 11:05pm

Not only does the VOIP VLAN give you the DHCP server flexibility, it also provides these other benefits (and more):

QoS - you can set quality of service/traffic shapers to give high priority to your VOIP network, reducing dropouts/delays and other issues that are much less tolerable on a real-time voice call than typical internet activities (including streaming audio/video which have features designed to handle network congestion and out of order packets, etc.).

LAN isolation - aside from the general QoS considerations, isolating your VOIP will reduce any issues that a high traffic LAN might create, given that there can be a lot of broadcast traffic in a given subnet.

Kherby · December 11, 2017, 1:58am

Thanks for the suggestions but i forgot to mention that i'm using two smartphones over wlan as normal telephones via an app with the voip router.
So i think a VOIP VLAN wouldn't work out for me as they have to be on the same bridge to work.
And to be honest i don't even understand the vlan config with my WRT 3200acm...

I use SQM QoS Cake - Layer_Cake at the moment and as far as I can tell have no voip problems.
Which QoS service would u suggest to use for VOIP ?

Kherby · December 15, 2017, 10:52am

I've figured out how to setup VLANs with my router but i still got my VOIP-Router within my private local LAN for the above reason (smartphone app).
I could change this if I figure out how to use the smartphone app while the voip-router is in its own(different) VLAN, maybe it could be done via iptables if always the same port(s) are being used for the voip app.

For now all i know is that the Phone/Voip app is using TR-064 protocol to connect to the router and recieve calls (Ports 49000/49443).
See: https://github.com/openhab/openhab1-addons/wiki/FritzBox-TR064-Binding

I've also started to use dnscrypt-proxy...
So far my tests are showing that their are no DNS leaks in my local LAN(Wifi+Guest), NTP is working and my voip router is still able to register my sip number.

All done via dnsmasq config.

        option localservice '1'
	option noresolv '1'
	option allservers '1'
	list server '127.0.0.1#5353'
	list server '127.0.0.1#5454'
	list server '/pool.ntp.org/8.8.8.8'
	list server '/sip.voip-reg/ISP.DNS.SERVER.IP'
	list server '/sip.voip-reg/ISP.DNS.SERVER.IP2'

So my next adventure would be TR-064 via Wifi over another VLAN, if it is even possible.

Anyway, I will mark my actual problem as solved but I am still open to any hint !!

JW0914 · December 15, 2017, 2:39pm

For the VLAN question, one way it could be done is through OpenVPN [there may be other, and better, ways], as OpenVPN for Android [Apple likely has an equivalent] allows one to specify what apps' traffic should be pushed through the VPN.

If you did it this way, the VPN for VOIP only could be configured with no encryption, limiting it's access to the ports needed, allowing access to the Router's LAN IP, while preventing access to all other LAN devices [except for the IP of the phone].
- If your phone is Android and rooted, you could compliment the above by installing AFWall+, limiting the VOIP app to a VPN connection only.