Having two local networks br-lan and br-guest (latter Wi-Fi only), each having their own subnet (192.168.x.0, 192.168.y.0) and dnsmasq instance (LAN_DNS, GUEST_DNS), OpenWRT adds 'addn-hosts=/tmp/hosts'
(directory) to both '/var/etc/dnsmasq.conf.lan_dns'
and '/var/etc/dnsmasq.conf.guest_dns'
config files. The '/tmp/hosts'
directory contains both 'dhcp.lan_dns'
and 'dhcp.guest_dns'
, each containing the local IPv4 address of the router and hostname (192.168.x.0 hostname, 192.168.y.0 hostname). This means that the router's lan subnet address is exposed to guest users.
It would be better (and more secure) that OpenWRT adds 'addn-hosts=/tmp/hosts/dhcp.lan_dns'
to '/var/etc/dnsmasq.conf.lan_dns'
and 'addn-hosts=/tmp/hosts/dhcp.guest_dns'
to '/var/etc/dnsmasq.conf.guest_dns'
in stead of 'addn-hosts=/tmp/hosts'
to both config files.
No, it only means that the dns entries are discoverable. If your firewall is set properly, there is no access possible from the guest network to the lan.
Yes the dns entries are recoverable from the other, separated, network. They should not be ideally. My firewall is set properly.
Nonetheless, I think my suggestion is more clean. I have two fully separated networks and hence two dnsmasq instances, for every network one. Then it is a bit weird that their combined hosts are shared among both networks.
No big problem either. But just to make it more logical and sincere.
There are only 64K addresses within the whole 192.168.0.0/16 network segment... Even if the router is exposing the existence of such addresses, it is not giving any practical info.
Using 192.168.0.0/24 network makes 256.
But not kidding. It is not big problem but it is not logical to have separated networks each running their own dnsmasq instance and then share their hosts.
Is just more logical, clean and sincere not to share each other's hosts. I think my suggestion makes sense, although I admit is not very urgent.
It is a just a feature request that makes sense.