DNS with dd-wrt
written by Ian McCracken
at Sunday, January 11, 2009
I'd been running
When my router died a few weeks ago, I got another, and of course immediately flashed it with dd-wrt; this time around, however, I noticed the DNSMasq options. dd-wrt can use DNSMasq as an alternative to dhcpd. I looked into it. Suffice it to say, I got my local DNS working perfectly for the first time (after some Googling; the docs weren't terribly helpful to a networking novice like me). Multiple search domains, DNS forwarding, everything. Here's what I did.
I have eight boxes locally—a server, two MacBooks, an Apple TV, and four VMs serving as my Zenoss VPN gateway, torrent server (also a VPN gateway, to another endpoint), CentOS dev box, and Zenoss server. Local domain is "mcb.loc", but I also interact extensively with the "zenoss.loc" domain, resolution requests for which I need forwarded through the Zenoss VPN connection to another DNS server.
First, I set up all my static DHCP leases—the last time I changed my subnet I cursed myself for having my boxes set their own IPs. That's done under the "Services" tab in dd-wrt. Next, I checked "Use DNSMasq for DHCP" and "Unse DNSMasq for DNS" and added my router's IP as "Local DNS", all under the "Setup" tab.
Routing was set up so that appropriate traffic would go through the VPN gateways (see how to do that here and here).
Then it was time for the DNSMasq setup. As I said before, docs were somewhat minimal and geared towards people not me. Several directives needed to be added to the "Additional DNSMasq Options" box under the "Services" tab. First, the easy ones:
These set up my local domain and tell it to treat requests to, for example, "iansmbp" as "iansmbp.mcb.loc". This got me halfway there. DNSMasq adds hostnames defined under the static leases section to DNS automatically, so local DNS was working perfectly. I still needed to add "zenoss.loc" as a search domain and have it forward requests to the remote DNS server. This was pretty difficult to find via Google, at least under the search terms I thought were appropriate at the time, but eventually I got it:
That forwards all "zenoss.loc" lookups to the IP specified, which is the Zenoss DNS over the VPN.
That was the part that was hard to find, because it isn't a default DNSMasq option. That sets the search domains for the resolv.conf of DHCP clients.
At this point, I renewed leases on my assorted boxes and was good to go! Way less effort than setting up bind, which is overkill for my needs anyway. I have yet to have an issue with this setup.
bind
on a local server for some time, and was using that to forward DNS requests through my assorted VPN tunnels; but it never worked properly, and I had to set search domains in /etc/resolv.conf
manually on all my boxes. I felt this was stupid. I felt that strongly. When my router died a few weeks ago, I got another, and of course immediately flashed it with dd-wrt; this time around, however, I noticed the DNSMasq options. dd-wrt can use DNSMasq as an alternative to dhcpd. I looked into it. Suffice it to say, I got my local DNS working perfectly for the first time (after some Googling; the docs weren't terribly helpful to a networking novice like me). Multiple search domains, DNS forwarding, everything. Here's what I did.
I have eight boxes locally—a server, two MacBooks, an Apple TV, and four VMs serving as my Zenoss VPN gateway, torrent server (also a VPN gateway, to another endpoint), CentOS dev box, and Zenoss server. Local domain is "mcb.loc", but I also interact extensively with the "zenoss.loc" domain, resolution requests for which I need forwarded through the Zenoss VPN connection to another DNS server.
First, I set up all my static DHCP leases—the last time I changed my subnet I cursed myself for having my boxes set their own IPs. That's done under the "Services" tab in dd-wrt. Next, I checked "Use DNSMasq for DHCP" and "Unse DNSMasq for DNS" and added my router's IP as "Local DNS", all under the "Setup" tab.
Routing was set up so that appropriate traffic would go through the VPN gateways (see how to do that here and here).
Then it was time for the DNSMasq setup. As I said before, docs were somewhat minimal and geared towards people not me. Several directives needed to be added to the "Additional DNSMasq Options" box under the "Services" tab. First, the easy ones:
local=/mcb.loc/
expand-hosts
These set up my local domain and tell it to treat requests to, for example, "iansmbp" as "iansmbp.mcb.loc". This got me halfway there. DNSMasq adds hostnames defined under the static leases section to DNS automatically, so local DNS was working perfectly. I still needed to add "zenoss.loc" as a search domain and have it forward requests to the remote DNS server. This was pretty difficult to find via Google, at least under the search terms I thought were appropriate at the time, but eventually I got it:
server=/zenoss.loc/10.175.211.10
That forwards all "zenoss.loc" lookups to the IP specified, which is the Zenoss DNS over the VPN.
dhcp-option=15,"zenoss.loc mcb.loc"
That was the part that was hard to find, because it isn't a default DNSMasq option. That sets the search domains for the resolv.conf of DHCP clients.
At this point, I renewed leases on my assorted boxes and was good to go! Way less effort than setting up bind, which is overkill for my needs anyway. I have yet to have an issue with this setup.
January 11, 2009 at 2:24 PM
Goddamnit do I miss your writing. How about returning from time to time to subjects that aren't programming?
September 5, 2012 at 7:55 PM
hey, old post but it helped me sort things out. i was a few hours away from setting bind up to be my caching server and then i saw this and its much easier. thanks.
October 30, 2015 at 11:23 AM
Still relevant 6 years later. Thanks.