[Dnsmasq-discuss] dnsmaq on OpenWRT, configuration question

Geert Stappers stappers at stappers.nl
Sun Jul 28 07:14:50 BST 2019 

On Sat, Jul 27, 2019 at 11:34:41AM -0400, Art Greenberg wrote:
> I had been running dnsmasq on a machine on my network and using
> addn-hosts for ad blocking. My router was configured with my ISP's
> DNS servers.
> 
> I used "net:red" to assign the router as DNS server for certain devices
> (Roku streamers, notably) to avoid the ad blocking, because some of
> the apps on the router would not work properly with the ad blocking
> in place. This told those devices to go directly to the router for
> DNS services.
> 
> router/gateway 192.168.2.1
> dnsmasq machine 192.168.2.11
> 
> ## dnsmasq.conf fragment
> 
> domain-needed
> bogus-priv
> no-resolv
> local=/artg.tv/
> interface=eth0
> domain=artg.tv
> server=8.8.8.8,8.8.4.4
> 
> dhcp-option=option:dns-server,192.168.2.11            ## use dnsmasq machine for DNS
> dhcp-option=net:red,option:dns-server,192.168.2.1
> 
> dhcp-host=00:01:03:27:84:95,192.168.2.15,martha       ## typical of computer assignments
> dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red    ## typical of ad blocking avoidance
> 
> ## end dnsmasq.conf fragment
> 
> This all worked fine.
> 
> Then I obtained a newer router and installed OpenWRT on it. This, too,
> worked fine until I moved dnsmasq onto the router. The configuration
> now looks like this:
> 
> router/gateway 192.168.2.1
> dnsmasq machine 192.168.2.1
> 
> ## dnsmasq.conf fragment
> 
> domain-needed
> bogus-priv
> no-resolv
> local=/artg.tv/
> interface=br-lan
> domain=artg.tv
> server=8.8.8.8,8.8.4.4
> 
> dhcp-option=option:dns-server,192.168.2.1                        ## use dnsmasq on the router for DNS
> dhcp-option=net:red,option:dns-server,8.8.8.8,8.8.4.4            ## Google public DNS servers
> 
> dhcp-host=00:01:03:27:84:95,192.168.2.15,martha                  ## typical of computer assignments
> dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red    ## typical of ad blocking avoidance
> 
> Now the Roku streamers and some of the apps on them aren't so happy.

I think that "aren't so happy" needs elaboration.


> Despite the "net:red" tag, dnsmasq is intercepting all DNS
> requests and it is returning 0.0.0.0 when the host being looked up is
> in one of the addn-hosts files.
> 
> I have DHCP and DNS logging turned on in dnsmasq and can see the
> Roku streamers ask for option 6 (dns-server) and they get the expected
> response (the Google DNS servers).

OKay, so far the DHCP part


> Yet when they make a DNS request, its being processed by dnsmasq

That is _not supposed_ to happen.

> and the add-hosts files are being consulted,

Because the "red" hosts are on the wrong track ...


> the result being that hosts listed in one of the files have their IP
> address returned as 0.0.0.0.
> 
> I suppose this is expected, as dnsmasq is acting as a DNS relay only
> if it cannot resolve the request, and since the ad hosts are listed
> in an addn-hosts file, dnsmasq -can- resolve the request despite it
> not being within the local, private IP address block.
> 
> I'm thinking I need a second dnsmasq instance configured to handle those
> devices that cannot have ad blocking, and the appropriate division of
> configurations, including complimentary use of the "ignore" option to
> dhcp-host on the two configurations.
> 
> Is there a simpler way to deal with this?

Yes and you are almost there.

Explore why red hosts resolve via 192.168.2.1, they shouldn't.


> And no, I'd rather not move back to using a machine on the network
> for dnsmasq if I can avoid it.

Fair enough

> Thanks.


Groeten
Geert Stappers
-- 
Leven en laten leven

More information about the Dnsmasq-discuss mailing list