[Dnsmasq-discuss] dnsmaq on OpenWRT, configuration question
Geert Stappers
stappers at stappers.nl
Sun Jul 28 07:14:50 BST 2019
On Sat, Jul 27, 2019 at 11:34:41AM -0400, Art Greenberg wrote:
> I had been running dnsmasq on a machine on my network and using
> addn-hosts for ad blocking. My router was configured with my ISP's
> DNS servers.
>
> I used "net:red" to assign the router as DNS server for certain devices
> (Roku streamers, notably) to avoid the ad blocking, because some of
> the apps on the router would not work properly with the ad blocking
> in place. This told those devices to go directly to the router for
> DNS services.
>
> router/gateway 192.168.2.1
> dnsmasq machine 192.168.2.11
>
> ## dnsmasq.conf fragment
>
> domain-needed
> bogus-priv
> no-resolv
> local=/artg.tv/
> interface=eth0
> domain=artg.tv
> server=8.8.8.8,8.8.4.4
>
> dhcp-option=option:dns-server,192.168.2.11 ## use dnsmasq machine for DNS
> dhcp-option=net:red,option:dns-server,192.168.2.1
>
> dhcp-host=00:01:03:27:84:95,192.168.2.15,martha ## typical of computer assignments
> dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red ## typical of ad blocking avoidance
>
> ## end dnsmasq.conf fragment
>
> This all worked fine.
>
> Then I obtained a newer router and installed OpenWRT on it. This, too,
> worked fine until I moved dnsmasq onto the router. The configuration
> now looks like this:
>
> router/gateway 192.168.2.1
> dnsmasq machine 192.168.2.1
>
> ## dnsmasq.conf fragment
>
> domain-needed
> bogus-priv
> no-resolv
> local=/artg.tv/
> interface=br-lan
> domain=artg.tv
> server=8.8.8.8,8.8.4.4
>
> dhcp-option=option:dns-server,192.168.2.1 ## use dnsmasq on the router for DNS
> dhcp-option=net:red,option:dns-server,8.8.8.8,8.8.4.4 ## Google public DNS servers
>
> dhcp-host=00:01:03:27:84:95,192.168.2.15,martha ## typical of computer assignments
> dhcp-host=d8:31:34:36:d0:18,192.168.2.135,ROKU-1-WIFI,net:red ## typical of ad blocking avoidance
>
> Now the Roku streamers and some of the apps on them aren't so happy.
I think that "aren't so happy" needs elaboration.
> Despite the "net:red" tag, dnsmasq is intercepting all DNS
> requests and it is returning 0.0.0.0 when the host being looked up is
> in one of the addn-hosts files.
>
> I have DHCP and DNS logging turned on in dnsmasq and can see the
> Roku streamers ask for option 6 (dns-server) and they get the expected
> response (the Google DNS servers).
OKay, so far the DHCP part
> Yet when they make a DNS request, its being processed by dnsmasq
That is _not supposed_ to happen.
> and the add-hosts files are being consulted,
Because the "red" hosts are on the wrong track ...
> the result being that hosts listed in one of the files have their IP
> address returned as 0.0.0.0.
>
> I suppose this is expected, as dnsmasq is acting as a DNS relay only
> if it cannot resolve the request, and since the ad hosts are listed
> in an addn-hosts file, dnsmasq -can- resolve the request despite it
> not being within the local, private IP address block.
>
> I'm thinking I need a second dnsmasq instance configured to handle those
> devices that cannot have ad blocking, and the appropriate division of
> configurations, including complimentary use of the "ignore" option to
> dhcp-host on the two configurations.
>
> Is there a simpler way to deal with this?
Yes and you are almost there.
Explore why red hosts resolve via 192.168.2.1, they shouldn't.
> And no, I'd rather not move back to using a machine on the network
> for dnsmasq if I can avoid it.
Fair enough
> Thanks.
Groeten
Geert Stappers
--
Leven en laten leven
More information about the Dnsmasq-discuss
mailing list