Search This Blog

Tuesday, April 25, 2017

Setting up DNS on openwrt on TL-WDR4300

Found a couple of articles that helped, referenced below. Had to connect to router via SSH, as luci does not have the interface for the added packages.

Note: I was unable to install the dhcp server  in the article, although I did manage to install another dhcp package. This said I do not use dhcp and I didnot test whether dhcp worked.

This did not install

opkg install isc-dhcp-server-ipv4

I was able to install the following package from the openwrt site.

opkg install https://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/dhcpcd_6.4.3-1_ar71xx.ipk

Note: I have been running this for months now, and I have just had a weird issue where dns stopped working. SSHing onto the router, and performing a dig worked fine just remote dns was not working. I tried rebooting the router and that didnot fix it. However I just restarted the bind service and all has started working again. Not sure what the actual problem was.

restart the dns service: /etc/init.d/named restart/etc/init.d/named restart

We remove the dnsmasq service which is a combined DHCP and DNS (forwarder) server and replace this with separate DNS and DHCP services.

I then followed the article

https://maroskukan.wordpress.com/2015/02/24/openwrt-spinning-up-authoritative-dns-server/

Changing values where needed (examples below)

I used the following acl in the named.conf file, note two ip ranges as my router is setup as a bridging client.

acl "trusted" {
     192.168.75.0/24;
     172.75.75.0/24;
     localhost;
     localnets;
};

options {
        directory "/tmp";
        recursion yes;
        allow-recursion { trusted; };
        allow-transfer { trusted; };
        allow-query-cache { trusted; };
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                192.168.75.1;
        };

        auth-nxdomain no;    # conform to RFC1035
};

Created folder to hold the zone files

mkdir /etc/zones
using existing zone files as templates.
cp /etc/bind/db.local /etc/bind/zones/db.homedomain.local
for reverse lookup (two zones as I have created two subnets)
cp /etc/bind/db.127 /etc/bind/zones/db.75.168.192
cp /etc/bind/db.127 /etc/bind/zones/db.75.75.172
Then edited the files for my needs

;
; BIND data file for reverse look up of 192.168.75/24
;
$TTL    604800
@       IN      SOA     homedomain.local. root.homedomain.local. (
                             10         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@      IN      NS      router.homedomain.local.
11     IN      PTR     machine1.homedomain.local.
18     IN      PTR     router.homedomain.local.
110    IN      PTR     machine3.homedomain.local.

;
; BIND data file for reverse look up of 172.75.75/24
;
$TTL    604800
@       IN      SOA     homedomain.local. root.homedomain.local. (
                             10         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      router.homedomain.local.
1       IN      PTR     router.homedomain.local.
2       IN      PTR     machine4.homedomain.local.
10      IN      PTR     machine5.homedomain.local.

;
; BIND data file for homedomain.local zone
;
$TTL    604800
@       IN      SOA     homedomain.local. root.homedomain.local. (
                             10         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      router.homedomain.local.
@       IN      A       192.168.75.18
router  IN      A       192.168.75.18
machine4        IN      A       172.75.75.2
machine5        IN      A       172.75.75.10
machine3        IN      A       192.168.75.110
machine1        IN      A       192.168.75.11

https://wiki.openwrt.org/doc/howto/dns.bind

https://maroskukan.wordpress.com/2015/02/24/openwrt-spinning-up-authoritative-dns-server/

http://blog.differentpla.net/blog/2013/10/30/replacing-dnsmasq-on-openwrt

https://kb.isc.org/article/AA-00269/0/What-has-changed-in-the-behavior-of-allow-recursion-and-allow-query-cache.html


Share/Bookmark

No comments:

Post a Comment