Add DNSMasq Additional Options via SSH

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
l3g023
DD-WRT Novice


Joined: 27 Sep 2020
Posts: 10

PostPosted: Sun Nov 29, 2020 21:10    Post subject: Add DNSMasq Additional Options via SSH Reply with quote
Hi guys,

I have a custom version of DD-WRT from a VPN provider. GUI barely have any options available.

I would normally go to Services, DNSMasq Additional Options and add this (handy for blocking auto-update services):

Code:
address=/domain_name.com/0.1.2.3


I can SSH into it but no idea how on earth would I manually add any commands in DNSMasq Additional Options...

I have eaven tried

Code:
cd /tmp
vi dnsmasq.conf
address=/domain_name.com/0.1.2.3
ESC, Shift-Z-Z


Then reboot but changes revert back...

Any help would be much appreciated...
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8451

PostPosted: Sun Nov 29, 2020 21:49    Post subject: Reply with quote
The contents of dnsmasq.conf are *derived* at bootup from nvram variables. You would need to find the relevant nvram variable(s), update them, commit the changes, and when the contents of dnsmasq.conf was derived again on a reboot, it would include your changes.

Of course, this assumes the provider hasn't eliminated this ability to update and commit nvram changes. If they built their own version of the firmware and don't want you to have the ability to make changes, you may be out of luck.

P.S. Did a quick check; the nvram variable is dnsmasq_options.

Code:
nvram get dnsmasq_options
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1060
Location: Appalachian mountains, USA

PostPosted: Sun Nov 29, 2020 22:06    Post subject: Reply with quote
If you are wanting to edit dd-wrt GUI windows from a linux/bash environment on a computer without actually using the GUI, maybe these will help.
Code:
ROUTERIP=192.168.1.1
SSHPORT=22

onRouter(){ ssh $4 -p $2 root@$1 "$3"; }
toArouter(){ scp -P $2 -q $5 $3 root@$1:"${4:-.}"; }
fromArouter(){ scp -P $2 -q $5 root@$1:"$3" "${4:-.}"; }

#toAnv file var (var defaults to file)
toAnv(){
  toArouter $ROUTERIP $SSHPORT "$1"
  onRouter $ROUTERIP $SSHPORT '
    xFILEx="$(echo -n x; cat '"$1"'; echo x)"
    FILEx="${xFILEx#x}"
    nvram set '"${2:-$1}"'="${FILEx%x}"
    nvram commit' 2>/dev/null; }

#fromAnv var file (no spaces in file, file defaults to var)
fromAnv(){
  onRouter $ROUTERIP $SSHPORT 'xFx="$(echo -n x; nvram get '$1'; echo x)";
  Fx="${xFx#x}"; echo -n "${Fx%
x}" >"'"${2:-$1}"'"' 2>/dev/null
  fromArouter $ROUTERIP $SSHPORT "${2:-$1}"; }

I surely can't say that they're perfect or readable (!) or even reasonable, but I've been using them for all my maintenance of GUI windows for nearly a year. (A fair bit of the complexity is to deal with nvram variables that end in a newline character.)

There's an assumption wired in that you've used ssh-agent or equivalent to set up your key-authorized ssh and scp interactions with dd-wrt so that you don't need to enter a password or passphrase each time.

So the idea is that on your handy linux laptop, you either copy in the above or put it in .bashrc. Then in your computer's bash window you can do

fromAnv dnsmasq_options

to copy the router's DNSMasq Additional Options, which are in an nvram variable dnsmasq_options, to a file on your computer (in the current directory) of the same name. Or if you'd rather use some different filename foo, you instead do this:

fromAnv dnsmasq_options foo

Then you edit file dnsmasq_options (or foo) on your computer then copy it back into the nvram varaible on the router using the appropriate one of these:

toAnv dnsmasq_options
toAnv foo dnsmasq_options


To experiment with these tools, don't use dnsmasq_options of course. Start with a file foobar on your computer, do toAnv foobar on the computer and on the router do nvram get foobar to see how it turned out. Move it back and forth to your heart's content. Then on the router do nvram unset foobar to eliminate foobar.

In addition to editing dnsmasq_options, I find these functions useful for editing the Startup and Firewall code in rc_startup and rc_firewall, the OpenVPN Client keys in openvpncl_ca, openvpncl_client, openvpncl_key, and openvpncl_tlsauth, the OpenVPN Client Additional Config and PBR windows in openvpncl_config and openvpncl_route, and occasionally the material in the Cron Jobs window and SSH Authorized Keys window in cron_jobs and sshd_authorized_keys. I copied these items to my laptop once, and from that point on the laptop copy of each was my master copy. When I want to make a change, I edit the laptop file and then use toAnv to move the contents of the file back to the router. Of course this gives me backups on my computer of these key window contents!

My linux is Fedora 29. If your bash behaves slightly differently from mine and forces you to tweak the functions, I'm afraid you are on your own. Editing these until I felt they were correct -- no guarantees -- took a lot of headscratching, and I don't remember at this point where the scratches were. Translation: you are on your own here. Caveat hackor.

_________________
Five WRT1900ACSv2's on 42926, 44048.
VLANs, VAPs, NAS, client-mode travel router, OpenVPN client (AirVPN), DDNS, wireguard servers, wireguard clients (AzireVPN), two DNSCrypt DNS providers (incl Quad9) via OpenVPN/wireguard clients.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8451

PostPosted: Sun Nov 29, 2020 22:06    Post subject: Reply with quote
Here's a quick-n-dirty script to make the changes to nvram.

Code:
cat << EOF > /tmp/dnsmasq_options
$(nvram get dnsmasq_options)
address=/domain_name.com/0.1.2.3
EOF
nvram set dnsmasq_options="$(cat /tmp/dnsmasq_options)"
nvram commit


It writes the current contents of dnsmasq_options to a temp file, adds your changes to that same temp file, then resets the nvram variable to the contents of the temp file.

Just realize you can *hose* dnsmasq if you mess up changes to that variable! You might want to NOT commit the changes immediately, but instead skip that last step and restart dnsmasq, just to see if it works, THEN commit the changes.

Code:
service dnsmasq restart
l3g023
DD-WRT Novice


Joined: 27 Sep 2020
Posts: 10

PostPosted: Sun Nov 29, 2020 22:36    Post subject: Reply with quote
SurprisedItWorks wrote:
If you are wanting to edit dd-wrt GUI windows from a linux/bash environment on a computer without actually using the GUI, maybe these will help.
Code:
ROUTERIP=192.168.1.1
SSHPORT=22

onRouter(){ ssh $4 -p $2 root@$1 "$3"; }
toArouter(){ scp -P $2 -q $5 $3 root@$1:"${4:-.}"; }
fromArouter(){ scp -P $2 -q $5 root@$1:"$3" "${4:-.}"; }

#toAnv file var (var defaults to file)
toAnv(){
  toArouter $ROUTERIP $SSHPORT "$1"
  onRouter $ROUTERIP $SSHPORT '
    xFILEx="$(echo -n x; cat '"$1"'; echo x)"
    FILEx="${xFILEx#x}"
    nvram set '"${2:-$1}"'="${FILEx%x}"
    nvram commit' 2>/dev/null; }

#fromAnv var file (no spaces in file, file defaults to var)
fromAnv(){
  onRouter $ROUTERIP $SSHPORT 'xFx="$(echo -n x; nvram get '$1'; echo x)";
  Fx="${xFx#x}"; echo -n "${Fx%
x}" >"'"${2:-$1}"'"' 2>/dev/null
  fromArouter $ROUTERIP $SSHPORT "${2:-$1}"; }

I surely can't say that they're perfect or readable (!) or even reasonable, but I've been using them for all my maintenance of GUI windows for nearly a year. (A fair bit of the complexity is to deal with nvram variables that end in a newline character.)

There's an assumption wired in that you've used ssh-agent or equivalent to set up your key-authorized ssh and scp interactions with dd-wrt so that you don't need to enter a password or passphrase each time.

So the idea is that on your handy linux laptop, you either copy in the above or put it in .bashrc. Then in your computer's bash window you can do

fromAnv dnsmasq_options

to copy the router's DNSMasq Additional Options, which are in an nvram variable dnsmasq_options, to a file on your computer (in the current directory) of the same name. Or if you'd rather use some different filename foo, you instead do this:

fromAnv dnsmasq_options foo

Then you edit file dnsmasq_options (or foo) on your computer then copy it back into the nvram varaible on the router using the appropriate one of these:

toAnv dnsmasq_options
toAnv foo dnsmasq_options


To experiment with these tools, don't use dnsmasq_options of course. Start with a file foobar on your computer, do toAnv foobar on the computer and on the router do nvram get foobar to see how it turned out. Move it back and forth to your heart's content. Then on the router do nvram unset foobar to eliminate foobar.

In addition to editing dnsmasq_options, I find these functions useful for editing the Startup and Firewall code in rc_startup and rc_firewall, the OpenVPN Client keys in openvpncl_ca, openvpncl_client, openvpncl_key, and openvpncl_tlsauth, the OpenVPN Client Additional Config and PBR windows in openvpncl_config and openvpncl_route, and occasionally the material in the Cron Jobs window and SSH Authorized Keys window in cron_jobs and sshd_authorized_keys. I copied these items to my laptop once, and from that point on the laptop copy of each was my master copy. When I want to make a change, I edit the laptop file and then use toAnv to move the contents of the file back to the router. Of course this gives me backups on my computer of these key window contents!

My linux is Fedora 29. If your bash behaves slightly differently from mine and forces you to tweak the functions, I'm afraid you are on your own. Editing these until I felt they were correct -- no guarantees -- took a lot of headscratching, and I don't remember at this point where the scratches were. Translation: you are on your own here. Caveat hackor.


Wow... Super thanks for this. I will defo look into it in my spare time!



eibgrad wrote:
Here's a quick-n-dirty script to make the changes to nvram.

Code:
cat << EOF > /tmp/dnsmasq_options
$(nvram get dnsmasq_options)
address=/domain_name.com/0.1.2.3
EOF
nvram set dnsmasq_options="$(cat /tmp/dnsmasq_options)"
nvram commit


It writes the current contents of dnsmasq_options to a temp file, adds your changes to that same temp file, then resets the nvram variable to the contents of the temp file.

Just realize you can *hose* dnsmasq if you mess up changes to that variable! You might want to NOT commit the changes immediately, but instead skip that last step and restart dnsmasq, just to see if it works, THEN commit the changes.

Code:
service dnsmasq restart


Thanks, I've tried using what you suggested but it exits edditting when I use

Code:
EOF


And this command isn't recognised (-sh: service: not found)

Code:
service dnsmasq restart
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8451

PostPosted: Sun Nov 29, 2020 22:46    Post subject: Reply with quote
l3g023 wrote:
Thanks, I've tried using what you suggested but it exits edditting when I use

Code:
EOF


And this command isn't recognised (-sh: service: not found)

Code:
service dnsmasq restart


Editing? You only need to paste the script (w/ your modifications) into the SSH window for it to execute. No editing of any files directly on the router is required by you (e.g., using the vi editor).

As far as the service manager, since I have no idea what the provider used as a basis for their own build, I can't be sure what's available. You could try the old way.

Code:
stopservice dnsmasq
sleep 2
startservice dnsmasq
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum