What is Dnsmasq really for in DD-wrt routers?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
tipjohn
DD-WRT Novice


Joined: 17 Dec 2018
Posts: 38

PostPosted: Sun Jan 12, 2020 14:29    Post subject: What is Dnsmasq really for in DD-wrt routers? Reply with quote
Hi everyone,
I'd like to understand what Dnsmasq in DD-wrt routers really does.
Can't DD-wrt manage DNS by itself? What happens if I disable it in "services", or If I disable DNSMasq for DHCP and Use DNSMasq for DNS in "Basic "setup?
I have been looking it up on the Internet, but I haven't found something really useful so far.
Could you help me to figure this out please?
Unfortunately, I am anything but good at this DNS things.
Thanks
Sponsor
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 587
Location: Appalachian mountains, USA

PostPosted: Sun Jan 12, 2020 17:32    Post subject: Reply with quote
I believe dhcp is always handled by dnsmasq in newer dd-wrt builds. And dnsmasq is the default dns handler as well. There is no "by itself" in dd-wrt. Basically dnsmasq is the "by itself" option.

dnsmasq caches dns replies, handles DNSSEC processing if that is enabled, can juggle multiple dns providers, etc. It gives you configuration facilities to support extra lists of IP addresses for specific domains. It can query dns providers in an order you specify or query them all in parallel or adaptively favor the ones that are responding the fastest. You can google/duckduckgo/qwant dnsmasq to find out more.

If you want encrypted dns queries, the program dnscrypt-proxy is what directly interacts with the DNSCrypt-compatible DNS servers and manages encryption certificates and such, and dnsmasq then treats dnscrypt-proxy like any other DNS server. You can even run multiple dnscrypt-proxy processes so you can use multiple DNSCrypt servers, and dnsmasq will happily use them all.

dnsmasq is generally considered a "light footprint" system. It is not a resource pig. But it is not the most powerful system either. Unbound is a more capable and I believe newer system used now by some dd-wrt users, but setting it up is more involved. Stubby is another alternative that provides more capability at the cost of more complexity.

_________________
Six Linksys WRT1900ACSv2 (39144/40009/41954):
VLANs, multiple VAPs, NAS, QoS, client-mode travel router, OpenVPN client/PBR (AirVPN), two DNSCrypt servers (incl Quad9) routed through vpn.
tipjohn
DD-WRT Novice


Joined: 17 Dec 2018
Posts: 38

PostPosted: Sun Jan 12, 2020 17:53    Post subject: Reply with quote
SurprisedItWorks wrote:
I believe dhcp is always handled by dnsmasq in newer dd-wrt builds. And dnsmasq is the default dns handler as well. There is no "by itself" in dd-wrt. Basically dnsmasq is the "by itself" option.



Ok, but if dhcp is always handled by dnsmasq [in newer dd-wrt builds], and dnsmasq is the default dns handler as well, what happens to dd-wrt if I disable it in "services" or "uncheck" it in the basic setup tab as I said above?
Thank you
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3193
Location: UK, London, just across the river..

PostPosted: Sun Jan 12, 2020 17:58    Post subject: Reply with quote
try it... Laughing Twisted Evil

you have to use static IP or another DHCP forwarder and DNS server......

basically its not good idea to disable it as its the backbone of DDWRT kind of...
SurprisedItWorks gave you a brief review of its vital/useful options already..
next thing you do your homework...
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=313498&start=0

those 2 are slightly outdated but still useful to read .... to get an idea what is what...!
https://wiki.dd-wrt.com/wiki/index.php/DNSMasq_as_DHCP_server
https://wiki.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO#2.29_Additional_DNS_Options_.28in_Services.29

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 41892 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41813 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----DD-WRT 41892 BS (AP,NAT,AD Blocking,Firewall,Local DNS,Forced DNS,DoT,)
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 41892 BS (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,VPN)
Broadcom
Netgear R7000 -------DD-WRT 41892 BS (AP,Wi-Fi OFF,NAT,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT,VPN)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913


Last edited by Alozaros on Mon Jan 13, 2020 5:13; edited 1 time in total
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 1312
Location: Indiana

PostPosted: Sun Jan 12, 2020 18:24    Post subject: Reply with quote
SurprisedItWorks wrote:
Stubby is another alternative that provides more capability at the cost of more complexity.

What do you find to be complex as far as using Stubby?

_________________
SUPPORTED DEVICES -- DON'T USE ROUTER DATABASE!
--IMPORTANT UPGRADE INFORMATION--STUBBY DoT install guide
Qualcomm-Atheros:
R7800 x2 BS std GW AP & GW WDS AP -- R7500V2 BS std WDS STA-- WZR-HP-AG300H BS std WDS STA
WNDR3700v4 BS std WDS STA-- Nanostation M2 AirOS-- LocoM2 AirOS
MikroTik SXT R LTE RouterOS
Broadcom:
R6200v2 41813std TFTP R6250.chk WLAN Repeater Archer C9 v1 OEM WAP

DDWRT Policy Based Routing Guide-1.03 by egc
tipjohn
DD-WRT Novice


Joined: 17 Dec 2018
Posts: 38

PostPosted: Sun Jan 12, 2020 18:47    Post subject: Reply with quote
Alozaros wrote:
try it... Laughing Twisted Evil

you have to use static IP or another DHCP forwarder and DNS server......

basically its not good idea to disable it as its the backbone of DDWRT kind of...SurprisedItWorks gave you a brief review of its vital/useful options already..
next thing you do your homework...
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=313498&start=0

those 2 are slightly outdated but still useful to read .... to get an idea what is what...!
https://wiki.dd-wrt.com/wiki/index.php/DNSMasq_as_DHCP_server
https://wiki.dd-wrt.com/wiki/index.php/DNSMasq_-_DNS_for_your_local_network_-_HOWTO#2.29_Additional_DNS_Options_.28in_Services.29


you maybe meant DHCP server and DNS forwarder, or I'm missing something here..again?

Ok, thank you, I'll give them a look even though I am not good with this stuff and commands.
I think I have understood what Dnsmasq basically does, but I also wanted to figure out how important and vital as a service it is.
Thanks again
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 587
Location: Appalachian mountains, USA

PostPosted: Mon Jan 13, 2020 18:25    Post subject: Reply with quote
bushant wrote:
SurprisedItWorks wrote:
Stubby is another alternative that provides more capability at the cost of more complexity.

What do you find to be complex as far as using Stubby?
It may just be my ignorance, but I'm assuming one has to have external storage and download a package. In my world that's complex, as I want my routers self sufficient and in no way dependent on external storage. (Not to mention that both USB ports are doing other things, user things and not router things.)
_________________
Six Linksys WRT1900ACSv2 (39144/40009/41954):
VLANs, multiple VAPs, NAS, QoS, client-mode travel router, OpenVPN client/PBR (AirVPN), two DNSCrypt servers (incl Quad9) routed through vpn.
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 1312
Location: Indiana

PostPosted: Mon Jan 13, 2020 23:05    Post subject: Reply with quote
I see.
That does indeed make using Stubby more of a challenge for you.
It is a rather simple task for others I think.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3193
Location: UK, London, just across the river..

PostPosted: Tue Jan 14, 2020 5:21    Post subject: Reply with quote
bushant wrote:
I see.
That does indeed make using Stubby more of a challenge for you.
It is a rather simple task for others I think.


I guess his concerns are if someone locally access ''the USB medium'' with some malicious purpose...

otherwise i find Stubby, light, secure, easy to set up,
and easy to use...not complex like DNScrypt-proxy v2
for example...

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 41892 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41813 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----DD-WRT 41892 BS (AP,NAT,AD Blocking,Firewall,Local DNS,Forced DNS,DoT,)
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 41892 BS (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,VPN)
Broadcom
Netgear R7000 -------DD-WRT 41892 BS (AP,Wi-Fi OFF,NAT,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT,VPN)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum