DHCP Server Static Client list management

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Goto page 1, 2  Next
Author Message
nbl1268
DD-WRT Novice


Joined: 28 Jul 2018
Posts: 2

PostPosted: Sat Jul 28, 2018 2:03    Post subject: DHCP Server Static Client list management Reply with quote
Hi Folks, newbie question (hopefully in the right forum) for how to properly manage the static lease entries in the DHCP Server.

Using the UI, I can 'add' new entries and i can 'remove' the last (bottom of list) entry.

However, lets say I have 10 entries, how to do remove the third entry without removing all those following?

In trying to find a solution to this, i SSH'd in to my router and using VI can view the dhcp-host= entries in the /tmp/dnsmasq.conf file. however, manually re-ordering them there (using D and P to cut an past lines and :wq to save exit) didnt seem to work.

Any help guidance welcomed.

If there isnt an easy way to do this, let me know how i raise this as a development suggestion.
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 2989
Location: UK, London, just across the river..

PostPosted: Sat Jul 28, 2018 5:00    Post subject: Reply with quote
https://wiki.dd-wrt.com/wiki/index.php/Static_DHCP#How_to_add_static_leases_into_dhcp_by_command

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=308065

Forgot that you can use DNSMasq to set static lease. Add the following line to the Additional DNSMasq Options:

dhcp-host=11:22:33:44:55:66,192.168.1.x,24h

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41459 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----DD-WRT 41517 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
2x Netgear R7800 -------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DNSCrypt-proxy v2 x2)
Broadcom
Netgear R7000 -------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Sat Jul 28, 2018 5:05    Post subject: Reply with quote
Don't use the GUI for these purposes. Instead, copy the existing dhcp-host directivse from /tmp/dnsmasq.conf and place them (and any new static leases) in the Additional DNSMasq Options field on the Services page, then delete the static leases in the GUI.

If you have a lot of static leases, it may exhaust the capacity of the Additional DNSMasq Options field. If that happens, you can move the contents of Additional DNSMasq Options to a file in /jffs (e.g., /jffs/dnsmasq.custom) and add the following to the Additional DNSMasq Options field.

Code:
conf-file=/jffs/dnsmasq.custom
nbl1268
DD-WRT Novice


Joined: 28 Jul 2018
Posts: 2

PostPosted: Mon Jul 30, 2018 10:27    Post subject: Reply with quote
@Alozaros @eibgrad many thanks for replies.
Have approx. 45 static leases, of which i'm probably updating 5 to 10 of them on a semi frequent basis.

Will try out the /jffs/dnsmasq.custom option, looks to be the easiest to support ongoing with out any concerns about worrying about capacity of the Additional DNSMasq Options field.
NinthWave
DD-WRT Novice


Joined: 12 Mar 2018
Posts: 16

PostPosted: Wed May 08, 2019 2:13    Post subject: Reply with quote
eibgrad wrote:
Don't use the GUI for these purposes. Instead, copy the existing dhcp-host directivse from /tmp/dnsmasq.conf and place them (and any new static leases) in the Additional DNSMasq Options field on the Services page, then delete the static leases in the GUI.

If you have a lot of static leases, it may exhaust the capacity of the Additional DNSMasq Options field. If that happens, you can move the contents of Additional DNSMasq Options to a file in /jffs (e.g., /jffs/dnsmasq.custom) and add the following to the Additional DNSMasq Options field.

Code:
conf-file=/jffs/dnsmasq.custom


I am trying myself to create a dhcp static lease table.
Very hard to find information on a single place.

Just to be certain.

Should the "/jffs/dnsmasq.custom" file contain only the dhcphost directives or should the whole content of "dnsmasq.conf" be copied?

I am asking because as one can see per the attachment, the actual "dnsmasq.conf" file has a command at the end: "conf-file=/etc/rfc6761.conf" and @eigbrad mention to add this int the GUI
Code:
conf-file=/jffs/dnsmasq.custom


Thank you for clarifying this



dnsmasq_capture.png
 Description:
 Filesize:  78.75 KB
 Viewed:  1615 Time(s)

dnsmasq_capture.png


eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Wed May 08, 2019 3:25    Post subject: Reply with quote
NinthWave wrote:
Should the "/jffs/dnsmasq.custom" file contain only the dhcphost directives or should the whole content of "dnsmasq.conf" be copied?


You only add to the conf-file those things you either wish to add (e.g., dhcp-host directives) or override in the DNSMasq config file.

Quote:
I am asking because as one can see per the attachment, the actual "dnsmasq.conf" file has a command at the end: "conf-file=/etc/rfc6761.conf" and @eigbrad mention to add this int the GUI [code]conf-file=/jffs/dnsmasq.custom


First time I've ever seen the router refer to a conf-file of its own. I have no clue why that's there. But if I'm reading the DNSMasq documentation correctly, I *believe* it's valid to have multiple conf-file directives in the same config file.
NinthWave
DD-WRT Novice


Joined: 12 Mar 2018
Posts: 16

PostPosted: Wed May 08, 2019 11:27    Post subject: Reply with quote
@eibgrad

Thank you for your quick answer and sorry for I mispelled your username.

So I left the dhcphost directives only in the "/jffs/dnsmasq.custom" and I still have acces to internet. Yeah!

Few more qestions to be sure of long term stability.

Is the "Use the JFFS2 for client lease DB" tickbox meant solely for DHCPd or, DNSmasq as well? As you can see, it is not yet checked and it's working, as of now...

I have read a few topics where "Local DNS" is covered but I can't exactly figure what it's for and if I should enable it?

The first three lines in "Advanced DNSmasq Options", I got from cross-reading other posts, but I am not sure if I should use that or not?

Again, thank you for your help.



Capture_Services.PNG
 Description:
 Filesize:  31.4 KB
 Viewed:  1581 Time(s)

Capture_Services.PNG


mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 4834
Location: Texas

PostPosted: Wed May 08, 2019 13:00    Post subject: Reply with quote
eibgrad,
just FYI Smile
In dnsmasq:
'conf-file=/etc/rfc6761.conf' is fairly simple in DD-WRT and has been included for a while now.
Code:
root@EA8500:~# cat /etc/rfc6761.conf
# RFC6761 included configuration file for dnsmasq
#
# includes a list of domains that should not be forwarded to Internet name servers
# to reduce burden on them, asking questions that they won't know the answer to.

server=/bind/
server=/invalid/
server=/local/
server=/localhost/
server=/onion/
server=/test/

https://tools.ietf.org/html/rfc6761
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Wed May 08, 2019 15:46    Post subject: Reply with quote
mrjcd wrote:
eibgrad,
just FYI Smile
In dnsmasq:
'conf-file=/etc/rfc6761.conf' is fairly simple in DD-WRT and has been included for a while now.
Code:
root@EA8500:~# cat /etc/rfc6761.conf
# RFC6761 included configuration file for dnsmasq
#
# includes a list of domains that should not be forwarded to Internet name servers
# to reduce burden on them, asking questions that they won't know the answer to.

server=/bind/
server=/invalid/
server=/local/
server=/localhost/
server=/onion/
server=/test/

https://tools.ietf.org/html/rfc6761


Thanks. I eventually dug into it and found out the reason.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Wed May 08, 2019 17:36    Post subject: Reply with quote
NinthWave wrote:
Is the "Use the JFFS2 for client lease DB" tickbox meant solely for DHCPd or, DNSmasq as well? As you can see, it is not yet checked and it's working, as of now...


That particular part of the Services pages is a bit misleading. You'd think the way it was organized that it only applied to DHCPd (the alternate DHCP server), but those options should work for either DHCPd or DNSMasq.

Quote:
I have read a few topics where "Local DNS" is covered but I can't exactly figure what it's for and if I should enable it?


I don't know either. Smile If you examine the DNSMasq config file w/ the setting enabled and disabled, the only difference I see is the addition of the domain directive in the case of disabled. FWIW, the following is from the DNSMasq documentation regarding that directive.

-s, --domain=<domain>[,<address range>[,local]]
Specifies DNS domains for the DHCP server. Domains may be be given unconditionally (without the IP range) or for limited IP ranges. This has two effects; firstly it causes the DHCP server to return the domain to any hosts which request it, and secondly it sets the domain which it is legal for DHCP-configured hosts to claim. The intention is to constrain hostnames so that an untrusted host on the LAN cannot advertise its name via dhcp as e.g. "microsoft.com" and capture traffic not meant for it. If no domain suffix is specified, then any DHCP hostname with a domain part (ie with a period) will be disallowed and logged. If suffix is specified, then hostnames with a domain part are allowed, provided the domain part matches the suffix. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part. Eg on my network I can set --domain=thekelleys.org.uk and have a machine whose DHCP hostname is "laptop". The IP address for that machine is available from dnsmasq both as "laptop" and "laptop.thekelleys.org.uk". If the domain is given as "#" then the domain is read from the first "search" directive in /etc/resolv.conf (or equivalent).

The address range can be of the form <ip address>,<ip address> or <ip address>/<netmask> or just a single <ip address>. See --dhcp-fqdn which can change the behaviour of dnsmasq with domains.

If the address range is given as ip-address/network-size, then a additional flag "local" may be supplied which has the effect of adding --local declarations for forward and reverse DNS queries. Eg. --domain=thekelleys.org.uk,192.168.0.0/24,local is identical to --domain=thekelleys.org.uk,192.168.0.0/24 --local=/thekelleys.org.uk/ --local=/0.168.192.in-addr.arpa/ The network size must be 8, 16 or 24 for this to be legal.


Despite that explanation, I can't tell a lick of difference in the behavior of the router regardless whether it's enabled or disabled! Seems to me even the label "Local DNS" is misleading. It does NOT enable or disable the local DNS server, or disable local name resolution, or anything else you might assume is the case. Never seen anyone else explain its function either. It's a mystery.

Having used dd-wrt for many years, I just never touch it. I leave it to whatever is the default (iirc, disabled). Never seemed to cause a problem. It's not like I had some issue in the past, and changing that settings had any obvious positive or negative impact.

Quote:
The first three lines in "Advanced DNSmasq Options", I got from cross-reading other posts, but I am not sure if I should use that or not?


If you're referring to the following three directives ...

Code:
interface=br0
resolv-file=/tmp/resolv.dnsmasq
domain=local


... the first two are automatically generated by DNSMasq. As I explained above, whether the domain directive is specified depends on the setting of Local DNS. You could just as well define the local domain in the LAN Domain field of the DHCPd server section. I suppose adding it directly to the Additonal DNSMasq Options field would make sure it's was always there, despite the setting of Local DNS.

Generally speaking, there isn't much need to be fiddling w/ DNSMasq options except for things like static leases and perhaps creating your own DNS records (e.g., using address directives). Most everything else is automatically generated, or can be manipulated indirectly through options on the GUI. The only reason anyone is recommending the use of dhcp-host directives over defining static leases in the GUI is that the latter is such a pain to manage and migrate w/ firmware updates.
NinthWave
DD-WRT Novice


Joined: 12 Mar 2018
Posts: 16

PostPosted: Wed May 08, 2019 23:07    Post subject: Reply with quote
eibgrad wrote:

If you're referring to the following three directives ...


Thank you for all this useful information but no Very Happy, I was referring to the bottom red ellipse that circles the "Additional DNSmasq options" at the bottom of my services screen capture...

I would say that the first line:
Code:
domain=maison

Is probably useless as it it already set un the GUI;

but what about 2nd and third line:
Code:
local=/maison/
expand-hosts


Any use for that?
NinthWave
DD-WRT Novice


Joined: 12 Mar 2018
Posts: 16

PostPosted: Wed May 08, 2019 23:53    Post subject: Reply with quote
Oh! Another question about DHCP reservation....

Maybe it was always there and I never noticed before but, is it normal behavior for the ISP Modem to show in "Active Clients" of the Status folder?

I know it is connected to the WAN port
I know DHCPmasq cannot change the IP adress assigned to me by my ISP but should it show on the status page???



Capture_ActiveClients.png
 Description:
 Filesize:  44.2 KB
 Viewed:  1519 Time(s)

Capture_ActiveClients.png


eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Thu May 09, 2019 0:04    Post subject: Reply with quote
I assume you're referring to 74.58.19.1 on eth0.

No, I've never seen a modem on the active clients list. That would make no sense. Then again, I rarely pay attention to the Active Clients list. I could image that happening, for example, if your modem was really a modem+router and your dd-wrt router was configured as a wireless ISP (i.e., client or repeater mode). But without knowing specifics about your config, I can only guess.
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 1229
Location: Indiana

PostPosted: Thu May 09, 2019 2:41    Post subject: Reply with quote
NinthWave wrote:
Oh! is it normal behavior for the ISP Modem to show in "Active Clients" of the Status folder?

It is "new feature" added around mid November 2018 build ~37736. Maybe earlier.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1147351#1147351

_________________
SUPPORTED DEVICES -- DON'T USE ROUTER DATABASE!
--IMPORTANT UPGRADE INFORMATION--STUBBY install guide
Qualcomm-Atheros:
R7800 x2 kongat & BS WDS AP & Sta- R7500V2 BS std WDS STA- WNDR3700v4 BS std WDS STA- Nanostation M2 AirOS- LocoM2 AirOS
Broadcom:
R6200v2 41491std using R6250.chk WLAN Repeater Archer C9 v1 OEM WAP

DDWRT Policy Based Routing Guide by egc
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Thu May 09, 2019 4:53    Post subject: Reply with quote
bushant wrote:
NinthWave wrote:
Oh! is it normal behavior for the ISP Modem to show in "Active Clients" of the Status folder?

It is "new feature" added around mid November 2018 build ~37736. Maybe earlier.

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1147351#1147351


Thanks. I was completely unaware of this change. I suppose it was determined to be useful, but it makes no sense either. Since when is Active Clients considered to be an ARP table? LOL
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum