Posted: Tue Jul 31, 2018 9:27 Post subject: dnsmasq doing dns
Can't seem to get this to work. Tried many things. Trying to shutdown an old bind9 server and use the router for dns. I've got some static IP's and startup that makes the lan ports on the router work
I've attached some screenshots and text file with options
Local DNS enabled or disabled because of conflicting DHCPd Options I've read
I've also reset the router without success:
erase nvram && reboot
From the dhcp clients I can always ping the router by name but none of the static names. Those successful names are in:
Things appear to be working. Reboot of the client makes it show up in the webUI and ping/nslookup etc start working
Something I've noticed is how the name shows up in the webUI even if the name is defined in Additional DNSMasq Options
Android phones for example (android-7c77748e2304****). I would prefer it to use the name defined so I know what it is. It also does not have the lease time defined
To answer your other things, I think that may be how the computer (in this case android phone) gives the dns server its identification name. It may be the order in which it gets put into the hosts file.
I might need a screenshot or example of the lease time/other things to help more. Maybe I am just being dumb...
There is no
dhcp-option=br0,6,192.168.0.1
in dnsmasq.conf. That should be auto created, defines its local DNS ---- no user input needed.
However you should probably take 192.168.0.1 out of Static DNS1 on Setup page.
Put 192.168.0.1 in local DNS (same page) if you want to.
Don't think you should have these in dnsmasq.conf
listen-address=127.0.0.1,192.168.0.1
domain=example.com
local=/example.com/
domain=example.com is already there like it should be
It will be what you have 'LAN Domain' set in Services page. Also LAN & WLAN should be as 'Used Domain' same page.
I don't have that router and it could possibly be something related to the build your are using.
Although I have used local DNS for many years on several routers (many dd-wrt builds) without a problem.
I also have several android devices which most have static leases.
Their name always shows correct to what I have it set. Don't think any order makes difference as long as correct MAC for the device you name.
I have static leases on two Chromecast and one ROKU that are all connected to guest network (different subnet) without any problem.
When I connect the droid phone to the guest network the chromecast will even show the name I have given them in the google 'HOME' app.
i was going to start a new topic, but since it's related;
this thread discusses dnsmasq but it does not actually hit on using
Encrypt DNS
DNS Crypt Resolver
AdGuard DNS (for example)
i don't see the point of doing dnsmasq if you don't encrypt it too.
my problem is on fios (using the latest dd-wrt beta) every time i enable Encrypt DNS and give it any Resolver, once i save/apply/reboot, my r7500v2 loses internet connectivity, even though it gets an IP for the WAN from the ISP (while verizon can't see anything wrong from their end). once i Disable Encrypt DSN and save/apply/reboot again - my internet comes back.
my current router is a wrt1200acV2 and AdGuard is setup and working beautifully on it (according to dnsleaktest), but when i attempt the same thing on this new r7500v2 i would ultimately like to replace my current router with - the internet drops - so what gives? i'm tempted to simply keep my current router and sell this r7500v2 because it gives me zero assurance that it's actually able to protect me from my nosy isp.
Last edited by consorts on Fri Aug 03, 2018 18:44; edited 1 time in total
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Fri Aug 03, 2018 18:43 Post subject:
consorts wrote:
i was going to start a new topic, but since it's related;
this thread discusses dnsmasq but it does not actually hit on using
Encrypt DNS
DNS Crypt Resolver
AdGuard DNS (for example)
i don't see the point of doing dnsmasq if you don't encrypt it too.
my problem is on fios (using the latest dd-wrt beta) every time i enable Encrypt DNS and give it any Resolver, once i save/apply/reboot, my r7500v2 loses internet connectivity, even though it gets an IP for the WAN from the ISP (while verizon can't see anything wrong from their end). once i Disable Encrypt DSN and save/apply/reboot again - my internet comes back.
my current router is a wrt1200acV2 and AdGuard is setup and working beautifully on it (according to dnsleaktest), but when i attempt the same thing on this new r7500v2 i would ultimately like to replace my current router with - the internet drops - so what gives? i'm tempted to simply keep my current router and sell this r7500v2 because it gives me zero assurance that it's actually able to protect me from my nosy isp.
maybe its adguard's dns that dont work with dnssec (thats what ur doing right)? i dislike their dns cause every time i tried it they break a bus load of things, while letting many ads and trackers through that are dns blockable just fine.. and their anycast network isnt on the scale of cloudflare, opendns etc so my latency to them is unacceptable.
why not try making ur own dns ad/track blocker with dnsmasq? instant <1ms blocking response time cause its locally done, then u can use whatever dns u want that works with encrypted dns. i started that 2 months ago with a mostly custom made one from scratch, ill have a hard time looking back now without using it especially on phones etc. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
New twist on dnsmasq dns. It's all working fine when it's working. But if you reboot the router like I've been doing to test things it breaks dns until all the dhcp clients are either renewed or rebooted. Good indicator of what dns is working are the listings in DHCP Clients table within dd-wrt
This might very well be a client configuration because I've got Kodi running on Libreelec installs and they appear to just show up again without renew or reboot
ping myth
ping: bad address 'myth'
After dhclient is renewed
ping myth
PING myth (192.168.0.50): 56 data bytes
64 bytes from 192.168.0.50: seq=0 ttl=64 time=1.101 ms
Wondering if there is a persistent option wether the client is connected or not
Maybe I should make lease time 1 minute
Last edited by bbolin on Fri Aug 03, 2018 19:11; edited 2 times in total
maybe its adguard's dns that dont work with dnssec
no, whether dnssec is enabled or not makes no difference.
and i'd rather not get side tracked on to which resolver is best, i simply want to get the encrypt dns to work to ANY resolver. while i applaud your locally developed dns, i don't want to bother with all that housekeeping either. frankly i don't care about ads, i just want to make sure verizon can't spy on me.
i'm just surprised this is such a stumbling block on what was supposed to be a much better router than the one i'm using currently. i suppose it's a dd-wrt support community thing, not the router's fault, where linksys probably gets more attention from the dd-wrt community than netgear
anyway, if anyone out there actually has the encrypt dns feature enabled and working, i'd love to know your settings beyond this faq so i can figure out where i'm going wrong;
as this faq worked perfectly at making my linksys dd-wrt install encrypt dns without any headaches and according to dnsleaktest all my dns is something very anonymous to my isp.
Not too sure why ya'll have so much trouble with DNSMasq.
My conf on the EA8500 running r36410.
I'm also running 'Recursive DNS Resolving' but DNSMasq works just as well if I have that turned off and let it use the DNS I have set.
Not too sure why ya'll have so much trouble with DNSMasq.
i'm not.
it's Encrypt DNS that's screwing up,
but thanks for going to all that trouble
i'm sure other readers will benefit from it.
i don't think posters here realize that as long as your dns lookups are not encrypted, it does not matter who your dns is from - your isp can still read what sights you lookup (unless like tatsuya46 most of your dns is locally cached). so the only way to ensure privacy from your isp is to encrypt your dns to a private resolver - it's like having a vpn that works only for your dns traffic. just like a vpn, any private resolver can also resell dns traffic metadata - but you don't pay or register with them, so they don't know who you are, unlike your own isp or even most paid vpn.
below is NOT from a r7500r2, and may NOT work for you.
a detail not discussed in the faq i linked to earlier is;
your isp may continue to try to modify your router's dns
so you should fill in dns2 and dns3 with something, even
if you don't actually use those dns, so even though you
see 8844 4224 - they are NOT being used, and what is used
through the adguard encrypted "WoodyNet" is 9999 8888 4222.
Last edited by consorts on Sat Aug 04, 2018 13:16; edited 5 times in total
@ consorts I was really referring to original poster but BTW, when I turn on 'Encrypt DNS' it works just fine for me ..... used it for weeks on end before.