R7800: Small JFFS - 25MB

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2, 3  Next
Author Message
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue May 03, 2022 15:30    Post subject: Reply with quote
egc wrote:

But although I can make it, the big Kahuna has to endorse it, so no guarantee (and as I am busy the upcoming week, it can take some time)


Well that was faster than I expected Very Happy

@egc and @Alozaros: big security risk:

I have a question about your example here:

Code:
root@EA8500:/tmp# cat smartdns.conf
bind :6053
prefetch-domain yes
serve-expired yes
log-size 64K
log-num 1
log-level error
log-file /tmp/smartdns.log
server 1.0.0.1
server 9.9.9.9
server 192.168.0.1
#test smartdns
#options


You're appending the text on the textarea to the config file. Now what about lines like:

Code:
server 1.0.0.1
server 9.9.9.9
server 192.168.0.1


Appending the textarea config means SmartDNS it would still be using those insecure servers that people might dislike. There would be no way to remove those from the config... Or am I missing something?

If there's text in the textarea we could replace the default config entirely instead of appending. With that said the translation would have to say something like "Custom SmartDNS Resolver Configuration".

What's your view?

Thank you.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue May 03, 2022 15:58    Post subject: Reply with quote
Usually you can override settings.

I am not using SmartDNS but I would imagine that those servers are the ones you yourself have set.


Edit: https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue May 03, 2022 16:06    Post subject: Reply with quote
egc wrote:
Usually you can override settings.

I am not using SmartDNS but I would imagine that those servers are the ones you yourself have set.


Edit: https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter


In SmartDNS if you've multiple lines saying server x, server y it will use both servers. Appending the custom config will do that. So there's effectively no way to override settings.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue May 03, 2022 16:14    Post subject: Reply with quote
Those servers are the ones you yourself have set.
So set other servers if you want other servers.

Seeing that you also have set 192.168.0.1 (probably the routers IP address) it might be even be possible that you have made a setup error and set the routers IP address as Local DNS (which is wrong if the router is in normal Gateway mode)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue May 03, 2022 16:32    Post subject: Reply with quote
egc wrote:
Those servers are the ones you yourself have set.
So set other servers if you want other servers.

Seeing that you also have set 192.168.0.1 (probably the routers IP address) it might be even be possible that you have made a setup error and set the routers IP address as Local DNS (which is wrong if the router is in normal Gateway mode)


I was just using egc's config as an example. So you're saying those servers are populated from Setup > Basic Setup > Network Setup? If nothing is set there it shouldn't add any server to the config?

What about Static DNS 1-3? Those are passed to DHCP clients and they also seem to be added to the SmartDNS config. Here's my config:



Maybe the Static DNS servers shouldn't be added to the SmartDNS config?

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue May 03, 2022 16:42    Post subject: Reply with quote
hmmm to use SmartDNS ....only...you'd need those lines in additional DNSmasq config box
no-resolv
cache-size=0
server=127.0.0.1#6053

to use SmartDNS ipv6 DNS option you have to disable DNSmasq as a resolver...

"..Note: if you need to support IPV6, you can set the worke-mode to 2, this will disable the DNS service of dnsmasq, and smartdns run as the primary DNS server. Change SMARTDNS_WORKMODE in the file config file or i guess directly in this new config box

SMARTDNS_WORKMODE="2"

lots of useful details https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue May 03, 2022 16:59    Post subject: Reply with quote
Alozaros wrote:
hmmm to use SmartDNS ....only...you'd need those lines in additional DNSmasq config box
no-resolv
cache-size=0
server=127.0.0.1#6053

to use SmartDNS ipv6 DNS option you have to disable DNSmasq as a resolver...

"..Note: if you need to support IPV6, you can set the worke-mode to 2, this will disable the DNS service of dnsmasq, and smartdns run as the primary DNS server. Change SMARTDNS_WORKMODE in the file config file or i guess directly in this new config box

SMARTDNS_WORKMODE="2"

lots of useful details https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter


Let's put aside IPv6 and DNSmasq for now. What you saw is what my router generates by default for SmartDNS:

Code:
server-name XXXX
bind [::]:6053
serve-expired yes
log-size 64K
log-num 1
log-level error
log-file /tmp/smartdns.log
server 172.21.1.1
server 2606:4700:4700::1001
server 2606:4700:4700::1111


According to the documentation:

Quote:
server Upstream UDP DNS server


SmartDNS will use 172.21.1.1, 2606:4700:4700::1001 and 2606:4700:4700::1111 to resolve DNS queries.

I know that 2606:4700:4700::1001/2606:4700:4700::1111 are coming from the IPv6 tab (ignoring for now), but what about 172.21.1.1??

It doesn't seem useful to have something that comes from the "Static DNS servers" / LAN DHCP settings to be copied over to SmartDNS.

It can also create a loop because: lan computer asking for a DNS record > dnsmasq (server=127.0.0.1#6053) > smartdns (server 172.21.1.1) > points back to dnsmasq...

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue May 03, 2022 17:11    Post subject: Reply with quote
Of course you create a loop, the Static DNS are for upstream servers whether used by DNSMasq or by SmartDNS.

So setting the routers address is just wrong.

My advice first learn the basics before you do advanced stuff Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue May 03, 2022 17:23    Post subject: Reply with quote
egc wrote:
the Static DNS are for upstream servers whether used by DNSMasq or by SmartDNS


If that's the case how can one set the DNS servers advertised via DHCPD to the LAN computers?

Up until now I was under the impression that:

- Network Setup > Local DNS: upstream servers whether used by DNSMasq or by SmartDNS

- Network Address Server Settings (DHCP) > Static DNS 1-4: DNS servers to be advertised to your LAN via DHCP.

After all it is placed inside Network Address Server Settings (DHCP).

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Tue May 03, 2022 17:41    Post subject: Reply with quote
dnsmasq is a dns fowarder or a dns server itself

if you have activated dnsmasq in the GUI then the clients get the IP address of the router as DNS server

The clients query dnsmasq on the router and dnsmaqs forwards the queries to the upstream DNS servers which are configured as "static DNS addresses".

Client <--> dnsmasq <--> upstream DNS
Client <--> dnsmasq <--> unbound <--> recursive DNS
Client <--> dnsmasq <--> smartdns <--> upstream DNS

etc


and if you disable dnsmasq in the GUI then the clients get directly the "static DNS servers" via DHCP.

( at least in the first example ... how it behaves with unbound or smartdns I would have to look first)


Last edited by ho1Aetoo on Tue May 03, 2022 17:54; edited 1 time in total
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue May 03, 2022 17:52    Post subject: Reply with quote
@ho1Aetoo what you described was by idea of it, however:

ho1Aetoo wrote:

The clients query dnsmasq on the router


Im my observation if I set the "Static DNS 1" to "1.1.1.1" my LAN machines will get 1.1.1.1 as their DNS server, a complete bypass of the router's dnsmasq and the rest of the pipeline...

ho1Aetoo wrote:

and if you disable dnsmasq in the GUI then the clients get directly the "static DNS servers" via DHCP.


I'll test it again but this is undocumented behaviour that is hard to understand for the majority of people.

It is not about "not knowing the basics" it just doesn't make sense to have something into the DHCPD section and then it doesn't get used because we've another setting somewhere turned on. If it says "DHCP Server Settings" one expects it always advertises those IPs.

Wasn't it easier to just have it working like this:

- Network Setup > Local DNS: upstream servers whether used by DNSMasq or by SmartDNS

- Network Address Server Settings (DHCP) > Static DNS 1-4: DNS servers to be advertised to your LAN via DHCP.

Thank you.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2927
Location: Germany

PostPosted: Tue May 03, 2022 18:18    Post subject: Reply with quote
for me it makes sense the way it is

the option is called "use DNSMasq for DNS" (WebIF > Setup)
if you activate the option dnsmasq is used as DNS cache / fowarder etc and the clients get the IP address of the router (dnsmasq) via DHCP
and if you deactivate the option they get directly the address of the upstream DNS server

but you can also control manually what the clients get via DHCP

WebIF > Services > additional dnsmasq option

dhcp-option=br0,6,xxx.xxx.xxx.xxx

(br0 is the interface ..)
and yes this is a bit advanced and you have to deal with it a bit
but there are some stickies in the forum where this is discussed and the necessary settings are shown or explained
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Tue May 03, 2022 19:03    Post subject: Reply with quote
adding a private address to DNS box is not the best option and can be a reason for mess...
as the other said you can use either:
-direct link to DNS servers...(no DNSmasq or SmartDNS)
-DNS via DNSmasq + SmartDNS
-DNSmasq or SmartDNS stand-alone...

my advise is stick to commands and DNS specified in advanced DNSmsaq box
or either use one of the 3 options above...

best bet is DNSmasq + SmartDNS so add those 2 lines in advanced DNSmasq rules:

no-resolv
server=127.0.0.1#6053

and using DNS resolvers only specified in SmartDNS config...
do not add DNS in those 3-4 static DNS box's even if you add any they must be out-ruled by no-resolv command...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue May 03, 2022 19:37    Post subject: Reply with quote
@Alozaros and @ho1Aetoo,

I was just testing this and it does seem to work like you described. I'm 90% certain however that in some old build not setting my router as Static DNS 1 would leave my DHCP clients without a DNS server.

My current setup in a r47822 router looks like this and works:




And it produces this:

Code:
root@XXXX:~# cat /tmp/smartdns.conf
server-name XXXX
bind [::]:6053
serve-expired yes
log-size 64K
log-num 1
log-level error
log-file /tmp/smartdns.log

root@XXXX:~# cat /tmp/dnsmasq.conf
interface=br0,vlan61,oet1,oet2
resolv-file=/tmp/resolv.dnsmasq
server=127.0.0.1#6053
no-resolv
domain=XXXXXXX
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=265
dhcp-option=br0,3,172.21.1.1
dhcp-authoritative
(....)
bogus-priv
conf-file=/etc/rfc6761.conf
clear-on-reload
dhcp-option=252,"\n"
cache-size=0
interface=oet1
interface=tun2
local=/xxxxxxx/
expand-hosts
domain-needed
stop-dns-rebind
rebind-localhost-ok


DHCP client is getting the router IP as DNS server:



So effectively the options you mentioned @Alozaros are there. Smile This way there are no insecure servers in SmartDNS and the implementation by @egc should work.

Thank you all.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Tue May 03, 2022 19:59    Post subject: Reply with quote
Just installed r48786 and everything works as expected!



Thank you very much for the implementation @egc and the rest of you for the patience and eventually an explanation of what's really going on behind the scenes in the DHCP Server section.

Maybe this posts can be moved to https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=323896 in order to complement the rest of the guides and discussion?

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Goto page Previous  1, 2, 3  Next Display posts from previous:    Page 2 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum