Help obtaining DNS via tunnel using DNSMASQ config file...

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
a15995
DD-WRT User


Joined: 18 Oct 2016
Posts: 96
Location: Copenhagen, Denmark

PostPosted: Mon Sep 05, 2022 17:02    Post subject: Help obtaining DNS via tunnel using DNSMASQ config file... Reply with quote
Since r47665 I have not been able to preserve static leases after reboot when entered in the GUI (/Services.asp). I think this is an error that has not been resolved.

Never the less, I made a config file which is loaded under "Additional Options" calling it via "conf-file=/../...conf". This works but there is a problem. The first DNS server is ignored since it is not present at the time of load since it is a PiHole DNS (10.66.66.1) through a WireGuard tunnel.

Code:
dhcp-option=tag:staticdns,option:dns-server,10.66.66.1,1.1.1.1,208.67.222.222
dhcp-host=00:00:00:00:00:00,set:staticdns,192.168.1.100,Computer1,infinite
...


This DOES work, when static leases are entered in the GUI and the first DNS server (also in the GUI) is 10.66.66.1 - apparently, the tunnel is available when the GUI loads the static leases.

So, my question is this: How do I delay, force or otherwise insist on the 10.66.66.1 DNS via tunnel, when using DNSMASQ/command line?

Maybe something like server=/10.66.66.1/192.168.1.1/ before the conf-file is called or similar?

If this cannot be done I would have to revert to a previous version where static leases via GUI are preserved on start up.

Thanks,

_________________
/Søren
Netgear Nighthawk X4S (R7800 ver. 1) | Atheros/Qualcomm(ARMv7) | IPQ8065 dual-core 1.7 GHz | AC2600 | 512 MB RAM | 128 MB FLASH | 128 KB NVRAM
Firmware: DD-WRT v3.0-r55109 std (02/09/24)
Install guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Tue Sep 06, 2022 11:40    Post subject: Reply with quote
since 47665 there ware a lot of changes/fixes regarding wi-fi, security, gui, dnsmasq, WG and ect.
not bad to run/use the latest builds...

what i use for static leases, instead of GUI static leases box's, i use advanced DNSmasq box to add leases in this format..

dhcp-host=xx:xx:22:xx:xx:xx,PC1,192.168.1.101,infinite

and than this line should be for pointing to your external DNS..

dhcp-option=6,10.66.66.1

and those could be for alternative DNS

dhcp-option=altdns,6,1.1.1.1,208.67.222.222


In general I disable DNSmasq strict order and cache...

Ive no idea why WG is not using your primary DNS inside the tunnel...
may be you have to force it...
as there is an reported issues related to DNSmasq and WG / VPN

"Known Problems
Starting with build 49792, upstart code has been changed for a lot of services a.o. DNSMasq.
This means that it is not properly (re)started but only reloaded for services like WireGuard server and OpenVPN server this results in DNSMasq not properly listening on all interfaces hence no DNSMasq for WG and OVPN clients unless DNSMasq is properly restarted with:

"stopservice dnsmasq && startservice dnsmasq"

You can add this to the Firewall script "

In my case, i have an OpenVPN client and Stubby DoT...plus adblocker, but don't need it yet

stopservice dnsmasq && startservice dnsmasq

have a look at WG gides
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Wed Sep 07, 2022 7:11    Post subject: Reply with quote
I have checked static leases via the GUI on 50012 and 50057 and they were working.
You have to press Save after each Add, but most of us use the trick @Alozoros described:
dhcp-host=xx:xx:22:xx:xx:xx,PC1,192.168.1.101,infinite

Far easier and also portable.

You can add a DNS server in the WireGuard interface which DNSMasq will then use after it setup the tunnel, so you do not add that server in the Static leases but in the WG interface.

The WireGuard Client Setup guide has a paragraph about using DNS via the WG tunnel.
To work it needs a proper DNSMasq setup so if you disable DNSMasq or start messing with it it might not work.

The new restart code of some packages i.e. DNSmasq is buggy so you might need a: stopservice dnsmasq && startservice dnsmasq after the tunnel is up just as @Alozoros described but I do not think that is necessary

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
a15995
DD-WRT User


Joined: 18 Oct 2016
Posts: 96
Location: Copenhagen, Denmark

PostPosted: Thu Sep 08, 2022 16:22    Post subject: Reply with quote
egc wrote:
I have checked static leases via the GUI on 50012 and 50057 and they were working.
You have to press Save after each Add, but most of us use the trick @Alozoros described:
dhcp-host=xx:xx:22:xx:xx:xx,PC1,192.168.1.101,infinite


Thanks both!

But the GUI does not preserve the entries after restart (and I did press save after each add) - all entries are blank besides the first one. On r47665 and earlier they are all preserved on reboot. I even tried deleting them all and entering two leases which stayed until reboot - then there was only the first one left and a blank line.

I have tried backing up NVRAM and the entries are in fact all there - they are just not loaded on reboot...

_________________
/Søren
Netgear Nighthawk X4S (R7800 ver. 1) | Atheros/Qualcomm(ARMv7) | IPQ8065 dual-core 1.7 GHz | AC2600 | 512 MB RAM | 128 MB FLASH | 128 KB NVRAM
Firmware: DD-WRT v3.0-r55109 std (02/09/24)
Install guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Thu Sep 08, 2022 16:56    Post subject: Reply with quote
a15995 wrote:
egc wrote:
I have checked static leases via the GUI on 50012 and 50057 and they were working.
You have to press Save after each Add, but most of us use the trick @Alozoros described:
dhcp-host=xx:xx:22:xx:xx:xx,PC1,192.168.1.101,infinite


Thanks both!

But the GUI does not preserve the entries after restart (and I did press save after each add) - all entries are blank besides the first one. On r47665 and earlier they are all preserved on reboot. I even tried deleting them all and entering two leases which stayed until reboot - then there was only the first one left and a blank line.

I have tried backing up NVRAM and the entries are in fact all there - they are just not loaded on reboot...


There ware few GUI updates for those, but don't remember on witch build... try to use non-chrome based browser, reset cache, do not use add-on's use private mode...(for GUI i use pale-moon browser ) on the new builds GUI its ok... is there a chance you are out of nvram ? (probb not as R7800 is 128k)

as well do not use save files from different builds...after reset rebuild settings manually.. Cool
going back and forth different builds, reset is compulsory... Rolling Eyes

the other thing in mind is, devices names, if those contain not supported symbols or space/intervals

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
a15995
DD-WRT User


Joined: 18 Oct 2016
Posts: 96
Location: Copenhagen, Denmark

PostPosted: Sun Apr 09, 2023 11:12    Post subject: Reply with quote
This problem has been worked around. Disabling JFFS2 preserves the static entries in the GUI (as well as not messing up the WireGuard keys' trailing '='s).

The only problem now is that an external USB is mounted too late (compared to JFFS) to have any relevance as to holding *.startup files or other scripts needed at boot. Also mounted too late to execute config files for DNSMasq in a timely manner (syslog indicates that the file is not present).

The obvious solution to this is to put the scripts directly in the GUI (which messes things up a bit).

How do you store scripts needed at boot when JFFS2 is not working/not a good solution in other respects?

_________________
/Søren
Netgear Nighthawk X4S (R7800 ver. 1) | Atheros/Qualcomm(ARMv7) | IPQ8065 dual-core 1.7 GHz | AC2600 | 512 MB RAM | 128 MB FLASH | 128 KB NVRAM
Firmware: DD-WRT v3.0-r55109 std (02/09/24)
Install guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2900
Location: Germany

PostPosted: Sun Apr 09, 2023 11:40    Post subject: Reply with quote
You need to delete your jffs and recreate it. (if you have not done it yet)
BS changed the size of the jffs2 partition a few months ago.


I have no problems with jffs and static leases here.
Also not with TurboQAM ...

Maybe you should reset your router and reconfigure it from scratch
a15995
DD-WRT User


Joined: 18 Oct 2016
Posts: 96
Location: Copenhagen, Denmark

PostPosted: Sun Apr 09, 2023 13:07    Post subject: Reply with quote
ho1Aetoo wrote:
You need to delete your jffs and recreate it. (if you have not done it yet)
BS changed the size of the jffs2 partition a few months ago.


I have no problems with jffs and static leases here.
Also not with TurboQAM ...

Maybe you should reset your router and reconfigure it from scratch


I did delete the JFFS and recreated it (because the build forced me to probably due to the change in size as you point out).

I also reset the router (hard reset) before manually inputting everything in r52217 and testing. Took me two days...

JFFS act the same - I can do it, I can work with it, but when I reboot the router all the static leases disappear (but still present in NVRAM) leaving empty spaces and not handing out the static leases. Also, as pointed out, the trailing '='s disappear from all Wireguard keys. If JFFS is disabled there are no problems.

Maybe something else is going on but everything was input manually and I still get this issue, which is not present in versions r47665 and prior in my setup.

_________________
/Søren
Netgear Nighthawk X4S (R7800 ver. 1) | Atheros/Qualcomm(ARMv7) | IPQ8065 dual-core 1.7 GHz | AC2600 | 512 MB RAM | 128 MB FLASH | 128 KB NVRAM
Firmware: DD-WRT v3.0-r55109 std (02/09/24)
Install guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12814
Location: Netherlands

PostPosted: Sun Apr 09, 2023 13:23    Post subject: Reply with quote
Do you have JFFS2 enabled and have an USB stick (with JFFS).

That is something which is incompatible.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
a15995
DD-WRT User


Joined: 18 Oct 2016
Posts: 96
Location: Copenhagen, Denmark

PostPosted: Mon Apr 10, 2023 15:46    Post subject: Reply with quote
egc wrote:
Do you have JFFS2 enabled and have an USB stick (with JFFS).

That is something which is incompatible.


Yes, and I finally found what was incompatible - the cleanup script taken from the DD-WRT wiki (https://wiki.dd-wrt.com/wiki/index.php/Useful_Scripts#Remove_unused_NVRAM_parameters). This script was present as a *.startup file and apparently it would unset variables being used - like the static leases and also messed with the WG keys.

So, of course, everytime JFFS2 was enabled the file in /jffs/etc/config would be executed on startup which is why I made the connection to JFFS2.

I guess that script is obsolete/should be rewritten.

Sorry for wasting your time.

_________________
/Søren
Netgear Nighthawk X4S (R7800 ver. 1) | Atheros/Qualcomm(ARMv7) | IPQ8065 dual-core 1.7 GHz | AC2600 | 512 MB RAM | 128 MB FLASH | 128 KB NVRAM
Firmware: DD-WRT v3.0-r55109 std (02/09/24)
Install guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 2900
Location: Germany

PostPosted: Mon Apr 10, 2023 16:00    Post subject: Reply with quote
Mhm we probably should have asked if you use something like that.
The behavior is known.

I ran the script dry on my router a while ago - the script would also delete my DDNS configuration.

the r7800 also has enough nvram memory with 128KB
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum