DNS problems with DHCP

[MaxMW]

Hi

I have a RT-AC66U with Asuswrt-Merlin, but im having an issue with my DHCP setup.

When clients get an IP they also get the DNS that i have manually set up - BUT they also get the routers IP as secondary DNS, and this causes all kinds of problems since i need all clients to ONLY have the DNS i manually typed in.

I cant find any settings to fix this, and must admit that i dont really understand the dnsmasq.conf file enough (and also the only ip visible in the conf file is the manually typed IP - but still my clients get the router IP as secondary DNS)

I hope someone can help

 

[ethician]

I am assuming I understand the problem described.

As 99% of the rc base is compiled-in, the code responsible for this behaviour can be found under

release/src/router/rc/services.c

on line 783

fprintf(fp, "dhcp-option=lan,6,%s,0.0.0.0\n", value);

which should generate a dnsmasq config file at /etc/dnsmasq.conf containing the above mentioned line telling dnsmasq to give its DHCP clients your custom IP plus 0.0.0.0, which dnsmasq converts to, quote, "the address of the machine running dnsmasq" (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html).

Therefore, one option is to change that above line and re-compile the firmware.

 

[owine]

I am assuming I understand the problem described.

As 99% of the rc base is compiled-in, the code responsible for this behaviour can be found under

release/src/router/rc/services.c

on line 783

fprintf(fp, "dhcp-option=lan,6,%s,0.0.0.0\n", value);

which should generate a dnsmasq config file at /etc/dnsmasq.conf containing the above mentioned line telling dnsmasq to give its DHCP clients your custom IP plus 0.0.0.0, which dnsmasq converts to, quote, "the address of the machine running dnsmasq" (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html).

Therefore, one option is to change that above line and re-compile the firmware.

One could also use a dnsmasq.postconf file to pc_replace that line with a blank which theoretically would rectify the behavior. A bit simpler than editing source and recompiling.

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

 

[john9527]

....
fprintf(fp, "dhcp-option=lan,6,%s,0.0.0.0\n", value);
...
Therefore, one option is to change that above line and re-compile the firmware.

Or use a dnsmasq.postconf script to modify that line.....

 

[ethician]

Right you are guys, as I constantly keep rebuilding the firmware, such a simple solution completely slipped my mind.

One could also use a dnsmasq.postconf file to pc_replace that line with a blank which theoretically would rectify the behavior. A bit simpler than editing source and recompiling.

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

As john9527 said, you have to replace the line with what you need. If you simply remove the line, dnsmasq, by default, uses 0.0.0.0.

 

[owine]

Right you are guys, as I constantly keep rebuilding the firmware, such a simple solution completely slipped my mind.



As john9527 said, you have to replace the line with what you need. If you simply remove the line, dnsmasq, by default, uses 0.0.0.0.

You are likely correct, I assumed that this was an additional line since his dnsmasq was already giving the resolvers he wanted.

 

[MaxMW]

Thanks a lot for your replies!

However i am still a bit confused as what i exactly have to do.
Currently my dnsmasq.conf includes this line:

dhcp-option=lan,6,10.10.10.10

Which i assumed was correct, but still it adds the routers own IP as well.
What should the line look like to get the right result? (beeing that all computers using DHCP only get the single custom IP, and not the routers IP)

Thanks again for your help so far!

 

[kevindb]

Thanks a lot for your replies!

However i am still a bit confused as what i exactly have to do.
Currently my dnsmasq.conf includes this line:

dhcp-option=lan,6,10.10.10.10

Which i assumed was correct, but still it adds the routers own IP as well.
What should the line look like to get the right result? (beeing that all computers using DHCP only get the single custom IP, and not the routers IP)

Thanks again for your help so far!

What other 'dhcp-option=lan,6' lines are in /etc/dnsmasq.conf?
Another thing to do is add 'log-dhcp' to dnsmasq.conf which will enable dhcp logging to syslog. You can then see exactly what dhcp requests are being received *and* how dnsmasq is responding to them.

 

[MaxMW]

What other 'dhcp-option=lan,6' lines are in /etc/dnsmasq.conf?
Another thing to do is add 'log-dhcp' to dnsmasq.conf which will enable dhcp logging to syslog. You can then see exactly what dhcp requests are being received *and* how dnsmasq is responding to them.

My dnsmasq.conf (i found it in jffs/configs, but im not even sure its the active config?):

pid-file=/var/run/dnsmasq.pid
user=nobody
resolv-file=/tmp/resolv.conf
no-poll
min-port=4096
bind-dynamic
interface=br0
domain=domain.local
expand-hosts
no-negcache
cache-size=1500
dhcp-range=lan,10.10.10.101,10.10.10.254,255.255.255.0,86400s
dhcp-lease-max=253
dhcp-authoritative
dhcp-option=lan,15,domain.local
dhcp-option=lan,3,10.10.10.1
dhcp-option=lan,6,10.10.10.10
dhcp-option=lan,44,10.10.10.10
quiet-dhcp
address=/#/10.0.0.1

As you can see the routers IP (10.10.10.100) isnt mentioned anywhere - however it is still given to the DCHP computers.

I really appreciate everyone helping so far!

 

[kevindb]

My dnsmasq.conf (i found it in jffs/configs, but im not even sure its the active config?):

pid-file=/var/run/dnsmasq.pid
user=nobody
resolv-file=/tmp/resolv.conf
no-poll
min-port=4096
bind-dynamic
interface=br0
domain=domain.local
expand-hosts
no-negcache
cache-size=1500
dhcp-range=lan,10.10.10.101,10.10.10.254,255.255.255.0,86400s
dhcp-lease-max=253
dhcp-authoritative
dhcp-option=lan,15,domain.local
dhcp-option=lan,3,10.10.10.1
dhcp-option=lan,6,10.10.10.10
dhcp-option=lan,44,10.10.10.10
quiet-dhcp
address=/#/10.0.0.1

As you can see the routers IP (10.10.10.100) isnt mentioned anywhere - however it is still given to the DCHP computers.

I really appreciate everyone helping so far!

The active one dnsmasq uses is '/etc/dnsmasq.conf'

If you've just 'dnsmasq.conf' in /jffs then that will be completely ignored. You would need to put it in /jffs/configs. But I would recommend instead that you use a '/jffs/configs/dnsmasq.conf.add' file instead which will get appended to the system default /etc/dnsmasq.conf which is generated dynamically under various conditions.

And whilst you're debugging this I strongly recommend 'log-dhcp' in there as well. It will show exactly what's going on.

 

[MaxMW]

The active one dnsmasq uses is '/etc/dnsmasq.conf'

If you've just 'dnsmasq.conf' in /jffs then that will be completely ignored. You would need to put it in /jffs/configs. But I would recommend instead that you use a '/jffs/configs/dnsmasq.conf.add' file instead which will get appended to the system default /etc/dnsmasq.conf which is generated dynamically under various conditions.

And whilst you're debugging this I strongly recommend 'log-dhcp' in there as well. It will show exactly what's going on.

Hi Kevindb

You where right! i checked the etc/dnsmasq.conf and it had the following line:
dhcp-option=lan,6,10.10.10.10,0.0.0.0

Where the 0.0.0.0 is being replaced with the router IP when starting up (like ethician mentioned). So now it makes sence.

However my problem now is what exactly do i do?
Will it work if i create a /jffs/configs/dnsmasq.conf.add file? wont that mean that the conf file will have 2 similar lines? and i am still unsure how it ends up having the 0.0.0.0 in the etc/dnsmasq.conf file.

Also .. what command do i run to even create the .add file in a telnet session?

 

[john9527]

Hi Kevindb

You where right! i checked the etc/dnsmasq.conf and it had the following line:
dhcp-option=lan,6,10.10.10.10,0.0.0.0

Where the 0.0.0.0 is being replaced with the router IP when starting up (like ethician mentioned). So now it makes sence.

However my problem now is what exactly do i do?
Will it work if i create a /jffs/configs/dnsmasq.conf.add file? wont that mean that the conf file will have 2 similar lines? and i am still unsure how it ends up having the 0.0.0.0 in the etc/dnsmasq.conf file.

Also .. what command do i run to even create the .add file in a telnet session?

Create dnsmasq.postconf in /jffs/scripts with the following......

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "dhcp-option=lan,6,10.10.10.10,0.0.0.0" "dhcp-option=lan,6,10.10.10.10" $CONFIG
exit

- make sure to use a Linux compatible editor (such as that in WinSCP, or the built in vi editor)
- after you create the file, make it executable with chmod a+rx /jffs/scripts/dnsmasq.postconf

 

[MaxMW]

Thanks everyone, for your help!

I never understood why my /jffs/configs/dnsmasq.conf file had a different content then my etc/dnsmasq.conf - but when i was following your advise, i had to enable the jffs custom scripts and configs - and afterwards i just checked the etc/dnsmasq.conf again - and lo and behold, no extra 0.0.0.0 in the dhcp-option=lan,6.

I tested and everything works fine now. There is no router IP in the DNS any more.

I still don't really understand why the router chooses to add its own IP, unless checking off the custom scripts.

 

[kevindb]

If you empty the 'DNS server' under LAN-> DHCP Server then Asuswrt won't write a 'dhcp-option,lan,6,10.....' line in the dnsmasq.conf, allowing you to simply add the required line in a 'dnsmasq.conf.add' file.

The question I have is why you cannot let dnsmasq do it's excellent job of being a caching dns resolver?

 

[MaxMW]

If you empty the 'DNS server' under LAN-> DHCP Server then Asuswrt won't write a 'dhcp-option,lan,6,10.....' line in the dnsmasq.conf, allowing you to simply add the required line in a 'dnsmasq.conf.add' file.

The question I have is why you cannot let dnsmasq do it's excellent job of being a caching dns resolver?

The reason is that i am not using the router as a router - its basically just an AP and DHCP (for a number of reasons). But every DNS request made to the router returns 10.0.0.1 - of course i could also just have tried to fix this problem, but i got the feeling that part of the problem is that we are not using the routers WAN port.
Also i would rather just have the correct DNS server, and not an extra dns relay.

 

[kevindb]

Ah, I understand

By default, dnsmasq sends some standard options to DHCP clients, the netmask and broadcast address are set to the same as the host running dnsmasq, and the DNS server and default route are set to the address of the machine running dnsmasq. So arguably Asus don't actually need to specify them in most cases. At least you've found a way to get things overridden

 

[Fredex]

I am coming to this conversation very late, hope someone sees this...

I'm struggling with this exact issue on my RT-N16 router. I tried following the solution given above, but apparently /jffs is read-only, so I can't create a "scripts" directory, or write anything into it.

Am I stuck? or am I simply working in the wrong place? Workarounds?

thanks in advance!

Fredex

PS: my router is running the latest beta firmware from Asus: 9.0.0.4.380_2985-gfca31e3

I'm attempting to do this because: I've brought up my own nameserver inside my LAN, intended to be a recursive caching nameserver. since most systems are using DHCP it seemed straightforward to simply change the DNS address that DHCP serves out to all those machines. unfortunately Asus (like Microsoft) apparently knows better than I do what I need. I do not want the router used as a nameserver, I want my separate nameserver, only. sigh.

 

[ColinTaylor]

PS: my router is running the latest beta firmware from Asus: 9.0.0.4.380_2985-gfca31e3

You need to be running a third party firmware, like Merlin's or John's to enable user scripts. It's not available in the stock firmware.

 

[Fredex]

You need to be running a third party firmware, like Merlin's or John's to enable user scripts. It's not available in the stock firmware.

Yeah, once I figured out that these forums were talking about some alternative firmware (which wasn't obvious, since I jumped into the middle of the discussion based on a link from a search engine) I was afraid that was the case.

can you drop a URL where I could find those alternative firmware(s) ?

 

[ColinTaylor]

can you drop a URL where I could find those alternative firmware(s) ?

Merlin is no longer actively supporting the RT-N16 , but John is . I'm running John's (fork of Merlin's) firmware and can highly recommend it.

https://www.snbforums.com/threads/fork-asuswrt-merlin-374-43-lts-releases-v24e2.18914/