Archive for December, 2011

Using the E3000 as a caching DNS server (on dd-wrt)

Saturday, December 31st, 2011

Due to popular demand I’ll post this on how to use the E3000 as a generic DNS server. I’t will be very brief, you have to fill in the blanks yourself.

First you have to get the support tools in place for this. dd-wrt is build for smallish setups as well, so some of the tools are quite limited to say the least. There are basically two routes:

  • Fiddle with the internal flash so that you can use the built-in ipkg on a jffs2 mounted flashdrive
  • Mount an USB stick, download ipkg-opt and work from there

I choose the latter. Primarily due to the fact that, that option gave me 4GB of space in /opt. It is actually quite simple

dd-wrt usb flash

dd-wrt usb flash

You then install ipkg-opt and companion tools (uclib-opt). You can use this wiki post on the dd-wrt wiki.

After that you can install all your extensions through ipkg-opt (or download them by hand). For my DNS resolver needs I choose the wonderful dnsmasq software. It acts as DNS/DHCP and TFTP software. From my router

root@dd-wrt:/opt/sbin# ipkg-opt list | grep -i dnsmasq
dnsmasq – 2.58-1 – DNS and DHCP server

The observant reader noticed that dd-wrt calls /opt/etc/config/startup in the screenshot abov (after having mounted /opt). This script is the startup script of all your /opt related stuff. I went with something like

#!/bin/sh

unset LD_LIBRARY_PATH
unset LD_PRELOAD

[ -e /opt/etc/profile ] && mount -o bind /opt/etc/profile /etc/profile

grep nobody /etc/passwd > /dev/null
if [ $? -ne 0 ]; then
echo “nobody:*:65534:65534:nobody:/var:/bin/false” >> /etc/passwd
fi

if [ -d /opt/etc/init.d ]; then
for f in /opt/etc/init.d/S* ; do
[ -x $f ] && $f start
done
fi

and have a

root@dd-wrt:/opt/sbin# ls -al /opt/etc/init.d/S56dnsmasq
-rwxr-xr-x    1 root     root          215 Jan  1  1970 /opt/etc/init.d/S56dnsmasq
root@dd-wrt:/opt/sbin# cat /opt/etc/init.d/S56dnsmasq
#!/bin/sh

unset LD_LIBRARY_PATH
unset LD_PRELOAD

if [ -f /var/run/dnsmasq.pid ] ; then
kill `cat /var/run/dnsmasq.pid`
fi

rm -f /var/run/dnsmasq.pid

sleep 2
/opt/sbin/dnsmasq –conf-file=/opt/etc/dnsmasq.conf

Finally we are getting there. Before showing the dnsmasq.conf file, I will show a screenshot of the setup on the dd-wrt gui in order to use dnsmasq as DNS and DHCP server:

dnsmasq setup in dd-wrt

dnsmasq setup in dd-wrt

Notice how the built-in dhcp server is disabled and how I have choosen to use dnsmasq. Now onto the configuration of dnsmasq.conf:

root@dd-wrt:/opt/sbin# grep -v “^#”  /opt/etc/dnsmasq.conf  | grep -v “^$”
tftp-no-blocksize
log-dhcp
interface=br0
resolv-file=/tmp/resolv.conf
domain=zensonic.dk
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=50
dhcp-authoritative
dhcp-range=lan,192.168.1.100,192.168.1.143,255.255.255.0,1440m
stop-dns-rebind
dhcp-host=00:22:FB:BB:C8:E0,kitchen,192.168.1.116,infinite
dhcp-host=00:18:71:E3:22:4d,dl145-1,192.168.1.117,infinite
dhcp-host=00:14:38:bf:a9:16,dl380g4i,192.168.1.119,infinite
dhcp-host=00:14:38:bf:a9:19,dl380g4,192.168.1.121,infinite
enable-tftp
tftp-root=/opt/var/tftproot
dhcp-boot=pxelinux.0

You will immediately notice a couple of things. Notice how I have the range setup for dhcp leases. Notice also how I have static leases. And finally notice how I have tftp enabled. Another blogpost on tftp another time (quite nifty for setting up servers on my vmware backend in minutes using kickstart, yast2 and solaris jumpstart).

You might think: where are the zone records? The answer can be found from the man page for dnsmasq

Dnsmasq accepts DNS queries and either answers them from a small, local, cache or forwards them to a real, recursive, DNS server. It loads the contents of /etc/hosts so that local hostnames which do not appear in the global DNS can be resolved and also answers DNS queries for DHCP configured hosts.

So I simply add my infrastructure to /etc/hosts and run /opt/etc/init.d/S56dnsmasq.

I only had the need for running DNS locally, so my choice was dnsmasq. You can also install a full fledged bind if you have that desire

root@dd-wrt:/opt/sbin# ipkg-opt list bind
bind – 9.6.1.3-4 – Bind provides a full name server package, including zone masters, slaves, zone transfers, security multiple views.  This is THE