User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
router:dnsmasq [2024/02/11 15:33] – [DNSMasq] willyrouter:dnsmasq [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-===== DNS, DHCP and routing for the internal network ===== 
- 
-Since your home network is connected **only** to your home server (right?), in order to be able to navigate and use the home network you must configure some services on your home server. 
- 
-In detail, you will need: 
-  * one DNS server, so that devices in the home network can resolve names to addresses (and filter ads) 
-  * one DHCP server, so provide devices in the home network with automatic configuration 
-  * one default gateway and router: to allow devices in the home network to access stuff on the internet 
- 
-To achieve the first two steps, i will show you the use of [[https://wiki.gentoo.org/wiki/Dnsmasq/|DNSmasq]] which is a very simple but powerful tool that acts as a forwarding DNS server and DHCP server allowing file-tuning of configuration even on a per-device base. 
- 
-To create a router, you will be using the Linux built-in great nftables tools that today has replaced the older iptables.  
- 
-==== ADS blocking ==== 
- 
-Wouldn't be great to automatically filter out all ads from your home network? Well, it's easy. There are many ways like: 
-  * Using adblock scripts (like uOrigin) 
-  * Using custom DNS (like adblock DNS) 
-  * Using DNS blacklists directly 
-  * Using a [[https://pi-hole.net/|Pi Hole]] 
- 
-Scripts are great, but need to be installed on all devices, which is annoying. DNS blacklists are good too, but cumbersome to maintain, and can be too much aggressive. PiHole is an amazing little tool, but it require a container or a dedicated hardware, which feels like overkill for something that's only custom blacklists anyway, plus some neat UI. 
- 
-I use custom DNS for ad blocking, AdGuard DNS to be precise. There might be better solutions out there, but it just work enough for me. You can always add custom blacklists using DNSMasq at any time. 
- 
-==== DNSMasq ==== 
- 
-Installing DNSMasq is easy enough, but better enable a couple of specific use flags first: 
-<code bash> 
- > echo net-dns/dnsmasq dhcp-tools dnssec >> /etc/portage/package.use/dnsmasq 
-</code> 
- 
-**dhcp.tools** is needed to ensure dnsmasq will support DHCP, while **dnssec** will be useful to enable dnssec support on the home network. 
- 
-Install the tool: 
-<code bash> 
- > emerge dnsmasq 
-</code> 
- 
-All you actually need to do it create a meaningful configuration file, take this one as example: 
-<file - dnsmasq.conf> 
-# Here put your home LAN interface 
-interface=enp0s31f6 
-# do not resolve your internal DNS names outside 
-domain-needed 
-# Never forward addresses in the non-routed address spaces 
-bogus-priv 
-# Use AdGuard DNS service to filter ads 
-no-resolv 
-no-poll 
-server=94.140.14.14 
-server=94.140.15.15 
-# You can add your own ads filters here 
-#addn-hosts=/etc/adblock.hosts 
-#  DHCP settings for internal network (from 100 to 250, under 100 are fixed ips) 
-dhcp-range=10.0.0.100,10.0.0.250,12h 
-# Send gateway and DNS values to the DHCP clients 
-dhcp-option=option:router,10.00.0.1 
-dhcp-option=option:dns-server,10.00.0.1 
-# Preassign fixed IPs via DHCP to specific hosts: 
-#dhcp-host=34:f3:9a:73:a6:a4,10.0.0.99 
-</file> 
- 
-here i assign a pool od dynamic IP addresses (from 100 to 254) on the 10.0.0.0 subnet. Addresses under 100 can be used for static assignments. For example, i use static IPs for all my OpenWRT Access Points and wired security cameras, and dynamic for all other devices. 
- 
-To be sure that all devices will use the home server both as DNS server and gateway, you need to set the two above dhcp options. This will not work for devices that use hard-coded DNS servers (like Fire Sticks and Google Chromecasts...) but there is a workaround for those too, and i will show you later on. 
- 
-Well, this is almost all. Start //dnsmasq// service and make it start on boot: 
-<code bash> 
- > rc-update add dnsmasq default 
- > /etc/init.t/dnsmasq start 
-</code> 
- 
-Now you can connect your devices to the home network and they will get an IP address and a full network configuration to go with it. 
- 
- 
-==== Hosts file ==== 
- 
-DNSMasq will use your home server **/etc/hosts** file to feed DNS to your home network. It means that's the perferc place to resolve your domain internally: 
-<file - hosts> 
-10.0.0.1 home.mydomain.com 
-10.0.0.1 mydomain.com 
-</file> 
- 
-So that all devices inside your network will be able to reach your internal services like they are from outside, and mobile devices will only require **one** configuration both when they are inside and outside your home network. 
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information