Willy's Wiki

Since your home network is connected only to your home server (right?), in order to be able to navigate and use the home network you must configure some services on your home server.

In detail, you will need:

• one DNS server, so that devices in the home network can resolve names to addresses (and filter ads)
• one DHCP server, so provide devices in the home network with automatic configuration
• one default gateway and router: to allow devices in the home network to access stuff on the internet

To achieve the first two steps, i will show you the use of DNSmasq which is a very simple but powerful tool that acts as a forwarding DNS server and DHCP server allowing file-tuning of configuration even on a per-device base.

To create a router, you will be using the Linux built-in great nftables tools that today has replaced the older iptables.

There is a dedicated page to AdBlocking here, but first you need to setup your DNS here.

You don't want to create a full-fledged DNS resolver, because it would be too onerous on your home network and will not provide much benefit anyway. You want to use good DNS resolvers for you and then cache all your DNS queries from your home network.

I use custom DNS for ad blocking, AdGuard DNS to be precise. There might be better solutions out there, but it just work enough for me. I will show you how to pre-filter all ads with custom blocklists anyway.

You need to populate your /etc/resolv.conf with the AdGuard (or Google, or OpenDNS…) nameservers:

resolv.conf

# Google DNS #nameserver 8.8.8.8 #nameserver 8.8.4.4 # AdGuard DNS nameserver 94.140.14.14 nameserver 94.140.15.15 </file>

this will be immediately active.

Installing DNSMasq is easy enough, but better enable a couple of specific use flags first:

 > echo net-dns/dnsmasq dhcp-tools dnssec >> /etc/portage/package.use/dnsmasq

dhcp.tools is needed to ensure dnsmasq will support DHCP, while dnssec will be useful to enable dnssec support on the home network.

Install the tool:

 > emerge dnsmasq

All you actually need to do it create a meaningful configuration file, take this one as example:

dnsmasq.conf

# Here put your home LAN interface
interface=enp0s31f6
# do not resolve your internal DNS names outside
domain-needed
# Never forward addresses in the non-routed address spaces
bogus-priv
# Enable dnssec support
#conf-file=/usr/share/dnsmasq/trust-anchors.conf
#dnssec
#dnssec-check-unsigned
# You can add your own ads filters here (only hosts format!)
#addn-hosts=/etc/adblock.hosts
# Use this custom-folder to add more blocklists;
# conf-dir=/etc/dnsmasq.d,*.conf
#  DHCP settings for internal network (from 100 to 250, under 100 are fixed ips)
dhcp-range=10.0.0.100,10.0.0.250,12h
# Send gateway and DNS values to the DHCP clients
dhcp-option=option:router,10.00.0.1
dhcp-option=option:dns-server,10.00.0.1
# Preassign fixed IPs via DHCP to specific hosts:
#dhcp-host=34:f3:9a:73:a6:a4,10.0.0.99

here i assign a pool od dynamic IP addresses (from 100 to 254) on the 10.0.0.0 subnet. Addresses under 100 can be used for static assignments. For example, i use static IPs for all my OpenWRT Access Points and wired security cameras, and dynamic for all other devices.

To be sure that all devices will use the home server both as DNS server and gateway, you need to set the two above dhcp options. This will not work for devices that use hard-coded DNS servers (like Fire Sticks and Google Chromecasts…) but there is a workaround for those too, and i will show you later on.

Well, this is almost all. Start dnsmasq service and make it start on boot:

 > rc-update add dnsmasq default
 > /etc/init.t/dnsmasq start

Now you can connect your devices to the home network and they will get an IP address and a full network configuration to go with it.

DNSMasq will use your home server /etc/hosts file to feed DNS to your home network. It means that's the perfect place to resolve your domain internally:

hosts

10.0.0.1 home.mydomain.com
10.0.0.1 mydomain.com

So that all devices inside your network will be able to reach your internal services like they are from outside, and mobile devices will only require one configuration both when they are inside and outside your home network.