[Cerowrt-devel] dns failures on cerowrt

Dave Taht dave.taht at gmail.com
Thu Mar 15 11:38:50 PDT 2012


While I'm at this, I note that we do also include dnsmasq in cerowrt,
and include the full openwrt gui for such.

You can easily deconfigure bind and replace it with dnsmasq by:

mv /etc/xinetd.d/named /etc/named.old
killall -1 xinetd
killall named
vi /etc/config/dhcp

and change the port 0 line to be port 53

/etc/init.d/dnsmasq restart # or just reboot

and that should enable dnsmasq instead of bind.

I note that what is in 3.3rc7 and later is actually the most bleeding-edge-ist
dnsmasq, which includes (untested, hint, hint) support for dnssec proxying,
as well as ra announcements and some support for serving up dhcpv6.

dnsmasq is much better integrated into the openwrt gui, as well.

In losing bind, the ability to have split views, act as an internet
peer, etc, etc
are all lost, and I'd prefer to keep hacking on bind, but the new dnsmasq could
use some love expended on it too, asI expect the new version to be standard
are far more cpe than bind ever will be.

This new version of dnsmasq should be out in final form soon.

(and as I side note, because I can't stand vi, I have an emacs clone
in the build
 called zile)


On Thu, Mar 15, 2012 at 11:19 AM, Dave Taht <dave.taht at gmail.com> wrote:
> I hope you don't mind, but I prefer to always answer questions like these
> publicly.
>
> On Thu, Mar 15, 2012 at 10:55 AM, Ketan Kulkarni <ketkulka at gmail.com> wrote:
>> Hi Dave,
>> I bought wndr3800 and now setting up the cerowrt on it.
>
> Yea!
>
>> I am getting few issues in setting up dns server.
>> Observation: nslookup from my laptop through cerowrt fails
>>
>> Thanks jg for many dns related pointers - still I must have missed something
>> to get it working.
>>
>> Few things I tried (few of them really dumb) -
>> 1. Time and zone is properly set on cerowrt box
>> 2. Restarted namedprep and named everytime
>
> At one level I'm glad we're exposing potential problems with getting
> dnssec deployed more widely.
>
> At another level, it frustrates me.
>
>> 3. Also tried modifying
>> dnssec-validation auto to off;
>> dnssec-lookaside auto to off; and then restarting named but it didnt help
>> either.
>
> To debug these sorts of problems I usually use a command to continuously
> read the syslog
>
> openwrt# logread -f &
>
> and then watch stuff like 'killing off the dns server and restarting' go.
>
> # killall named
> # nslookup ::1 # should return localhost after named restarts
> # rndc validation disable # is a command you can issue to turn off validation
> # host www.lwn.net # repeat a few times
> # your clock should slew inside of about
> #
> Here are the potential problems.
>
> 0) Are you on a real ip address or behind levels of nat?
>
> 1) If you are behind someone elses firewall, it may be that you cannot
> get dns through it. In many locations dns packets are blocked, and dns
> is only available from the local dns server.
>
> 2) in some locations dns access to the roots is blocked
>
> 3) in some places the local dns server is too lame to recurse properly
> or handle ipv6
>
> 4) in others NTP is blocked
>
>>
>> 4. Added my lan subnet entry in "acls.local.conf" - in vain.
>
> It is a good idea that you do so.
>
>> 5. added my dns servers in forwarders.conf
>
> That should have worked, unless your dns servers were lame.
>
> Did you try 8.8.8.8 as a forwarder?
>
>> If I configure any open dns server like 8.8.8.8; everything works properly
>> (as expected).
>>
>> Waited to catch you - but its almost midnight here - so thought to put it in
>> the mail
>
> I went to bed early last night (flu), and woke up late (more flu)
>
>>
>> Appreciate your help.
>>
>> Thanks,
>> Ketan
>>
>> p.s. firmware is cerowrt-3.3rc7.2
>
>
>
> --
> Dave Täht
> SKYPE: davetaht
> US Tel: 1-239-829-5608
> http://www.bufferbloat.net



-- 
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net


More information about the Cerowrt-devel mailing list