Modify

Opened 6 years ago

Last modified 3 months ago

#8862 new enhancement

Multiple instances of dnsmasq (multiple DNS servers/forwarders)

Reported by: joda Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: Backfire 10.03.1 RC4
Keywords: dnsmasq Cc:

Description

The patch changes /etc/init.d/dnsmasq:

  • daemon uses pid files instead of killall
  • daemon starts multiple "dnsmasq" instances
    • instance can be named: config dnsmasq 'hotspot'
    • prevent dnsmasq binding conflicts with: option nonwildcard 1
    • added option "listen" maps to dnsmasq -a
  • allow restricting configs "dhcp, host, ..." to a single instance
    • default is to process all configs for all instances
    • Restrict to instance with: option dnsmasq_config 'hotspot'
    • Currently all dhcp lease reservations for one instance will be blacklisted on all other instances (TODO make this configurable)

might have forgotton some detail - but I guess it's pretty much all.

TODO - fix dhcp_add()'s handling of DNS servers
TODO - think about restructuring option for wan blacklist (without using "option ignore 1" and providing another way to fill resolv.conf files

Attachments (5)

2011.02.13-dnsmasq_multi_instances.patch (10.2 KB) - added by debugger@… 6 years ago.
multiple instance patch for dnsmasq
dnsmasq_multiple_instances.2.patch (6.9 KB) - added by mwarning 2 years ago.
Multiple dnsmasq instances for Barrier Breaker
dnsmasq_multiple_instances.patch (7.2 KB) - added by mwarning 2 years ago.
Multiple dnsmasq instances for Barrier Breaker
dnsmasq_multiple_instances.3.patch (7.7 KB) - added by anonymous 20 months ago.
Updated patch for latest trunk revision (r45286).
dnsmasq_multiple_instances.4.patch (9.0 KB) - added by merpmerp 16 months ago.
patch for trunk

Download all attachments as: .zip

Change History (21)

Changed 6 years ago by debugger@…

multiple instance patch for dnsmasq

comment:1 Changed 2 years ago by jow

  • Milestone changed from Backfire 10.03.2 to Chaos Calmer (trunk)

Milestone Backfire 10.03.2 deleted

comment:2 Changed 2 years ago by mwarning

I have ported the patch to Barrier Breaker. But the patch is not a straight adaptation of the previous patch and needs some fixing regarding /tmp/resolv.conf and the creating of other files. E.g., I do not see that HOSTFILE is used by dnsmasq or any other program.

Features:

  • "option disabled '0'" to disable a dnsmasq section
  • "list listen_address '192.168.1.1'" is now available (--listen-address from dnsmasq)
  • "option bind_dynamic '1'" is the same as --bind-dynamic for dnsmasq
    • needed when "list interface" in "config dnsmasq" is used
  • "option dnsmasq_config 'hotspot'" can be used to restrict a section to a named dnsmasq section
config dnsmasq main
    #...
    option leasefile        '/tmp/dhcp.leases'
    option resolvfile       '/tmp/resolv.conf.auto'
    option bind_dynamic    '1'
    list interface    br-lan
    #avoid conflict on port 53, dnsmasq listens on localhost by default!
    list notinterface    'lo'

config dnsmasq portal
    #...
    option leasefile '/tmp/dhcp.portal.leases'
    option resolvfile '/tmp/resolv.conf.portal.auto'
    option bind_dynamic    '1'
    list interface    wlan0-1

config dhcp
    #...
    option interface lan
    option dnsmasq_config     'main'

config dhcp
    #...
    option interface guest
    option dnsmasq_config    'portal'

bind_dynamic is needed in this example because we use interfaces here, rather than ip addresses. But to use listen_address is possible as well.

Last edited 2 years ago by mwarning (previous) (diff)

Changed 2 years ago by mwarning

Multiple dnsmasq instances for Barrier Breaker

Changed 2 years ago by mwarning

Multiple dnsmasq instances for Barrier Breaker

Changed 20 months ago by anonymous

Updated patch for latest trunk revision (r45286).

comment:3 Changed 20 months ago by anonymous

Surprised this hasn't made it to trunk yet. I applied the changes in the attached patch to a recent trunk snapshot, and was able to run multiple dnsmasq instances following the example config.

The patch doesn't apply cleanly to trunk anymore (dnsmasq has picked up additional options since October), so I'm attaching an update to the patch with new line numbers + context. No functional changes.

comment:4 Changed 19 months ago by kbabioch

I'm wondering what the current status on this is? Any chance that this makes it into trunk? I think it is a really good idea to have support for multiple dnsmasq instance out-of-the-box. Its basically the only way to "properly" isolate networks from each other (e.g. guest networks) without information leakage about other networks (DNS names and such).

comment:5 Changed 19 months ago by anonymous

I agree. I'm interested too... Any idea when / if this will make it into the trunk?

comment:6 Changed 17 months ago by anonymous

It would be awesome if this patch could get merged into trunk!

comment:7 Changed 16 months ago by merpmerp

i agree, i've kludged something like this together for my own needs. Joda's implementation is much better!

comment:8 Changed 16 months ago by merpmerp

Patch doesn't cleanly apply to latest trunk however

Changed 16 months ago by merpmerp

patch for trunk

comment:9 Changed 16 months ago by merpmerp

I'm not using dnssec, if you are you may want to review the logic surrounding "TIMESTAMPFILE" in this patch

I'm running this patch on several routers and it works quite well

Last edited 16 months ago by merpmerp (previous) (diff)

comment:10 Changed 15 months ago by anonymous

Will this patch work on Chaos Calmer as well? Are there ready-to-use-packages available? I am not very good when it comes to things like these.

comment:11 Changed 13 months ago by anonymous

One problem I see with below line in 'main' is that I dont get network connectivity on router even though it is connected to internet. All Wi-Fi clients do get internet

list notinterface 'lo'

Ping to google.com on ssh on router say bad address. If I disable this line then I do get ping response. The problem then arise is that DNS request from different interface 'portal' in this case goes to the one listed in 'main'.

I am trying to set different DNS servers for different interfaces. Please help.

comment:12 Changed 13 months ago by anonymous

why not just run multiple dnsmasq on different ports instead of patching it?

comment:13 Changed 3 months ago by owmail@…

Has this patch already been included in r48532? Somehow having multiple dnsmasq config sections doesn't seem to work. It puts both configurations back to back into /var/etc/dnsmasq.conf and dnsmasq then complains about an "illegal repeated keyword".

If the patch is not yet included, how would I go about adding it? Do I need to recompile the entire image? Or can I just apply it to the /etc/init.d/dnsmasq file directly? Is the patch.4 file above still safe for r4852?

Thanks for your help and all your great work!

comment:14 Changed 3 months ago by kbabioch

No, I don't think it is already included. I can't find any references to it at dnsmasq.init [1]. I'm not sure if it still applies cleanly to current trunk, I guess you have to try.

Unfortunately the whole fork of the project didn't exactly make it easier to get it included. OpenWRT is rather dead, at least from my perspective. Maybe it will be easier to get this included into lede.

[1]: https://dev.openwrt.org/browser/trunk/package/network/services/dnsmasq/files/dnsmasq.init?rev=48532

comment:15 Changed 3 months ago by owmail@…

Rather Dead? That's too bad! It mostly works really well!

The patch is not included in r48532 and the file above, unfortunately, fails to apply cleanly. But it's actually pretty straight forward to apply all of the changes manually and things are working well for me after.

I hadn't heard of LEDE before. Looks like it's pretty new. Is it already usable?

comment:16 Changed 3 months ago by anonymous

"rather dead" because most devs have basically fled to LEDE, because things like this kept happening (this patch has been rotting here for like 6 years).

LEDE is the continuation of the same codebase, currently it is similar to openwrt trunk.
see here for details on installing it (and look around the site for more details) https://www.lede-project.org/docs/index.html#

Main difference is that now if someone sends a pull request it usually gets merged instead of rotting in the bugtracker.

I got here because someone referenced this bug in a LEDE's main github repo issue https://github.com/lede-project/source/issues/301 , whoever feels like porting this to current LEDE can open a pull request there.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.