Modify

Opened 5 years ago

Last modified 8 months ago

#8862 new enhancement

Multiple instances of dnsmasq (multiple DNS servers/forwarders)

Reported by: joda Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: Backfire 10.03.1 RC4
Keywords: dnsmasq Cc:

Description

The patch changes /etc/init.d/dnsmasq:

  • daemon uses pid files instead of killall
  • daemon starts multiple "dnsmasq" instances
    • instance can be named: config dnsmasq 'hotspot'
    • prevent dnsmasq binding conflicts with: option nonwildcard 1
    • added option "listen" maps to dnsmasq -a
  • allow restricting configs "dhcp, host, ..." to a single instance
    • default is to process all configs for all instances
    • Restrict to instance with: option dnsmasq_config 'hotspot'
    • Currently all dhcp lease reservations for one instance will be blacklisted on all other instances (TODO make this configurable)

might have forgotton some detail - but I guess it's pretty much all.

TODO - fix dhcp_add()'s handling of DNS servers
TODO - think about restructuring option for wan blacklist (without using "option ignore 1" and providing another way to fill resolv.conf files

Attachments (5)

2011.02.13-dnsmasq_multi_instances.patch (10.2 KB) - added by debugger@… 5 years ago.
multiple instance patch for dnsmasq
dnsmasq_multiple_instances.2.patch (6.9 KB) - added by mwarning 23 months ago.
Multiple dnsmasq instances for Barrier Breaker
dnsmasq_multiple_instances.patch (7.2 KB) - added by mwarning 22 months ago.
Multiple dnsmasq instances for Barrier Breaker
dnsmasq_multiple_instances.3.patch (7.7 KB) - added by anonymous 16 months ago.
Updated patch for latest trunk revision (r45286).
dnsmasq_multiple_instances.4.patch (9.0 KB) - added by merpmerp 12 months ago.
patch for trunk

Download all attachments as: .zip

Change History (17)

Changed 5 years ago by debugger@…

multiple instance patch for dnsmasq

comment:1 Changed 2 years ago by jow

  • Milestone changed from Backfire 10.03.2 to Chaos Calmer (trunk)

Milestone Backfire 10.03.2 deleted

comment:2 Changed 23 months ago by mwarning

I have ported the patch to Barrier Breaker. But the patch is not a straight adaptation of the previous patch and needs some fixing regarding /tmp/resolv.conf and the creating of other files. E.g., I do not see that HOSTFILE is used by dnsmasq or any other program.

Features:

  • "option disabled '0'" to disable a dnsmasq section
  • "list listen_address '192.168.1.1'" is now available (--listen-address from dnsmasq)
  • "option bind_dynamic '1'" is the same as --bind-dynamic for dnsmasq
    • needed when "list interface" in "config dnsmasq" is used
  • "option dnsmasq_config 'hotspot'" can be used to restrict a section to a named dnsmasq section
config dnsmasq main
    #...
    option leasefile        '/tmp/dhcp.leases'
    option resolvfile       '/tmp/resolv.conf.auto'
    option bind_dynamic    '1'
    list interface    br-lan
    #avoid conflict on port 53, dnsmasq listens on localhost by default!
    list notinterface    'lo'

config dnsmasq portal
    #...
    option leasefile '/tmp/dhcp.portal.leases'
    option resolvfile '/tmp/resolv.conf.portal.auto'
    option bind_dynamic    '1'
    list interface    wlan0-1

config dhcp
    #...
    option interface lan
    option dnsmasq_config     'main'

config dhcp
    #...
    option interface guest
    option dnsmasq_config    'portal'

bind_dynamic is needed in this example because we use interfaces here, rather than ip addresses. But to use listen_address is possible as well.

Last edited 21 months ago by mwarning (previous) (diff)

Changed 23 months ago by mwarning

Multiple dnsmasq instances for Barrier Breaker

Changed 22 months ago by mwarning

Multiple dnsmasq instances for Barrier Breaker

Changed 16 months ago by anonymous

Updated patch for latest trunk revision (r45286).

comment:3 Changed 16 months ago by anonymous

Surprised this hasn't made it to trunk yet. I applied the changes in the attached patch to a recent trunk snapshot, and was able to run multiple dnsmasq instances following the example config.

The patch doesn't apply cleanly to trunk anymore (dnsmasq has picked up additional options since October), so I'm attaching an update to the patch with new line numbers + context. No functional changes.

comment:4 Changed 15 months ago by kbabioch

I'm wondering what the current status on this is? Any chance that this makes it into trunk? I think it is a really good idea to have support for multiple dnsmasq instance out-of-the-box. Its basically the only way to "properly" isolate networks from each other (e.g. guest networks) without information leakage about other networks (DNS names and such).

comment:5 Changed 15 months ago by anonymous

I agree. I'm interested too... Any idea when / if this will make it into the trunk?

comment:6 Changed 13 months ago by anonymous

It would be awesome if this patch could get merged into trunk!

comment:7 Changed 12 months ago by merpmerp

i agree, i've kludged something like this together for my own needs. Joda's implementation is much better!

comment:8 Changed 12 months ago by merpmerp

Patch doesn't cleanly apply to latest trunk however

Changed 12 months ago by merpmerp

patch for trunk

comment:9 Changed 12 months ago by merpmerp

I'm not using dnssec, if you are you may want to review the logic surrounding "TIMESTAMPFILE" in this patch

I'm running this patch on several routers and it works quite well

Last edited 12 months ago by merpmerp (previous) (diff)

comment:10 Changed 11 months ago by anonymous

Will this patch work on Chaos Calmer as well? Are there ready-to-use-packages available? I am not very good when it comes to things like these.

comment:11 Changed 9 months ago by anonymous

One problem I see with below line in 'main' is that I dont get network connectivity on router even though it is connected to internet. All Wi-Fi clients do get internet

list notinterface 'lo'

Ping to google.com on ssh on router say bad address. If I disable this line then I do get ping response. The problem then arise is that DNS request from different interface 'portal' in this case goes to the one listed in 'main'.

I am trying to set different DNS servers for different interfaces. Please help.

comment:12 Changed 8 months ago by anonymous

why not just run multiple dnsmasq on different ports instead of patching it?

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.