EdgeRouter Lite Dnsmasq setup

Hey! Listen! This post is part of a series on the Ubiquiti EdgeRouter Lite. Check them all out!

DateURLPart
2017-10-03Dyn DDNS on EdgeRouter
  • Setup DynDNS
  • 2017-04-25DuckDNS on EdgeRouter
  • Setup DuckDNS
  • 2017-01-08Ubiquiti EdgeRouter serial console settings
  • Serial console settings
  • 2016-11-29Ubiquiti UniFi controller setup on Raspberry Pi 3
  • Install UniFi Controller
  • 2016-08-30EdgeRouter Lite Dnsmasq setup
  • Setup dnsmasq
  • 2016-06-13EdgeRouter Lite software upgrade
  • Firmware upgrade
  • 2016-05-12EdgeRouter Lite OpenVPN setup
  • OpenVPN server setup
  • 2016-04-29Ubiquiti EdgeRouter Lite setup
  • Initial setup
  • Introduction

    One of my only complaints about the EdgeRouter Lite is the usage of the Internet Systems Consortium (ISC) DHCP server. My main issue is that the DHCP server does not integrate with the DNS server. Because of this, DHCP names/leases are not automatically added to DNS. This topic has been addressed a few times before (here, herehere, here, and here).

    However, with the release of the v1.9.0 EdgeMax software (you can use my software upgrade guide), Ubiquiti offers the use of dnsmasq. Based on a script by the forum user final, the dnsmasq script has been incorporated into v.1.9.0, but only at the command-line, no GUI usage is setup yet. With dnsmasq, when you give a specific host a static lease, the host will be added to DNS, by name, automatically.

    ISC vs dnsmasq

    With both ISC and dnsmasq, you would need to specify a static lease for each device.

    set service dhcp-server shared-network-name LAN subnet 10.10.2.1/24 static-mapping device1 ip-address 10.10.2.32
    set service dhcp-server shared-network-name LAN subnet 10.10.2.1/24 static-mapping device1 mac-address 'XX:XX:XX:XX:XX:XX'

    However, ISC does not add the above entries to DNS (which dnsmasq does). Because of this, you’ll need to add each device to DNS (if you’re using ISC).

    set system static-host-mapping host-name device1.<yourdomain> inet 10.10.2.32
    set system static-host-mapping host-name device1.<yourdomain> alias device1

    If you want to use ISC, but don’t want to set the static-host-mapping entry for each device, you can set the /etc/hosts file to automatically update with DNS entries. However, that’s a lot of adding/subtracting from the hosts file, and there have been reports that expired leases aren’t deleted from the hosts file.

    set service dhcp-server hostfile-update enable

    Instead, I’m going to switch to dnsmasq. I’ve used it on OpenWrt, DD-WRT, and Linux, so I prefer it. The caveats of dnsmasq (in Ubiquiti’s current implementation) are outlined below.

    • One of the advantages of using dnsmasq is that, if DNS forwarding is also configured, the “name resolution for local hosts” function is integrated, and the “hostfile-update” setting for the ISC DHCP implementation is not needed (it is ignored when use-dnsmasq is enabled).
    • When use-dnsmasq is enabled, DHCP server will serve the “listen-on” interfaces configured under “service dns forwarding”, or all interfaces if that is not configured.
    • Since some of the existing DHCP server config settings are specific to the ISC DHCP implementation (e.g., the failover settings, the “free-form” parameters settings), those will be ignored when use-dnsmasq is enabled.
    • If “free-form” parameters for dnsmasq are needed, they can be entered under DNS forwarding config, e.g., “set service dns forwarding options …”.
    • When use-dnsmasq is enabled, the “authoritative” setting is not “per-shared-network”, i.e., “authoritative” will be enabled if it is set under any shared-network.
    • When use-dnsmasq is enabled, the entries configured under “static-mapping” will be tralsnated to statically assigned A records in dnsmasq (using the dnsmasq host-record directive). If a client with a static-mapping entry sends a DHCP request with a different client-name, that client-name will be ignored.
    • Currently use-dnsmasq only handles “configuration”, and status reporting (including show commands in the CLI and the leases display in the Web UI for example) is not supported yet.

    Enable dnsmasq

    For dnsmasq to be setup properly, you need to have DNS setup to listen on certain interfaces, otherwise it will listen on all interfaces. You should also set the nameserver to the localhost (so dnsmasq is used first), then forward queries to external DNS servers. This setup is described in my initial setup, and also shown below.

    configure
    set service dhcp-server shared-network-name LAN subnet 10.10.2.1/24 dns-server 10.10.2.1
    set service dns forwarding listen-on eth1
    set service dns forwarding cache-size 400
    set system name-server 127.0.0.1
    set service dns forwarding name-server 50.116.40.226
    set service dns forwarding name-server 107.170.95.180

    Next, you need to set a local domain name, as shown below.

    set system domain-name home.lan

    Then, enable dnsmasq.

    set service dhcp-server use-dnsmasq enable
    commit
    save

    Test

    At this point (you may need a reboot), you should be able to ping your devices by hostname (as configured in the static-mapping section, above).

    /home/ubnt
    ubnt@erl
    --> ping rpi01_lan
    PING rpi01_lan.home.lan (10.10.2.32) 56(84) bytes of data.
    64 bytes from rpi01 (10.10.2.32): icmp_req=1 ttl=64 time=0.404 ms
    64 bytes from rpi01 (10.10.2.32): icmp_req=2 ttl=64 time=0.373 ms
    64 bytes from rpi01 (10.10.2.32): icmp_req=3 ttl=64 time=0.310 ms

    You should also be able to access any device via its name, instead of IP.

    20160830_001

     

    Hope this helps!

    Logan

    33 thoughts on “EdgeRouter Lite Dnsmasq setup

    1. Logan, this post was a life-saver. I spent the last two evenings trying to get my EdgeRouterLite to provide simple local dynamic dns service for devices on my network using bind9 on the 1.8 firmware. I learned of the 1.9 firmware today, upgraded, and your guides helped me get it working in no-time.

    2. Thanks for this. I had an issue as I had a domain name specified for the LAN. Once i removed this and relied on the system domain name dnsmasq was able to start.

    3. Thank you for this guide, trying this tonight.

      I have the edgerouter x spf with 5 ports. eth0 is my wan and eth1/4 is switch0.

      Do i need to (set service dns forwarding listen-on eth1) change this to set service dns forwarding listen-on switch0 ?

      • Hmmm, I’ve never used the EdgeRouter X, so I’m not sure. I’d think you’d need to set listening to switch0, but you may want to ask on the Ubiquiti forums. When you type the command “set service dns forwarding listen-on” then hit tab a couple times, what options are there?

    4. If i already have DHCP have configured do i only need to configure dnsmasq of do i need to configure the other guide as well ?

      Also i am using the 192.168.1.1 range, can you help me on my way.

    5. Hi

      I already had a DHCP server running with 192.168.1.0/24 and after fiddling around i found out that i just needed the “set service dhcp-server use-dnsmasq enable” for it to work. But now i cant see any leases from the DHCP server, my laptop gets an IP and all the static leases i set earlier are still there. Neither from the GUI or from the CLI with “show dhcp leases” nothing shows up. Any idea why that could be?

      Br

      Anders

      • Anders,

        Dumb question, but did you commit/save/reboot? Also, do you have similar settings to these already set?
        set service dhcp-server shared-network-name LAN subnet 10.10.2.1/24 dns-server 10.10.2.1
        set service dns forwarding listen-on eth1
        set service dns forwarding cache-size 400
        set system name-server 127.0.0.1
        set service dns forwarding name-server 50.116.40.226
        set service dns forwarding name-server 107.170.95.180

    6. Also it seems that using dnsmasq “broke” traffic analysis since it only shows the IP’s of the devices not having a static mapping. Any work arounds for this?

    7. dnsmasq.local?

      would I be able to add this to a edgerouter ?

      dhcp-option=66,,192.168.30.2
      dhcp-match=x86PC, option:client-arch, 0
      dhcp-match=BC_EFI, option:client-arch, 7
      dhcp-boot=tag:x86PC,pxelinux.0,TFTP_Server_Name,192.168.30.2
      dhcp-boot=tag:BC_EFI,\diagefi\QTSBPC.efi,TFTP_Server_Name,192.168.30.2

      and how would I do it?

      is there a direct file for this I can insert this code into ?

    8. I’m trying to setup an L2TP VPN server so I can remotely access shares on my local LAN. In the EdgeMax forums one of the users suggested I try dnsmasq because I was having issues accessing these shares remotely, but local access worked flawlessly.

      My subnet as seen in the details of DHCP server for LAN 1 is 192.168.1.0/24, my EdgeRouter is at 192.168.1.1.
      I also use a service called SmartDNSProxy that spoofs my location (I live in Costa Rica and these services are not available here) to services such as Netflix, Hulu and Amazon, and those DNS addresses are set to 169.53.235.15 and 23.21.43.50. So would these commands be correct?

      configure
      set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 192.168.1.1
      set service dns forwarding listen-on eth1
      set service dns forwarding cache-size 400
      set system name-server 127.0.0.1
      set service dns forwarding name-server 169.53.235.15
      set service dns forwarding name-server 23.21.43.50

      Does the domain name have to be home.lan or can we change that to something of our choosing?

      • That looks correct. Your devices will ask 192.168.1.1 for DNS, and if it can’t answer them, it will forward the requests onto 169.53.235.15 and 23.21.43.50.

        You can try it with “commit”. If it works, type “save”.

        If it doesn’t work, just reboot the router and it will roll back those commands.

      • Can you ping or nslookup the name from any machine, or just certain machines? Is the domain name set to a two-word name (e.g. home.lan)?
        ping erl.home.lan
        nslookup erl.home.lan

    9. Tried your tutorial, but when enabling DNSMasq the DNS lookup doesn’t work anymore.
      my dns servers look like this
      show dns forwarding nameservers
      ———————————————–
      Nameservers configured for DNS forwarding
      ———————————————–
      8.8.8.8 available via ‘statically configured’
      8.8.4.4 available via ‘statically configured’

      ———————————————–
      Nameservers NOT configured for DNS forwarding
      ———————————————–
      127.0.0.1 available via ‘system’

      • My nameserver setup looks the same. What do you mean by “DNS lookup doesn’t work anymore”?

    10. Nice article. There are lots of other forum posts but they all point to the old way of doing without dnsmaq. This worked like a charm

    11. Nessus scan shows the following: (I have dnsmasq setup the same)

      “The remote DNS server responds to queries for third-party domains that do not have the recursion bit set.”

      Any ideas on how to prevent? I looked into Interface Exceptions but that’s a no-go..

      Thanks for your time.

      • Sorry, not sure how to prevent that. Some quick Google-ing says it’s caused by the DNS software (i.e, DNSMasq), so I’d try asking on the EdgeMax forums to start.

    Leave a Comment