Hey! Listen! This post is part of a series on the Ubiquiti EdgeRouter Lite. Check them all out!
Date | URL | Part |
---|---|---|
2019-06-28 | Migrating away from the Ubiquiti EdgeRouter Lite | |
2019-02-03 | EdgeRouter CNAME records | |
2017-10-03 | Dyn DDNS on EdgeRouter | |
2017-04-25 | DuckDNS on EdgeRouter | |
2017-01-08 | Ubiquiti EdgeRouter serial console settings | |
2016-11-29 | Ubiquiti UniFi controller setup on Raspberry Pi 3 | |
2016-08-30 | EdgeRouter Lite Dnsmasq setup | |
2016-06-13 | EdgeRouter Lite software upgrade | |
2016-05-12 | EdgeRouter Lite OpenVPN setup | |
2016-04-29 | Ubiquiti EdgeRouter Lite setup |
Introduction
One of my only complaints about the EdgeRouter Lite is the usage of the Internet Systems Consortium (ISC) DHCP server. My main issue is that the DHCP server does not integrate with the DNS server. Because of this, DHCP names/leases are not automatically added to DNS. This topic has been addressed a few times before (here, here, here, here, and here).
However, with the release of the v1.9.0 EdgeMax software (you can use my software upgrade guide), Ubiquiti offers the use of dnsmasq. Based on a script by the forum user final, the dnsmasq script has been incorporated into v.1.9.0, but only at the command-line, no GUI usage is setup yet. With dnsmasq, when you give a specific host a static lease, the host will be added to DNS, by name, automatically.
ISC vs dnsmasq
With both ISC and dnsmasq, you would need to specify a static lease for each device.
set service dhcp-server shared-network-name LAN subnet 10.10.2.1/24 static-mapping device1 ip-address 10.10.2.32 set service dhcp-server shared-network-name LAN subnet 10.10.2.1/24 static-mapping device1 mac-address 'XX:XX:XX:XX:XX:XX'
However, ISC does not add the above entries to DNS (which dnsmasq does). Because of this, you’ll need to add each device to DNS (if you’re using ISC).
set system static-host-mapping host-name device1.<yourdomain> inet 10.10.2.32 set system static-host-mapping host-name device1.<yourdomain> alias device1
If you want to use ISC, but don’t want to set the static-host-mapping entry for each device, you can set the /etc/hosts file to automatically update with DNS entries. However, that’s a lot of adding/subtracting from the hosts file, and there have been reports that expired leases aren’t deleted from the hosts file.
set service dhcp-server hostfile-update enable
Instead, I’m going to switch to dnsmasq. I’ve used it on OpenWrt, DD-WRT, and Linux, so I prefer it. The caveats of dnsmasq (in Ubiquiti’s current implementation) are outlined below.
- One of the advantages of using dnsmasq is that, if DNS forwarding is also configured, the “name resolution for local hosts” function is integrated, and the “hostfile-update” setting for the ISC DHCP implementation is not needed (it is ignored when use-dnsmasq is enabled).
- When use-dnsmasq is enabled, DHCP server will serve the “listen-on” interfaces configured under “service dns forwarding”, or all interfaces if that is not configured.
- Since some of the existing DHCP server config settings are specific to the ISC DHCP implementation (e.g., the failover settings, the “free-form” parameters settings), those will be ignored when use-dnsmasq is enabled.
- If “free-form” parameters for dnsmasq are needed, they can be entered under DNS forwarding config, e.g., “set service dns forwarding options …”.
- When use-dnsmasq is enabled, the “authoritative” setting is not “per-shared-network”, i.e., “authoritative” will be enabled if it is set under any shared-network.
- When use-dnsmasq is enabled, the entries configured under “static-mapping” will be translated to statically assigned A records in dnsmasq (using the dnsmasq host-record directive). If a client with a static-mapping entry sends a DHCP request with a different client-name, that client-name will be ignored.
- Currently use-dnsmasq only handles “configuration”, and status reporting (including show commands in the CLI and the leases display in the Web UI for example) is not supported yet.
Enable dnsmasq
For dnsmasq to be setup properly, you need to have DNS setup to listen on certain interfaces, otherwise it will listen on all interfaces. You should also set the nameserver to the localhost (so dnsmasq is used first), then forward queries to external DNS servers. This setup is described in my initial setup, and also shown below.
configure set service dhcp-server shared-network-name LAN subnet 10.10.2.1/24 dns-server 10.10.2.1 set service dns forwarding listen-on eth1 set service dns forwarding cache-size 400 set system name-server 127.0.0.1 set service dns forwarding name-server 50.116.40.226 set service dns forwarding name-server 107.170.95.180
Next, you need to set a local domain name, as shown below.
set system domain-name home.lan
Then, enable dnsmasq.
set service dhcp-server use-dnsmasq enable commit save
Test
At this point (you may need a reboot), you should be able to ping your devices by hostname (as configured in the static-mapping section, above).
/home/ubnt ubnt@erl --> ping rpi01_lan PING rpi01_lan.home.lan (10.10.2.32) 56(84) bytes of data. 64 bytes from rpi01 (10.10.2.32): icmp_req=1 ttl=64 time=0.404 ms 64 bytes from rpi01 (10.10.2.32): icmp_req=2 ttl=64 time=0.373 ms 64 bytes from rpi01 (10.10.2.32): icmp_req=3 ttl=64 time=0.310 ms
You should also be able to access any device via its name, instead of IP.
Hope this helps!
Logan
Logan, this post was a life-saver. I spent the last two evenings trying to get my EdgeRouterLite to provide simple local dynamic dns service for devices on my network using bind9 on the 1.8 firmware. I learned of the 1.9 firmware today, upgraded, and your guides helped me get it working in no-time.
Awesome, glad to help!
Thank you very much for this, your guides have been extremely helpful.
Glad to help!
Thanks for this. Got this link from a video post of Ben Pin on Youtube. You guys rock!
Glad to help!
Thanks for this. I had an issue as I had a domain name specified for the LAN. Once i removed this and relied on the system domain name dnsmasq was able to start.
Glad to help!
Thank you for this guide, trying this tonight.
I have the edgerouter x spf with 5 ports. eth0 is my wan and eth1/4 is switch0.
Do i need to (set service dns forwarding listen-on eth1) change this to set service dns forwarding listen-on switch0 ?
Hmmm, I’ve never used the EdgeRouter X, so I’m not sure. I’d think you’d need to set listening to switch0, but you may want to ask on the Ubiquiti forums. When you type the command “set service dns forwarding listen-on” then hit tab a couple times, what options are there?
If i already have DHCP have configured do i only need to configure dnsmasq of do i need to configure the other guide as well ?
Also i am using the 192.168.1.1 range, can you help me on my way.
Thanks, this was useful. I used the Config Tree UI to set this up, FWIW.
Good idea, I always forget that’s an option too!
Thanks!
This should be an option in the GUI.
Agreed! Hopefully in a future release it will be!
Hi
I already had a DHCP server running with 192.168.1.0/24 and after fiddling around i found out that i just needed the “set service dhcp-server use-dnsmasq enable” for it to work. But now i cant see any leases from the DHCP server, my laptop gets an IP and all the static leases i set earlier are still there. Neither from the GUI or from the CLI with “show dhcp leases” nothing shows up. Any idea why that could be?
Br
Anders
Anders,
Dumb question, but did you commit/save/reboot? Also, do you have similar settings to these already set?
set service dhcp-server shared-network-name LAN subnet 10.10.2.1/24 dns-server 10.10.2.1
set service dns forwarding listen-on eth1
set service dns forwarding cache-size 400
set system name-server 127.0.0.1
set service dns forwarding name-server 50.116.40.226
set service dns forwarding name-server 107.170.95.180
My LAN subnet and name-serves used are different but i found out that the DHCP lease part of the gui in 1.9 dosnt work with dnsmasq
https://community.ubnt.com/t5/EdgeMAX-Beta/DHCP-DNSmasq-Question/m-p/1638717/highlight/true#M17889
Good to know! I’m hoping it’s coming in a newer release.
Also it seems that using dnsmasq “broke” traffic analysis since it only shows the IP’s of the devices not having a static mapping. Any work arounds for this?
Honestly, I’m not sure. I would try asking on the EdgeMax forums and hope a Ubiquiti employee sees it.
dnsmasq.local?
would I be able to add this to a edgerouter ?
dhcp-option=66,,192.168.30.2
dhcp-match=x86PC, option:client-arch, 0
dhcp-match=BC_EFI, option:client-arch, 7
dhcp-boot=tag:x86PC,pxelinux.0,TFTP_Server_Name,192.168.30.2
dhcp-boot=tag:BC_EFI,\diagefi\QTSBPC.efi,TFTP_Server_Name,192.168.30.2
and how would I do it?
is there a direct file for this I can insert this code into ?
I don’t know how to do it myself, but a quick Google show it is possible.
https://community.ubnt.com/t5/EdgeMAX/DHCP-Options-66-67-not-working/m-p/1351964
https://community.ubnt.com/t5/EdgeMAX/Mitel-VoIP-Phones-with-EdgeOS-working-DHCP-options-config/m-p/1346922
I’m trying to setup an L2TP VPN server so I can remotely access shares on my local LAN. In the EdgeMax forums one of the users suggested I try dnsmasq because I was having issues accessing these shares remotely, but local access worked flawlessly.
My subnet as seen in the details of DHCP server for LAN 1 is 192.168.1.0/24, my EdgeRouter is at 192.168.1.1.
I also use a service called SmartDNSProxy that spoofs my location (I live in Costa Rica and these services are not available here) to services such as Netflix, Hulu and Amazon, and those DNS addresses are set to 169.53.235.15 and 23.21.43.50. So would these commands be correct?
configure
set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 192.168.1.1
set service dns forwarding listen-on eth1
set service dns forwarding cache-size 400
set system name-server 127.0.0.1
set service dns forwarding name-server 169.53.235.15
set service dns forwarding name-server 23.21.43.50
Does the domain name have to be home.lan or can we change that to something of our choosing?
That looks correct. Your devices will ask 192.168.1.1 for DNS, and if it can’t answer them, it will forward the requests onto 169.53.235.15 and 23.21.43.50.
You can try it with “commit”. If it works, type “save”.
If it doesn’t work, just reboot the router and it will roll back those commands.
Hello, it works fine for all my other devices, but I can’t connect to the router itself by hostname!
Can you ping or nslookup the name from any machine, or just certain machines? Is the domain name set to a two-word name (e.g. home.lan)?
ping erl.home.lan
nslookup erl.home.lan
Tried your tutorial, but when enabling DNSMasq the DNS lookup doesn’t work anymore.
my dns servers look like this
show dns forwarding nameservers
———————————————–
Nameservers configured for DNS forwarding
———————————————–
8.8.8.8 available via ‘statically configured’
8.8.4.4 available via ‘statically configured’
———————————————–
Nameservers NOT configured for DNS forwarding
———————————————–
127.0.0.1 available via ‘system’
My nameserver setup looks the same. What do you mean by “DNS lookup doesn’t work anymore”?
Nice article. There are lots of other forum posts but they all point to the old way of doing without dnsmaq. This worked like a charm
Glad to help!
Nessus scan shows the following: (I have dnsmasq setup the same)
“The remote DNS server responds to queries for third-party domains that do not have the recursion bit set.”
Any ideas on how to prevent? I looked into Interface Exceptions but that’s a no-go..
Thanks for your time.
Sorry, not sure how to prevent that. Some quick Google-ing says it’s caused by the DNS software (i.e, DNSMasq), so I’d try asking on the EdgeMax forums to start.
Excellent post. I did it in my EdgeRouter 4 v1.10.8
I suggest that to avoid overwriting configurations previously done from the web interface that are already working, first do the following commands…
configure
show service dhcp-server
show service dns
show system name-server
show system domain-name
… and then verify which of the commands in the tutorial are needed and which are already set. In my case, as I had already configured many things from the web interface, I only needed to do the following:
set system name-server 127.0.0.1
set system domain-name home.lan
set service dns forwarding name-server 66.187.76.168 (this is optional)
set service dns forwarding name-server 128.31.0.72 (this is optional)
set service dhcp-server use-dnsmasq enable
commit
save
exit
reboot
I started using the EdgeRouter today, (coming from years of dd-wrt) so this gave me an understanding of how the configuration is structured.
Enjoy!