====== DHCP Server - dnsmasq ======

By default, Endian Firewall is enabled with dhcpd. dnsmasq is also installed, but cannot serve computer names managed by dhcpd. For this reason, I have disabled dhcpd and modified the dnsmasq settings to act as a DNS and DHCP server. You need to setup the config files that will get loaded by dnsmasq when it starts.

===== Configuration =====

==== Edit /etc/dnsmasq/dnsmasq.d/custom.conf, following are minimum entries, expand as you need ====

  # never forward plain names
  domain-needed
  
  # never forward addresses in the non-routed address spaces
  bogus-priv
  
  # do no poll /etc/resolv.conf for changes
  no-poll
  
  # Add other name servers here, with domain specs if they are for
  # non-public domains.
  server=168.126.63.1
  server=168.126.63.2
  
  # specify interfaces where dnsmasq will listen for DHCP and DNS requests
  # add the bridge for the green and the orange network
  interface=br0
  interface=br1
  
  # add the domain to simple names automatically
  expand-hosts
  
  # define the domain name
  domain=condrau.com
  
  # enable the dhcp server for the green interface only
  dhcp-range=br0,192.168.1.100,192.168.27.200,12h
  
  # add clients identified by adapter or name to obtain static addresses
  # dhcp-host=00:00:00:00:00:00,laptop,192.168.1.20
  # dhcp-host=desktop,192.168.1.21
  
  # Add domains which you want to force to an IP address here.
  # The example below send any host in doubleclick.net to a local
  # webserver.
  address=/doubleclick.net/127.0.0.1
==== Modify /etc/dnsmasq/dnsmasq.conf.tmpl as follows ====

  # the main configuration file is found in 'conf-dir'
  # bco, 2014-01-18
  #if $DNSMASQ_ANTISPYWARE == 'on'
  conf-file=/var/signatures/dnsmasq/blackholedns.conf
  #end if
  conf-dir=/etc/dnsmasq/dnsmasq.d
  #if $DS.dnsmasq.local_nameserver
    #for $zone in $DS.dnsmasq.local_nameserver
      #if $zone.DOMAIN and $zone.IP
  server=/$zone.DOMAIN/$zone.IP
      #end if
    #end for
  #end if
  
  #try
  #include "/var/efw/dnsmasq/dnsmasq.custom.tmpl"
  #except
  #pass
  #end try
This is necessary so you can make all dnsmasq settings in /etc/dnsmasq/dnsmasq.d/custom.conf, except for the ones which are controlled through Endian's web interface.

==== Stop dhcpd and restart dnsmasq ====

You first must disable dhcpd in the web interface of efw, menu **Services**, otherwise the internal settings will not be set properly. After that, do the following commands on the command line.

  /etc/init.d/dhcpd stop
  /etc/init.d/dnsmasq restart

This guide was taken from [[http://www.efwsupport.com/index.php?topic=396.0|LAN Clients DNS-Records via DHCP]] and adapted to my setup.

==== Trace DNS queries ====
  nslookup -debug condrau.com

===== Web interface =====

Navigate to Menu **Services** and make sure DHCP is disabled for all networks. Then, modify /home/httpd/cgi-bin/dhcp.cgi:
  # disable activation of DHCP server if DNSMASQ handles DHCP requests
  # bco, 2014-01-18
  my $dnsmasq = 1;

Find line 536 in the original file which should contain "&openbox('100%', 'left', 'DHCP');" and insert the following lines before line 536:
  if ($dnsmasq == 1) {
  &openbox('100%', 'left', 'DHCP');
  printf <<END
  This machines uses <b>DNSMASQ</b> to serve DHCP leases.
  Please modify '/etc/dnsmasq/dnsmasq.conf.tmpl' for changes.
  (bco, 2014-01-18)
  END
  ;
  &closebox();
  } else {

Insert before line 890 of the original file (just before "&closebigbox();":
  }#if bco

To add an info box which displays the current leases, add the following code between "&closebox();" and "} else {":
  my $leases = "/var/lib/misc/dnsmasq.leases";
  use POSIX qw(strftime);
  # bco, 2014-03-09
  &openbox('100%', 'left', 'Current leases ('.strftime("%Y-%m-%d, %H:%M:%S", localtime()).')');
  open my $file, "<", $leases or die "$leases: $!";
  print '<b><u>Lease expires</td><td><b><u>Mac address</td><td><b><u>IP address</td><td><b><u>Hostname</td></tr><tr><td>';
  my $i = 0;
  while (my $line = <$file>) {
    @elements = split(/ /,$line);
    $i = 0;
    foreach (@elements) {
      if ($i == 0) {
        print strftime("%Y-%m-%d, %H:%M:%S", localtime($_));
        print '</td><td>';
      } elsif ($i <= 3) {
        print $_;
        print '</td><td>';
      } else {
      }
      $i = $i + 1;
    }
    print '</td></tr><tr><td>';
  }
  close $file;
  &closebox();

===== Replace client =====

If you need to replace a client with a static IP address, do the following:
  # /etc/init.d/dnsmasq stop
  # vim /etc/dnsmasq/dnsmasq.d/custom.conf # replace the client's MAC address
  # rm /var/lib/misc/dnsmasq.leases
  # /etc/init.d/dnsmasq start

===== Trouble Shooting =====

  * [[http://tomoconnor.eu/blogish/how-to-find-rogue-dhcp-server-your-network/|Find a Rogue DHCP Server on your network]]
  * [[http://community.spiceworks.com/topic/407813-find-rogue-dhcp-server|Find Rogue DHCP Server]]