====== DHCP Server - dnsmasq ====== By default, Endian Firewall is enabled with dhcpd. dnsmasq is also installed, but cannot serve computer names managed by dhcpd. For this reason, I have disabled dhcpd and modified the dnsmasq settings to act as a DNS and DHCP server. You need to setup the config files that will get loaded by dnsmasq when it starts. ===== Configuration ===== ==== Edit /etc/dnsmasq/dnsmasq.d/custom.conf, following are minimum entries, expand as you need ==== # never forward plain names domain-needed # never forward addresses in the non-routed address spaces bogus-priv # do no poll /etc/resolv.conf for changes no-poll # Add other name servers here, with domain specs if they are for # non-public domains. server=168.126.63.1 server=168.126.63.2 # specify interfaces where dnsmasq will listen for DHCP and DNS requests # add the bridge for the green and the orange network interface=br0 interface=br1 # add the domain to simple names automatically expand-hosts # define the domain name domain=condrau.com # enable the dhcp server for the green interface only dhcp-range=br0,192.168.1.100,192.168.27.200,12h # add clients identified by adapter or name to obtain static addresses # dhcp-host=00:00:00:00:00:00,laptop,192.168.1.20 # dhcp-host=desktop,192.168.1.21 # Add domains which you want to force to an IP address here. # The example below send any host in doubleclick.net to a local # webserver. address=/doubleclick.net/127.0.0.1 ==== Modify /etc/dnsmasq/dnsmasq.conf.tmpl as follows ==== # the main configuration file is found in 'conf-dir' # bco, 2014-01-18 #if $DNSMASQ_ANTISPYWARE == 'on' conf-file=/var/signatures/dnsmasq/blackholedns.conf #end if conf-dir=/etc/dnsmasq/dnsmasq.d #if $DS.dnsmasq.local_nameserver #for $zone in $DS.dnsmasq.local_nameserver #if $zone.DOMAIN and $zone.IP server=/$zone.DOMAIN/$zone.IP #end if #end for #end if #try #include "/var/efw/dnsmasq/dnsmasq.custom.tmpl" #except #pass #end try This is necessary so you can make all dnsmasq settings in /etc/dnsmasq/dnsmasq.d/custom.conf, except for the ones which are controlled through Endian's web interface. ==== Stop dhcpd and restart dnsmasq ==== You first must disable dhcpd in the web interface of efw, menu **Services**, otherwise the internal settings will not be set properly. After that, do the following commands on the command line. /etc/init.d/dhcpd stop /etc/init.d/dnsmasq restart This guide was taken from [[http://www.efwsupport.com/index.php?topic=396.0|LAN Clients DNS-Records via DHCP]] and adapted to my setup. ==== Trace DNS queries ==== nslookup -debug condrau.com ===== Web interface ===== Navigate to Menu **Services** and make sure DHCP is disabled for all networks. Then, modify /home/httpd/cgi-bin/dhcp.cgi: # disable activation of DHCP server if DNSMASQ handles DHCP requests # bco, 2014-01-18 my $dnsmasq = 1; Find line 536 in the original file which should contain "&openbox('100%', 'left', 'DHCP');" and insert the following lines before line 536: if ($dnsmasq == 1) { &openbox('100%', 'left', 'DHCP'); printf <DNSMASQ to serve DHCP leases. Please modify '/etc/dnsmasq/dnsmasq.conf.tmpl' for changes. (bco, 2014-01-18) END ; &closebox(); } else { Insert before line 890 of the original file (just before "&closebigbox();": }#if bco To add an info box which displays the current leases, add the following code between "&closebox();" and "} else {": my $leases = "/var/lib/misc/dnsmasq.leases"; use POSIX qw(strftime); # bco, 2014-03-09 &openbox('100%', 'left', 'Current leases ('.strftime("%Y-%m-%d, %H:%M:%S", localtime()).')'); open my $file, "<", $leases or die "$leases: $!"; print 'Lease expiresMac addressIP addressHostname'; my $i = 0; while (my $line = <$file>) { @elements = split(/ /,$line); $i = 0; foreach (@elements) { if ($i == 0) { print strftime("%Y-%m-%d, %H:%M:%S", localtime($_)); print ''; } elsif ($i <= 3) { print $_; print ''; } else { } $i = $i + 1; } print ''; } close $file; &closebox(); ===== Replace client ===== If you need to replace a client with a static IP address, do the following: # /etc/init.d/dnsmasq stop # vim /etc/dnsmasq/dnsmasq.d/custom.conf # replace the client's MAC address # rm /var/lib/misc/dnsmasq.leases # /etc/init.d/dnsmasq start ===== Trouble Shooting ===== * [[http://tomoconnor.eu/blogish/how-to-find-rogue-dhcp-server-your-network/|Find a Rogue DHCP Server on your network]] * [[http://community.spiceworks.com/topic/407813-find-rogue-dhcp-server|Find Rogue DHCP Server]]