Hi,
hope someone could help.
It seems dnsmasq is not recognizing not all of my DNS requests. That's quite bad, because I would like to block some domains dnsmasq's address=/../.. feature. For that I have to ensure that all DNS-Requests are answered from dnsmasq -- what is not the case.
This is my setup.
Code:
Router-from-ISP Ubuntu-Router (DNSMASQ)
Internet <---> 192.168.0.1 <-----> 192.168.0.253 (br0:1) Clients (Windows, Android, Linux)
192.168.1.1 (br0) <-----> 192.168.1.100-192.168.1.100.150
One might ask "why"? I can not change the router, because the cable provider only allow their own devices. But the router from ISP does only allow some settings, e.g., blocking some urls or adding a route is not possible. That's why I want to realize DNS-caching by my own. I can not manually configure the clients; DHCP is all what I can do for them.
This is configuration of Ubuntu-Router:
1. Interfaces
Code:
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
bridge_ports p1p1 wlan1
address 192.168.2.1
network 192.168.2.0
netmask 255.255.255.0
broadcast 192.168.2.255
auto br0:1
iface br0:1 inet static
address 192.168.0.253
netmask 255.255.255.0
broadcast 192.168.0.255
network 192.168.0.0
gateway 192.168.0.1
up /sbin/iptables -F
up /sbin/iptables -X
up /sbin/iptables -t nat -F
up /sbin/iptables -A FORWARD -o br0:1 -i br0 -m conntrack --ctstate NEW -j ACCEPT
up /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
up /sbin/iptables -A POSTROUTING -t nat -j MASQUERADE
up /etc/init.d/hostapd restart
up /etc/init.d/dnsmasq restart
2. Resolv.conf
Code:
nameserver 127.0.0.1
nameserver 192.168.0.1
3. dnsmasq.conf
Code:
address=/double-click.net/127.0.0.1
address=/doubleclick.net/127.0.0.1
address=/doubleclickbygoogle.com/127.0.0.1
address=/doubleclickbygoogle.net/127.0.0.1
address=/google-analytics.com/127.0.0.1
address=/google-analytics.net/127.0.0.1
address=/ssl.google-analytics.com/127.0.0.1
address=/googleanalytics.com/127.0.0.1
address=/googleanalytics.net/127.0.0.1
address=/facebook.com/127.0.0.1
interface=lo
interface=br0
server=192.168.0.1
listen-address=127.0.0.1
listen-address=::1
listen-address=192.168.2.1
dhcp-range=192.168.2.200,192.168.2.250,255.255.255.0,12h
dhcp-option=121,192.168.2.0/24,192.192.168.2.1
log-queries
log-dhcp
4. syctrl.conf
Code:
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.br0.disable_ipv6 = 1
net.ipv6.conf.br0:1.disable_ipv6 = 1
What happens now is something like this: If I connect one client via DHCP dnsmasq is logging this:
Code:
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 Klient stellt Name bereit: santorin
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 DHCPREQUEST(br0) 192.168.2.231 a0:88:b4:75:69:94
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 Marken: br0
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 DHCPACK(br0) 192.168.2.231 a0:88:b4:75:69:94 santorin
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 angeforderte Optionen: 1:netmask, 28:broadcast, 2:time-offset, 3:router,
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 angeforderte Optionen: 15:domain-name, 6:dns-server, 119:domain-search,
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 angeforderte Optionen: 12:hostname, 44:netbios-ns, 47:netbios-scope,
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 angeforderte Optionen: 26:mtu, 121:classless-static-route, 42:ntp-server,
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 angeforderte Optionen: 121:classless-static-route, 249, 33:static-route,
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 angeforderte Optionen: 252, 42:ntp-server
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 Nächster Server: 192.168.2.1
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 1 option: 53 message-type 5
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 4 option: 54 server-identifier 192.168.2.1
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 4 option: 51 lease-time 12h
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 4 option: 58 T1 6h
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 4 option: 59 T2 10h30m
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 4 option: 1 netmask 255.255.255.0
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 4 option: 28 broadcast 192.168.2.255
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 4 option: 3 router 192.168.2.1
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 4 option: 6 dns-server 192.168.2.1
Oct 14 22:34:43 sithonia dnsmasq-dhcp[1047]: 1863487321 sent size: 8 option: 12 hostname santorin
This looks from my point of view very well. But if I browse the internet on the client, just some of dns queries apper in the internet:
Code:
Oct 14 22:19:34 sithonia dnsmasq[1072]: query[A] button.flattr.com from 192.168.2.231
Oct 14 22:19:34 sithonia dnsmasq[1072]: forwarded button.flattr.com to 192.168.0.1
Oct 14 22:19:34 sithonia dnsmasq[1072]: reply button.flattr.com is 104.20.15.50
In this case the server was "taz.de" but just some buttons apper in the dnsmasq log. And I can browse "facebook.com" which I turned to Ubuntu-Routers IP.
Any idea why dns queries are only partly answered by dnsmasq?