1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS domain controller problems with Tomato

Discussion in 'Tomato Firmware' started by Sweeper5555, May 9, 2013.

  1. Sweeper5555

    Sweeper5555 Reformed Router Member

    I am running Tomato V28 on a Linksys WRT54GL with a wireless bridge as I cannot stretch a cable due to renting the apartment.
    Anyways, I am trying to add a domain controller running Samba 4, this has its own internal DNS and I own a domain that I wish all of the requests to from the internal network, is sent to the domain controller's DNS server.
    For that I am starting to bang my head on the wall here, for starters I cannot change the DNS servers on Tomato as that will cause a DNS loop (Tomato sends requests it can't fullfill to the domain controller and the domain controller sends it to the Tomato) which isn't an ideal situation.
    I tried using dnsmasq --server and -S specifying requests to my domain to be excempted and sent to my domain controller, this however doesn't happen or work at all.

    The result from that change to the DNSMasq results in NO hostnames being resolved and I lose internet connectivity, weather this is a bug in Tomato or not I don't know.
    I also do not seem to have any way to change the dns options the DHCP server sends out, if I could make it send out the DNS server to my domain controller instead of its own, that would also help.
    At the moment the temporary work around is to manually set the DNS but that gets tedious and doesn't make domain joining as flawless as I want it to.

    So any solutions or ideas for this problem?
     
  2. philess

    philess Networkin' Nut Member

    Have you tried adding your DNS server adress as DHCP option in the DNSmasq custom config?

    Code:
    dhcp-option=dns-server,192.168.1.150
    And while youre at it, it might be good to tell your DHCP clients about the WINS server too:

    Code:
    dhcp-option=netbios-ns,192.168.1.150
    After adding those lines and pressing save, do a "cat /etc/dnsmasq.conf" to make
    sure your lines have been added at the bottom of the config file.
     
  3. Sweeper5555

    Sweeper5555 Reformed Router Member

    Tried that too, also made it drop connections... I can browse the UI in the router just fine, but DNS just goes offline.
     
  4. philess

    philess Networkin' Nut Member

  5. Sweeper5555

    Sweeper5555 Reformed Router Member

    Alright now we are getting somewhere, I now made it spit out an error in the logs at least.
    May 9 18:33:01 tomato daemon.crit dnsmasq[493]: bad dhcp-option at line 20 of /etc/dnsmasq.conf
    May 9 18:33:01 tomato daemon.crit dnsmasq[493]: FAILED to start up
    May 9 18:33:02 tomato daemon.crit dnsmasq[494]: bad dhcp-option at line 20 of /etc/dnsmasq.conf
    May 9 18:33:02 tomato daemon.crit dnsmasq[494]: FAILED to start up

    SSH'ing in and checking out that line it is the one from the GUI with the dns-server.
    It is running version 2.55 of dnsmasq so is it too old to support that option?
    Looking through the manual to see if I can find any valid ones, but so far, nothing about DNS, there is PXEclient, but I won't be needing that just yet.
    EDIT: If I keep my router clear of any dnsmasq setting, then yes everything works when I set the DNS server manually.
    Presently the domain controller just forwards requests it doesn't know about, I am using a .com rather than .local or .home... But I own the .com and it is pointed at my public IP anyway.

    EDIT 2: Solved, for now it seems to be in working order...
    The problem is that it doesn't accept "dhcp-option=dns-server,192.168.1.150"
    Instead I had to use the service number for it, so the command changed to: dhcp-option=6,192.168.1.150
    To get that number for other purposes or if a similar problem on your device, you need shell access and execute the command: "dnsmasq --help dhcp" and it will list all of the options for the DHCP.
     
  6. philess

    philess Networkin' Nut Member

    Yes i was just about to suggest that. Using the option number instead of name.
    Your DNSmasq version is quite old. I am glad you got it working.
     
  7. Monk E. Boy

    Monk E. Boy Network Guru Member

    The only reason a loop would exist is if you have Tomato intercepting all routed DNS packets and forwarding them to Tomato, then have Tomato configured to talk to the internal DNS server.

    You probably don't even need to do anything this elaborate, just configure the internal DNS server on the Basic -> Network -> LAN section, which will get handed to clients (and used by Tomato), then disable DNS interception in Advanced -> DHCP/DNS -> Intercept DNS port. Clients, like your DNS server, will then be able to talk out port 53 without getting intercepted by Tomato.

    An alternative would be to create an iptables rule - above the rule that's intercepting DNS - that allows your server to get through on port 53, allowing all others to be intercepted. This would be trickier but still doable.
     
  8. gfunkdave

    gfunkdave LI Guru Member

    On Basic-Network, type your Samba box's IP as the first DNS server. Populate the other DNS options with Google DNS or OpenDNS. In your Samba server, configure DNS forwarding and set Google DNS as the forwarder.

    Configure DNSMasq to be the DNS server on your LAN.

    Done.
     
  9. Monk E. Boy

    Monk E. Boy Network Guru Member

    There is an issue with Active Directory systems (which uses DNS) logging into domains if Tomato is caching DNS functions.
     
  10. gfunkdave

    gfunkdave LI Guru Member

    Interesting. I've gotten lucky, then, and not run into it. I use an RT-N16 as the main gateway for a Windows domain network, set up as I've outlined above. It's been working fine for a year or so.

    I think you need to set the domain name in Basic-Identification to be the same as the Windows domain name, though.
     
  11. Monk E. Boy

    Monk E. Boy Network Guru Member

    I think the problem occurs if a client needs to create/change DNS records and not just read them.

    I don't use Tomato for DNS resolution in AD environments to be honest, if a better/faster/more capable DNS server is on the network why not use it.
     
  12. gfunkdave

    gfunkdave LI Guru Member

    Good point. Perhaps I'll re-set things.
     

Share This Page