I wanted to have an outside domain name resolve to a computer inside my local private network. I am tyring out duckdns.org to handle the resolution. The DNS resolves fine outside of my local network, yet locally the fqdn will not resolve. To enable this, a local dns needs to handle the request, routing to the local server.
This is where the raspberry pi dns comes in. I'm running Raspbian GNU/Linux 9 (stretch), a Debian variant. http://www.raspbian.org/
I have been unable to get dnsmasq to start correctly on reboot. Nothing stands out in daemon.log
. sudo service dnsmasq status
shows one particular line that is different from the status of a reboot vs a manual service restart:
Ignoring query from non-local network
I've tried unsuccessfully to use systemd
recipe to control the service following this https://unix.stackexchange.com/a/355661/108169
Also tried to use the debian systemd service recipe from the author's repo https://raw.githubusercontent.com/imp/dnsmasq/master/debian/systemd.service
Finally, resorted to @reboot
in crontab. but that didnt' work either.
So, for now, after every reboot, I need to manually restart dnsmasq sudo service dsnmasq restart
.
Initial instructions for dnsmasq DNS only, taken from here: https://kristianreese.com/2019/05/06/Home-Lab-DNS-Using-dnsmasq-and-Puppet/
This will use the /etc/hosts
file as the lookup to resolve the hostnames to ip's.
the final dnsmasq.conf
domain-needed
bogus-priv
domain=foureyes
expand-hosts
local=/foureyes/
no-dhcp-interface=eth0
no-resolv
no-poll
# open dns
server=208.67.222.222
server=208.67.220.220
The final /etc/hosts
- I only added the last line. Everything else was already there.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 raspberrypi
192.168.0.69 testsite.foureyes testsite
When I got this runing on the pi, with static ip 192.168.0.10, I could lookup the DNS entries locally:
$ nslookup testsite 192.168.0.10
Server: 192.168.0.10
Address: 192.168.0.10#53
Name: testsite
Address: 192.168.0.69
But on a local machine on the same network, I could not resolve the local route. dig
produced a similar timeout.
nslookup testsite 192.168.0.10
;; connection timed out; no servers could be reached
After many hours of research and troubleshooting I realized port 53 was not open on the pi. Reading through https://raspberrypi.stackexchange.com/a/79481/21929 led me to ufw
. Turns out ufw
is installed on the pi and was handling the port mapping. Only a handful of ports where open - but not port 53.
See the debug section below on how to probe ports on your local lan. This helped determine what ports where open.
sudo ufw allow 53
sudo ufw enable
sudo reboot
Now, the current port list:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
5900 ALLOW IN Anywhere
22 ALLOW IN Anywhere
3000 ALLOW IN Anywhere
53 ALLOW IN Anywhere
5900 (v6) ALLOW IN Anywhere (v6)
22 (v6) ALLOW IN Anywhere (v6)
3000 (v6) ALLOW IN Anywhere (v6)
53 (v6) ALLOW IN Anywhere (v6)
OMG now the route resolves!
From the other local machine:
$ nslookup testsite 192.168.0.10
Server: 192.168.0.10
Address: 192.168.0.10#53
Name: testsite
Address: 192.168.0.69
Below are a few tools I ignorantly used to troubleshoot. nslookup
and dig
produce similar results for me. I'm sure they have some other uses that differentiate one from the other.
$ nslookup domainName dnsServerIP
dig @dnsServerIP domainName
see what ports are open on a remote ip. this tool I found the most useful.
$ nmap -Pn 192.168.0.10
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-05 20:41 PST
Nmap scan report for 192.168.0.10
Host is up (0.0059s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3000/tcp open ppp
5900/tcp open vnc
Nmap done: 1 IP address (1 host up) scanned in 6.52 seconds
Once the pi is running dnsmasq with the correct ports open, I added the pi's static ip address to the wifi router. This is the router that came from my isp. It also handles all DHCP for the lan.
Now all machines on the network can resolve these local domain names.
I've relocated my article from the link above to https://kristianreese.com/2019/05/06/Home-Lab-DNS-Using-dnsmasq-and-Puppet/
Just FYI! Thanks for linking