This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
advanced-dhcpdns [2022/04/20 18:29] – rs232 | advanced-dhcpdns [2023/04/29 20:42] – [DHCP Client (WAN)] -format hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== DHCP/DNS ====== | + | ====== DHCP/DNS/TFTP ====== |
+ | |||
+ | The DHCP/ | ||
- | The Advanced / DHCP/DNS page allows you to configure advanced settings for the DHCP and DNS services for both LAN and WAN. Most of this functionality is provided by [[https:// | ||
===== DHCP Client (WAN) ===== | ===== DHCP Client (WAN) ===== | ||
Line 10: | Line 12: | ||
{{: | {{: | ||
- | **Enable DNSSEC support: ** DNSSEC is a way to secure DNS by introducing authentication for DNS servers. This prevents DNS hacking and poisoning. | + | **Enable DNSSEC support: ** DNSSEC is a way to secure DNS by introducing authentication for DNS servers. This prevents DNS hacking and poisoning. |
- | **Use dnscrypt-proxy: | + | **Use dnscrypt-proxy: |
+ | |||
+ | \\ | ||
When dnscrypt-proxy is checked, the following options/ | When dnscrypt-proxy is checked, the following options/ | ||
- | * Ephemeral Keys - If checked, a new key pair is generated for each DNS query. Use with care, this is very cpu-intensive. It may slow DNS resolution. | + | * Ephemeral Keys - If checked, a new key pair is generated for each DNS query. Use with care, as this is very cpu-intensive. It may slow DNS resolution. |
* Manual Entry - If enabled, 3 more fields are displayed: | * Manual Entry - If enabled, 3 more fields are displayed: | ||
* Resolver Address - The IP address of the dnscrypt-enabled DNS server, for example 1.2.3.4; | * Resolver Address - The IP address of the dnscrypt-enabled DNS server, for example 1.2.3.4; | ||
Line 23: | Line 27: | ||
* Resolver - This dropdown list currently contains about 200 DNS servers. Some support DNSSEC. Some don't log queries. Some are filtered. To help you choose a DNSCrypt DNS provider, import the file / | * Resolver - This dropdown list currently contains about 200 DNS servers. Some support DNSSEC. Some don't log queries. Some are filtered. To help you choose a DNSCrypt DNS provider, import the file / | ||
* Priority - Leave this at // | * Priority - Leave this at // | ||
- | * Local Port - Specifies the port on which dnscrypt-proxy communicates with FreshTomato' | + | * Local Port - Specifies the port on which dnscrypt-proxy communicates with FreshTomato DNS. It is recommended that you leave this at 40 unless you know why you're changing |
- | * Log Level - This sets the level of messages logged | + | * Log Level - When enabled, this sets the level of messages logged |
**Use Stubby (DNS-over-TLS): | **Use Stubby (DNS-over-TLS): | ||
When Stubby is enabled some extra options are appearing on your configuration: | When Stubby is enabled some extra options are appearing on your configuration: | ||
+ | |||
+ | \\ | ||
{{: | {{: | ||
- | ** Upstream resolvers: | + | \\ |
+ | |||
+ | **Upstream resolvers: | ||
+ | |||
+ | **Priority: | ||
- | ** Priority:** | ||
* Strict-Order = prefer Stubby but if this is experiencing issue fail back to "other way of resolve names" e.g. standard DNS resolution | * Strict-Order = prefer Stubby but if this is experiencing issue fail back to "other way of resolve names" e.g. standard DNS resolution | ||
* No-Resolv = If Stubby fails or has issue you will want DNS resolution not to be failed back anywhere. A.k.a. Stubby or nothing. | * No-Resolv = If Stubby fails or has issue you will want DNS resolution not to be failed back anywhere. A.k.a. Stubby or nothing. | ||
* None = This option adds stubby as a resolution method for the build in dnsmasq. Note this doesn' | * None = This option adds stubby as a resolution method for the build in dnsmasq. Note this doesn' | ||
- | ** Local Port:** The port number where Stubby is serving clients. Also note the only client for Stubby will actually be dnsmasq and this latter serves the end clients. | + | **Local Port:** The port number where Stubby is serving clients. Also note the only client for Stubby will actually be dnsmasq and this latter serves the end clients. |
- | ** Log Level:** Define here the log verbosity needed. | + | **Log Level:** Define here the log verbosity needed. |
- | ** Force TLS1.3:** Impose the usage of the latest TLS version for encryption (must be supported by the upstream). | + | **Force TLS1.3:** Impose the usage of the latest TLS version for encryption (must be supported by the upstream). |
**WINS (for DHCP):** Here, you can specify the IP address of a WINS Server which will be given to DHCP clients. This does NOT actually enable the WINS service. FreshTomato' | **WINS (for DHCP):** Here, you can specify the IP address of a WINS Server which will be given to DHCP clients. This does NOT actually enable the WINS service. FreshTomato' | ||
Line 87: | Line 96: | ||
* Infinite\\ The Static lease time is infinity | * Infinite\\ The Static lease time is infinity | ||
* Custom\\ This allows you to enter a custom Static DHCP lease time. | * Custom\\ This allows you to enter a custom Static DHCP lease time. | ||
+ | |||
+ | Retaining leases after rebooting router: Please read this [[retain_dhcp_lease_info_after_a_reboot|howto]] for additional information on optional non-volatile dhcp leases. | ||
**Announce IPv6 on LAN (SLAAC): **Enabling this turns on router advertisements for IPv6 //Stateless Address Autoconfiguration (SLAAC)// | **Announce IPv6 on LAN (SLAAC): **Enabling this turns on router advertisements for IPv6 //Stateless Address Autoconfiguration (SLAAC)// | ||
Line 118: | Line 129: | ||
**Custom configuration: | **Custom configuration: | ||
+ | ===== TFTP Server ===== | ||
+ | |||
+ | {{: | ||
+ | |||
+ | **Enable TFTP**: Starts the dnsmasq' | ||
+ | |||
+ | **TFTP root path**: Defines where the TFTP root is located in the filesystem | ||
+ | **PXE on LANx (brx)**: Allows PXE (Pre Boot Execution) on one or more bridges. PXE is designed for diskless clients where a PXE client can just obtain an IP via DHCP and a TFTP location where the booting code is to be found (syslinux is for example a good application for this). | ||
===== DHCP / DNS Notes ===== | ===== DHCP / DNS Notes ===== | ||
- | * Do not use results from: [[https:// | + | * Do not use results from: [[https:// |
- | * DNSSEC and DNSCrypt / Stubby complement each other. | + | * DNSSEC and DNSCrypt / Stubby complement each other. |