This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
advanced-dhcpdns [2023/05/29 04:01] – [TFTP Server] -resize screenshot: "pasted:20230425-142248.png" to 744x148 hogwild | advanced-dhcpdns [2023/06/10 01:32] – [DHCP Client (WAN)] -condense hogwild | ||
---|---|---|---|
Line 12: | Line 12: | ||
{{: | {{: | ||
- | **Enable DNSSEC support: ** DNSSEC is a way to secure DNS by introducing authentication for DNS servers. This prevents DNS hacking and poisoning. DNSSEC is not encrypted, to keep it backward-compatible with traditional DNS. If the authoritative DNS server | + | **Enable DNSSEC support: ** DNSSEC is a way to secure DNS by introducing authentication for DNS servers. This prevents DNS hacking and poisoning. If the authoritative DNS server |
- | **Use dnscrypt-proxy: | + | DNSSEC is not encrypted, to keep it backward-compatible with traditional DNS. Enable this if your chosen DNS server supports it for enhanced security. |
+ | |||
+ | **Use dnscrypt-proxy: | ||
\\ When dnscrypt-proxy is checked, the following options/ | \\ When dnscrypt-proxy is checked, the following options/ | ||
Line 20: | Line 22: | ||
\\ | \\ | ||
- | * Ephemeral Keys - If checked, a new key pair is generated for each DNS query. Use this with care. It is very cpu-intensive, | + | * Ephemeral Keys - If checked, a new key pair is generated for each DNS query. Use this with care. It is very cpu-intensive, |
* Manual Entry - If enabled, 3 more fields are displayed: | * Manual Entry - If enabled, 3 more fields are displayed: | ||
Line 32: | Line 34: | ||
* Some are filtered. | * Some are filtered. | ||
- | * Priority - This should be left at // | + | * Priority - This should be left at // |
- | * Local Port - Specifies the port on which dnscrypt-proxy communicates with FreshTomato DNS. Leave this at 40 unless you're a highly advanced user. Do NOT set it to 53, as this may create a loop. | + | * Local Port - Specifies the port on which dnscrypt-proxy communicates with FreshTomato DNS. Leave this at 40 \\ unless you're a highly advanced user. Do NOT set it to 53, as doing so may create a loop. |
- | | + | |
- | **Use Stubby (DNS-over-TLS): | + | **Use Stubby (DNS-over-TLS): |
\\ | \\ | ||
Line 48: | Line 50: | ||
\\ | \\ | ||
- | **Upstream resolvers: | + | **Upstream resolvers: |
**Priority: | **Priority: | ||
- | * Strict-Order: | + | * Strict-Order |
- | * No-Resolv: | + | * No-Resolv |
- | * None: | + | * None - This adds stubby as a resolution method for dnsmasq. This alone does not guarantee. |
- | **Local Port: | + | \\ |
+ | |||
+ | **Local Port: | ||
- | **Log Level: | + | **Log Level: |
**Force TLS1.3: | **Force TLS1.3: | ||
- | **WINS (for DHCP):** Here you specify the IP address of a WINS Server that will be given to DHCP clients. This does NOT actually enable the WINS service. FreshTomato' | + | **WINS (for DHCP):** Here you specify the IP address of a WINS Server that will be given to DHCP clients. This does NOT actually enable the WINS service. FreshTomato' |
- | Windows Internet Name Service (WINS) is a legacy name registration and resolution service that maps computer | + | Windows Internet Name Service (WINS) is a legacy name resolution service that maps NetBIOS names to IP addresses. Officially, |
**DHCPC Options: | **DHCPC Options: | ||
- | **Reduce Packet Size:** //udhcpc// (the DHCP client FreshTomato uses to obtain a WAN IP address) has a problem. It has a DHCP discovery packet size 590 bytes long. However, DHCP relay servers can only handle DHCP discovery packets up to 576 bytes. If there are DHCP relay servers between your FreshTomato router and your Internet provider' | + | **Reduce Packet Size:** //udhcpc// (the DHCP client FreshTomato uses to obtain a WAN IP address) has a problem. It has a DHCP discovery packet size 590 bytes long. However, DHCP relay servers can only handle DHCP discovery packets up to 576 bytes. If there are DHCP relay servers between your FreshTomato router and your Internet provider' |
+ | |||
+ | The extra bytes appeared to be entirely padding, and therefore unnecessary. FreshTomato developers eliminated the padding, | ||
Line 152: | Line 158: | ||
**TFTP root path**: Text entered here defines where TFTP root is located in the filesystem. | **TFTP root path**: Text entered here defines where TFTP root is located in the filesystem. | ||
- | **PXE on LANx (brx)**: Enbables PXE (Pre Boot eXecution Environment) on one or more bridges. PXE was designed for diskless clients. A PXE client can obtain an IP address via DHCP and, once obtained, download boot code via a TFTP location. Syslinux is a good example of how these principles/ | + | **PXE on LANx (brx)**: Enbables PXE (Pre Boot eXecution Environment) on one or more bridges. PXE was designed for diskless clients. A PXE client can obtain an IP address via DHCP and, once obtained, download boot code via a TFTP location. Syslinux is a good example of these principles/ |