Differences

This shows you the differences between two versions of the page.

--- advanced-dhcpdns [2023/05/29 04:01] – [TFTP Server] -resize screenshot: "pasted:20230425-142248.png" to 744x148 hogwild
+++ advanced-dhcpdns [2023/06/10 01:32] – [DHCP Client (WAN)] -condense hogwild
@@ Line 12: / Line 12: @@
 {{:pasted:20220119-170756.png}}\\  \\
-**Enable DNSSEC support: ** DNSSEC is a way to secure DNS by introducing authentication for DNS servers. This prevents DNS hacking and poisoning. DNSSEC is not encrypted, to keep it backward-compatible with traditional DNS. If the authoritative DNS server is DNSSEC-enabled, enabling DNSSEC ensures your DNS queries are answered by that authoritative DNS server, and not an imposter. Enable this if your chosen DNS server supports it for enhanced security.
+**Enable DNSSEC support: ** DNSSEC is a way to secure DNS by introducing authentication for DNS servers. This prevents DNS hacking and poisoning. If the authoritative DNS server has DNSSEC, enabling DNSSEC ensures your DNS queries are answered by that DNS server, and not an imposter.
-**Use dnscrypt-proxy:  **DNSCrypt works to encrypt DNS resolution. When a DNSCrypt-enabled server is chosen, a unique key pair is generated and regenerated every hour. Queries are then encrypted using the generated key pair before being sent to the server, usually on TCP port 443. The reply is similarly encrypted. Checking //Use dnscrypt-proxy// enables FreshTomato's built-in dnscrypt proxy client. The dnscrypt module and Stubby cannot both be used at the same time.
+DNSSEC is not encrypted, to keep it backward-compatible with traditional DNS. Enable this if your chosen DNS server supports it for enhanced security.
+**Use dnscrypt-proxy:  **DNSCrypt encrypts DNS resolution. When a DNSCrypt-enabled server is chosen, a unique key pair is generated and regenerated every hour. Queries are then encrypted using the generated key pair before being sent to the server, usually on TCP port 443. The reply is similarly encrypted. Checking //Use dnscrypt-proxy// enables the built-in dnscrypt proxy client. The dnscrypt module and Stubby cannot be used at the same time.
  \\ When dnscrypt-proxy is checked, the following options/fields are revealed:
@@ Line 20: / Line 22: @@
  \\
-  * Ephemeral Keys - If checked, a new key pair is generated for each DNS query. Use this with care. It is very cpu-intensive, so it may slow DNS resolution.
+  * Ephemeral Keys - If checked, a new key pair is generated for each DNS query. Use this with care. It is very cpu-intensive, \\ so it may slow DNS resolution.
   * Manual Entry - If enabled, 3 more fields are displayed:
@@ Line 32: / Line 34: @@
     * Some are filtered.
-  * Priority - This should be left at //no-resolv// to prevent DNS leaks.  This should never be a choice when using DNSCRYPT. Also, to prevent leaks, enable //Intercept DNS port//.
+  * Priority - This should be left at //no-resolv// to prevent DNS leaks.  This should never be a choice when using DNSCRYPT. \\ Also, to prevent leaks, enable //Intercept DNS port//.
-  * Local Port - Specifies the port on which dnscrypt-proxy communicates with FreshTomato DNS. Leave this at 40 unless you're a highly advanced user. Do NOT set it to 53, as this may create a loop.
+  * Local Port - Specifies the port on which dnscrypt-proxy communicates with FreshTomato DNS. Leave this at 40 \\ unless you're a highly advanced user. Do NOT set it to 53, as doing so may create a loop.
- \\   \\  To help you choose a DNSCrypt DNS provider, import the file /etc/dnscrypt-resolvers.csv in a spreadsheet. Once chosen, the server's IP address, provider name, and public key can be taken from that file.
+ \\   \\ To help you choose a DNSCrypt DNS provider, import the file /etc/dnscrypt-resolvers.csv in a spreadsheet. Once chosen, \\ the server's IP address, provider name, and public key can be taken from that file.
-**Use Stubby (DNS-over-TLS):** This enhances DNS privacy. Checking this enables Stubby, a DNS Stub resolver. DNS over TLS (or "DoT") sends DNS queries over a secure connection, encrypted with TLS. TLS is the same technology that encrypts secure Web traffic. This prevents third parties from seeing your DNS queries.
+**Use Stubby (DNS-over-TLS):** This enhances DNS privacy. Checking this enables Stubby, a DNS Stub resolver. \\ DNS over TLS (or "DoT") sends DNS queries over a secure connection, encrypted with TLS. TLS is the same technology \\ that encrypts secure Web traffic. This prevents third parties from seeing your DNS queries.
  \\
@@ Line 48: / Line 50: @@
  \\
-**Upstream resolvers:** Here, you can specify the upstream servers responsible for performing the actual name resolution.
+**Upstream resolvers:** Here, you specify the upstream servers responsible for performing the actual name resolution.
 **Priority:**
-  * Strict-Order:  Stubby is tried first, but if it experiences issues, fallback to other methods of name resolution, such as standard DNS.
+  * Strict-Order - Stubby is tried first, but if it experiences issues, fallback to other methods of name resolution, such as standard DNS.
-  * No-Resolv:  If Stubby fails or has issues, there will be no fallback to other DNS resolution methods anywhere.
+  * No-Resolv - If Stubby fails or has issues, there will be no fallback to other DNS resolution methods anywhere.
-  * None:  This adds stubby as a resolution method for the built-in dnsmasq. This alone does not guarantee.
+  * None - This adds stubby as a resolution method for dnsmasq. This alone does not guarantee.
-**Local Port:** The port number on which Stubby will serve clients. Note that dnsmasq will be the only client for Stubby, but it is dnsmasq that serves clients.
+ \\
+**Local Port:** This is the port number on which Stubby serves clients. Dnsmasq will be the only client for Stubby, \\ but it is dnsmasq that serves clients.
-**Log Level:** Allows you to choose what level of details is written in log entries.
+**Log Level:** Here, you can choose what level of details is written in log entries.
 **Force TLS1.3:**  Enforces usage of the latest TLS version for encryption. This must be supported upstream.
-**WINS (for DHCP):** Here you specify the IP address of a WINS Server that will be given to DHCP clients. This does NOT actually enable the WINS service. FreshTomato's WINS Server function is enabled on the //[[:nas-samba|File Sharing]]// menu.
+**WINS (for DHCP):** Here you specify the IP address of a WINS Server that will be given to DHCP clients. This does NOT actually enable the WINS service. FreshTomato's WINS Server function is enabled on the [[:nas-samba|File Sharing]] menu.
-Windows Internet Name Service (WINS) is a legacy name registration and resolution service that maps computer NetBIOS names to IP addresses. Officially, WINS is outdated and largely obsolete. DNS was supposed to have replaced WINS functionality. However, Microsoft has not officially deprecated WINS. WINS may still be necessary for some Windows LAN browsing functions, especially on old Windows versions.
+Windows Internet Name Service (WINS) is a legacy name resolution service that maps NetBIOS names to IP addresses. Officially, it's outdated and largely obsolete. DNS was supposed to replace WINS functionality. However, Microsoft has not officially deprecated WINS. WINS may still be necessary for some Windows LAN browsing functions on old Windows versions.
 **DHCPC Options:**  In this field you can enter custom configuration settings for the dhcp client.
-**Reduce Packet Size:** //udhcpc// (the DHCP client FreshTomato uses to obtain a WAN IP address) has a problem. It has a DHCP discovery packet size 590 bytes long. However, DHCP relay servers can only handle DHCP discovery packets up to 576 bytes. If there are DHCP relay servers between your FreshTomato router and your Internet provider's DHCP server, FreshTomato might fail to acquire a DHCP lease on the WAN interface.  The extra bytes appeared to be entirely padding, and not necessary.  FreshTomato developers eliminated the padding, which reduced udhcpc's DHCP discovery packet size to only 331 bytes. This 331 byte size eventually became FreshTomato's default setting. This way, udhcpc can successfully obtain a DHCP lease from a provider which might have DHCP relays. However, some users may not be able to obtain a WAN IP address unless they disable this feature. (Default: Enabled). <del>Please note this has now been removed from the FT GUI.</del>
+**Reduce Packet Size:** //udhcpc// (the DHCP client FreshTomato uses to obtain a WAN IP address) has a problem. It has a DHCP discovery packet size 590 bytes long. However, DHCP relay servers can only handle DHCP discovery packets up to 576 bytes. If there are DHCP relay servers between your FreshTomato router and your Internet provider's DHCP server, FreshTomato might fail to acquire a DHCP lease on the WAN interface.
+The extra bytes appeared to be entirely padding, and therefore unnecessary.  FreshTomato developers eliminated the padding, reducing udhcpc's DHCP discovery packet size to 331 bytes. This 331 byte size eventually became the default setting. As a result, udhcpc can successfully obtain a DHCP lease from an ISP with DHCP relays. However, some users may not be able to obtain a WAN IP address unless they disable this feature. (Default: Enabled).
@@ Line 152: / Line 158: @@
 **TFTP root path**: Text entered here defines where TFTP root is located in the filesystem.
-**PXE on LANx (brx)**: Enbables PXE (Pre Boot eXecution Environment) on one or more bridges. PXE was designed for diskless clients. A PXE client can obtain an IP address via DHCP and, once obtained, download boot code via a TFTP location. Syslinux is a good example of how these principles/procedures in action.
+**PXE on LANx (brx)**: Enbables PXE (Pre Boot eXecution Environment) on one or more bridges. PXE was designed for diskless clients. A PXE client can obtain an IP address via DHCP and, once obtained, download boot code via a TFTP location. Syslinux is a good example of these principles/procedures in action.

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools