Differences

This shows you the differences between two versions of the page.

--- advanced-dhcpdns [2024/11/06 00:33] – [DHCP Client (WAN)] -Add intro summary for Reduce Packet Size, condense, formatting hogwild
+++ advanced-dhcpdns [2025/03/29 20:57] (current) – [DHCP Client (WAN)] -Formatting hogwild
@@ Line 1: / Line 1: @@
 ====== DHCP/DNS/TFTP ======
-This menu let you configure advanced settings for the DHCP, DNS and TFTP services for both the LAN and WAN. Most of this functionality is provided by [[https://thekelleys.org.uk/|dnsmasq]].
+Here, you can configure advanced settings for the DHCP, DNS and TFTP services for both LAN and WAN. Most of this functionality is provided by [[https://thekelleys.org.uk/|dnsmasq]].
@@ Line 12: / Line 12: @@
 {{:pasted:20220119-170756.png}}\\  \\
-**Enable DNSSEC support: ** Enables support for DNS Security.
+**Enable DNSSEC support: **enables support for DNS Security.
 DNSSEC secures DNS by authenticating its servers. It prevents DNS hacking and poisoning. If the authoritative DNS server has DNSSEC, enabling it ensures DNS queries are answered by //that//  DNS server, and not an imposter.
@@ Line 20: / Line 20: @@
  \\
-**Use dnscrypt-proxy:  **enables DNSCrypt to encrypt DNS resolution.
+**Use dnscrypt-proxy: **enables DNSCrypt to encrypt DNS resolution.
 When a DNSCrypt-enabled server is chosen, a unique key pair is generated every hour. Queries are then encrypted using this key pair before being sent to the server, usually on TCP port 443. The reply is also encrypted. Checking //Use dnscrypt-proxy// enables the built-in dnscrypt proxy client. Dnscrypt-proxy and Stubby cannot be used at the same time.
@@ Line 30: / Line 30: @@
   * Ephemeral Keys - if checked, a new key pair is generated for each  \\ DNS query. Use this with care, as it's very cpu-intensive, and may\\ slow DNS resolution.
-  * Manual Entry - if enabled, 3 more fields are displayed:
+  * Manual Entry - if enabled, 3 more fields appear:
-    * Resolver Address - the IP address of the dnscrypt-enabled DNS server.
+    * Resolver Address - the IP of the dnscrypt-enabled DNS server.
-    * Provider Name - the name of the DNS provider, for instance FreshTomato.
+    * Provider Name - the DNS provider name, (e.g. "FreshTomato").
-    * Provider Public Key - the public key given by the DNSCRYPT-enabled \\ DNS provider \\ (to generate a key pair)
+    * Provider Public Key - the public key from the DNSCRYPT-enabled \\ DNS provider (to generate a key pair)
-  * Resolver - a dropdown list currently containung about 200 DNS servers.
+  * Resolver - a dropdown list of about 200 DNS servers.
     * Some support DNSSEC.
     * Some don't log queries.
     * Some are filtered.
-  * Priority - should be left at //no-resolv// to prevent DNS leaks. This should  \\ neve be selected if using DNSCRYPT. Also, to prevent leaks, enable \\ //Intercept DNS port//.
+  * Priority - should be left at //no-resolv// to prevent DNS leaks. \\ This should never be selected if DNSCRYPT is enabled. \\ To prevent leaks, enable //Intercept DNS port//.
-  * Local Port - the port on which dnscrypt-proxy communicates with \\ FreshTomato DNS. \\ Leave at 40 unless you're an advanced user. Don't set it to 53, it could create a loop.
+  * Local Port - the port on which dnscrypt-proxy speaks with \\ FreshTomato DNS. Leave this at 40 unless you're advanced. \\ Don't set it to 53, it could create a loop.
  \\   \\ To help choose a DNSCrypt DNS provider, import the file /etc/dnscrypt-resolvers.csv in a spreadsheet. Once chosen, \\ the server's IP address, provider name, and public key can be taken from that file.
@@ Line 60: / Line 60: @@
  \\
-**Upstream resolvers:** here, choose the upstream servers responsible for performing name resolution.
+**Upstream resolvers:** selects the upstream servers responsible for performing name resolution.
  \\
@@ Line 88: / Line 88: @@
 **WINS (for DHCP):** the IP address of a WINS Server to give to DHCP clients.
-This doesn't enable WINS. WINS is enabled in the [[:nas-samba|File Sharing]] menu.
+This doesn't enable WINS. WINS is enabled in the [[:nas-samba|File Sharing]] menu. WINS is an old name resolution service to map NetBIOS names to IP addresses. It's mostly obsolete. DNS was supposed to replace WINS. However, WINS may still be necessary for some LAN browsing functions on old Windows versions.
-Windows Internet Name Service is an old name resolution service to map NetBIOS names to IP addresses. It's mostly obsolete. DNS was supposed to replace WINS. However, WINS may still be necessary for some LAN browsing functions on old Windows versions.
  \\
@@ Line 113: / Line 111: @@
 {{:pasted:20220119-171212.png}}\\  \\
-**Use internal DNS:** Uses dnsmasq as the LAN DNS server.
+**Use internal DNS:** causes dnsmasq to be used as the LAN DNS server.
 DHCP clients receive the router's LAN IP as the DNS server address. (Default: Enabled).
@@ Line 123: / Line 121: @@
  \\
-**Use received DNS with user-entered DNS: **adds DNS servers from the DHCP Server on the WAN to the manual DNS server list.
+**Use received DNS with user-entered DNS: **adds DNS servers from the WAN's DHCP Server to the manual DNS server list.
 See the [[basic-network|Network]] menu for details. (Default: Disabled).
@@ Line 147: / Line 145: @@
  \\
-**Generate a name for DHCP clients which do not otherwise have one**: if a hostname in Device List isn't reported, FreshTomato generates a name for it, based on its MAC address.
+**Generate a name for DHCP clients which do not otherwise have one**: if FreshTomato can't find a hostname for a client's DHCP/MAC combination, it generates one for display, based on its MAC address.
  \\
@@ Line 161: / Line 159: @@
  \\
-**Maximum active DHCP leases:** sets the maximum allowed active DHCP leases at one time.
+**Maximum active DHCP leases:** sets the maximum number of active DHCP leases at one time.
 (Default: 255).
@@ Line 181: / Line 179: @@
 **Announce IPv6 on LAN (SLAAC): **enables router advertisements for IPv6 //(SLAAC)//  protocol.
-This protocol lets hosts self-configure an IPv6 address with minimal server contact.
+SLAAC lets hosts self-configure an IPv6 address with minimal server contact.
  \\
@@ Line 219: / Line 217: @@
 **Prevent client auto DoH**:  enabling this prevents DoH communication.
-Modern browsers have DNS Over HTTP(s). With DoH enabled, a browser can bypass the network's DNS server. Enabling this option helps Adblock-DNS Filtering work, since it relies on unencrypted DNS resolution.
+Modern browsers have DNS Over HTTP(s). With DoH enabled, a browser can bypass the network's DNS server. Enabling this option helps Adblock-DNS Filtering work properly, since it relies on unencrypted DNS resolution.
  \\
-**Enable DNS Rebind protection:**  Helps prevent DNS Rebind DNS resolution attcks.
+**Enable DNS Rebind protection:**  helps prevent DNS Rebind DNS resolution attcks.
 Using this may have side effects. (Default: Enabled).
@@ Line 237: / Line 235: @@
 **Enable multicast DNS:**  checking this enables an implementation of Avahi mDNS.
-Avahi lets programs publish/discover services and hosts running on a LAN. This zero-configuration service includes multicast service discovery via the mDNS/DNS-SD protocol suite. "Bonjour" (Mac OS X) and "Zeroconf" technologies are Avahi-compatible.
+Avahi lets programs publish/discover services and hosts running on a LAN. Its zero-configuration service includes multicast service discovery via mDNS/DNS-SD. "Bonjour" (Mac OS X) and "Zeroconf" technologies are Avahi-compatible.
  \\
-**Enable reflector** FIXME
+**Enable reflector:** enables the Avahi mDNS repeater mode.
+This makes Avahi re-transmit / re-multicast queries and responses via multiple interfaces. This allows the router to bridge multicast DNS networks.
+For details, see this tutorial: [[https://www.linksysinfo.org/index.php?threads/avahi-tutorial-configuring-a-reflector-aka-mdns-repeater.75706/|Tomato Forum: avahi tutorial configuring a reflector aka mdns repeater]]
  \\
-**Custom configuration: ** here,** **add custom options to the dnsmasq configuration file.
+**Custom configuration: ** here, you can add custom options to the dnsmasq configuration.
 ===== TFTP Server =====
-**Enable TFTP**: Enabling this starts dnsmasq's TFTP server with the "--tftp-no-fail" options enabled by default. This prevents dnsmasq issues, for example, if TFTP root becomes unavailable.
+**Enable TFTP**: starts dnsmasq's TFTP server with the "--tftp-no-fail" option enabled by default.
+This prevents dnsmasq issues, for example, if TFTP root becomes unavailable.
  \\
-**TFTP root path**: Text entered here defines where TFTP root is located in the filesystem.
+**TFTP root path**: text here defines where TFTP root is located in the filesystem.
  \\
-**PXE on LANx (brx)**: Enbables Pre Boot eXecution Environment on the bridge(s). PXE was designed for diskless clients. A PXE client can obtain an IP address via DHCP, then download boot code via a TFTP source. Syslinux is an example of this.
+**PXE on LANx (brx)**: enables Pre Boot eXecution Environment on the bridge(s).
+PXE was designed for diskless clients. A PXE client can obtain an IP address via DHCP, then download boot code via a TFTP source. Syslinux is an example of this.
 ===== DHCP/DNS/TFTP Notes =====
-  * Do not use results from Cloudflare's site: [[https://1.1.1.1/help|https://1.1.1.1/help]]. That webpage is likely to provide invalid results. Instead, use: [[https://rootcanary.org/test.html|https://rootcanary.org/test.html]]
+Do not use results from Cloudflare's site: [[https://1.1.1.1/help|https://1.1.1.1/help]]. That webpage is likely to provide invalid results.  \\ Instead, use: [[https://rootcanary.org/test.html|https://rootcanary.org/test.html]] \\  \\ DNSSEC and DNSCrypt / Stubby complement each other.
-  * DNSSEC and DNSCrypt / Stubby complement each other.
+  * DNSSEC provides authentication.
-    * DNSSEC provides authentication.
+  * DNSCrypt provides encryption.
-    * DNSCrypt provides encryption.

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools