FreshTomato Wiki

User Tools

Site Tools

Trace: ip_script ipt-realtime one_off_reboot bwm-monthly status-devices admin-sched monitor_connections dns_flag_day_2020 bwm-daily connectivity_watchdog
advanced-dhcpdns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
advanced-dhcpdns [2024/11/27 00:23] – [DHCP Client (WAN)] -Formatting, condense hogwildadvanced-dhcpdns [2025/03/29 20:57] (current) – [DHCP Client (WAN)] -Formatting hogwild
Line 1: Line 1:
 ====== DHCP/DNS/TFTP ====== ====== DHCP/DNS/TFTP ======
  
-This menu let you configure advanced settings for the DHCP, DNS and TFTP services for both the LAN and WAN. Most of this functionality is provided by [[https://thekelleys.org.uk/|dnsmasq]].+Here, you can configure advanced settings for the DHCP, DNS and TFTP services for both LAN and WAN. Most of this functionality is provided by [[https://thekelleys.org.uk/|dnsmasq]].
  
  
Line 30: Line 30:
   * Ephemeral Keys - if checked, a new key pair is generated for each  \\ DNS query. Use this with care, as it's very cpu-intensive, and may\\ slow DNS resolution.   * Ephemeral Keys - if checked, a new key pair is generated for each  \\ DNS query. Use this with care, as it's very cpu-intensive, and may\\ slow DNS resolution.
  
-  * Manual Entry - if enabled, 3 more fields are displayed:  +  * Manual Entry - if enabled, 3 more fields appear:  
-    * Resolver Address - the IP address of the dnscrypt-enabled DNS server. +    * Resolver Address - the IP of the dnscrypt-enabled DNS server. 
-    * Provider Name - the name of the DNS provider, for instance FreshTomato. +    * Provider Name - the DNS provider name(e.g. "FreshTomato")
-    * Provider Public Key - the public key given by the DNSCRYPT-enabled \\ DNS provider \\ (to generate a key pair)+    * Provider Public Key - the public key from the DNSCRYPT-enabled \\ DNS provider (to generate a key pair)
  
-  * Resolver - a dropdown list currently containung about 200 DNS servers.+  * Resolver - a dropdown list of about 200 DNS servers.
     * Some support DNSSEC.      * Some support DNSSEC. 
     * Some don't log queries.      * Some don't log queries. 
     * Some are filtered.     * Some are filtered.
  
-  * Priority - should be left at //no-resolv// to prevent DNS leaks. This should  \\ neve be selected if using DNSCRYPT. Also, to prevent leaks, enable \\ //Intercept DNS port//.+  * Priority - should be left at //no-resolv// to prevent DNS leaks. \\ This should never be selected if DNSCRYPT is enabled\\ To prevent leaks, enable //Intercept DNS port//.
  
-  * Local Port - the port on which dnscrypt-proxy communicates with \\ FreshTomato DNS. \\ Leave at 40 unless you're an advanced user. Don't set it to 53, it could create a loop.+  * Local Port - the port on which dnscrypt-proxy speaks with \\ FreshTomato DNS. Leave this at 40 unless you're advanced. \\ Don't set it to 53, it could create a loop.
  
  \\   \\ To help choose a DNSCrypt DNS provider, import the file /etc/dnscrypt-resolvers.csv in a spreadsheet. Once chosen, \\ the server's IP address, provider name, and public key can be taken from that file.  \\   \\ To help choose a DNSCrypt DNS provider, import the file /etc/dnscrypt-resolvers.csv in a spreadsheet. Once chosen, \\ the server's IP address, provider name, and public key can be taken from that file.
Line 111: Line 111:
 {{:pasted:20220119-171212.png}}\\  \\ {{:pasted:20220119-171212.png}}\\  \\
  
-**Use internal DNS:** Uses dnsmasq as the LAN DNS server.+**Use internal DNS:** causes dnsmasq to be used as the LAN DNS server.
  
 DHCP clients receive the router's LAN IP as the DNS server address. (Default: Enabled). DHCP clients receive the router's LAN IP as the DNS server address. (Default: Enabled).
Line 145: Line 145:
  \\  \\
  
-**Generate a name for DHCP clients which do not otherwise have one**: if FreshTomato can't find a hostname for a client's DHCP/MAC combination, it will generate one for display, based on its MAC address.+**Generate a name for DHCP clients which do not otherwise have one**: if FreshTomato can't find a hostname for a client's DHCP/MAC combination, it generates one for display, based on its MAC address.
  
  \\  \\
Line 221: Line 221:
  \\  \\
  
-**Enable DNS Rebind protection:**  Helps prevent DNS Rebind DNS resolution attcks.+**Enable DNS Rebind protection:**  helps prevent DNS Rebind DNS resolution attcks.
  
 Using this may have side effects. (Default: Enabled). Using this may have side effects. (Default: Enabled).
Line 269: Line 269:
 ===== DHCP/DNS/TFTP Notes ===== ===== DHCP/DNS/TFTP Notes =====
  
-  * Do not use results from Cloudflare's site: [[https://1.1.1.1/help|https://1.1.1.1/help]]. That webpage is likely to provide invalid results. Instead, use: [[https://rootcanary.org/test.html|https://rootcanary.org/test.html]] \\  \\  +Do not use results from Cloudflare's site: [[https://1.1.1.1/help|https://1.1.1.1/help]]. That webpage is likely to provide invalid results.  \\ Instead, use: [[https://rootcanary.org/test.html|https://rootcanary.org/test.html]] \\  \\ DNSSEC and DNSCrypt / Stubby complement each other. 
-  * DNSSEC and DNSCrypt / Stubby complement each other.  + 
-    * DNSSEC provides authentication. +  * DNSSEC provides authentication. 
-    * DNSCrypt provides encryption.+  * DNSCrypt provides encryption.
  
  
advanced-dhcpdns.1732667005.txt.gz · Last modified: 2024/11/27 00:23 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki