Site Tools


dhcp_dns

This is an old revision of the document!


DHCP/DNS

The Advanced / DHCP/DNS page allows you to configure advanced settings for the DHCP and DNS services for the LAN and WAN. Most of this functionality is provided by FreshTomato's dnsmasq(uerade) module.

DHCP / DNS Server (LAN)

Use internal DNS: Makes dnsmasq(uerade) act as the DNS server on your LAN. DHCP clients will receive FreshTomato's IP address as the DNS server. (Default: Enabled).

Debug mode: Checking this makes FreshTomato write detailed information the log file.

Use received DNS with user-entered DNS: Add DNS servers received from DHCP on your WAN connection to the static (manual) DNS server list.

See Basic/Network for more information. (Default: Disabled).

Prevent DNS-rebind attacks: Enable DNS rebinding protection in dnsmasq. (Default: Enabled).

Intercept DNS port: Any DNS requests/packets sent out on UDP/TCP port 53 are redirected to the internal DNS server. Currently, only IPv4 DNS requests are intercepted. (Default: Disabled).

Use user-entered gateway if WAN is disabled: DHCP will assign the router's IP address as the default gateway on the LAN. (Default:Disabled)



Ignore DHCP requests from unknown devices: dnsmasq will ignore DHCP requests from MAC addresses not listed on the Static DHCP/ARP/IPT page. These clients won't be able to obtain an IP address through DHCP. Note that this setting is also available on the Static DHCP/ARP/IPT page. (Default: Disabled).

Maximum active DHCP leases: Maximum allowable active DHCP leases at one time. (Default: 255).

Static lease time: The absolute maximum valid time for any DHCP lease.

  • Same as Normal Lease Time: The Static lease time is the same as the normal lease time (1440 minutes).
  • Infinite: The Static lease time is infinity.
  • Custom: This allows you to enter a custom Static DHCP lease time.
    (Default: Same as Normal Lease Time).

Announce IPv6 on LAN (SLAAC): Enabling this turns on router advertisements for IPv6 Stateless Address Autoconfiguration (SLAAC) protocol. This allows hosts to self-configure an IP address with minimal contact with a server. The client sends out an RS (router solicitation) ICMP packet. The nearest router responds with a RA (router advertisement) packet. The client uses the IPv6 prefix provided in the RA packet as the first 64 bits of its address. It then derives the last 64 bits of its address using the EUI-64 process or a randomizatiion algorithm.

Announce IPv6 on LAN (DHCP): Enabling this makes FreshTomato turn on router advertisements using IPv6 DHCP.

DHCP IPv6 lease time: The number entered here sets the default lease time for IPv6 DHCP leases.

Mute dhcpv4 logging: Enabling this stops FreshTomato from logging IPv4 dhcp activity. (Default: Disabled).

Mute dhcpv6 logging: Enabling this stops FreshTomato from logging IPv6 dhcp activity. (Default: Disabled).

Mute RA logging: This prevents logging of Router Advertisement activity.

Custom configuration: This features allows you to add extra (custom) options to the dnsmasq configuration file.

DHCP Client (WAN)

The DHCP Client (WAN) section includes a dhcpc (dhcp client) options field.

Use Stubby (DNS-over-TLS): This enhances DNS privacy. Checking this box enables Stubby, a DNS Stub resolver. DNS over TLS sends DNS queries over a secure connection, encrypted with TLS, the same technology that encrypts secure Web traffic. This prevents third parties from seeing your DNS queries.

WINS (for DHCP): Here, you can specify the IP adddress of a WINS Server which will be given to DHCP clients. NOTE: This does NOT actually enable the WINS service. FreshTomato's WINS Server function is enabled on the USB and NAS/File Sharing menu.

Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses. Officially, WINS is outdated and largely obsolete. DNS is supposed to have replaced most WINS functionality. However, Microsoft has not officially deprecated WINS. It may still be necessary for some Windows LAN browsing functions, especially on very old Windows versions.

More details about WINS can be found here:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc784707(v=ws.10)

DNSSEC NOTE: Do not use results from: https://1.1.1.1/help .

That webpage is likely to provide wrong results.

Instead, use: https://rootcanary.org/test.html

dhcpc options: In this field you can enter custom configuration settings for the dhcp client.

Reduce Packet Size: udhcpc (the DHCP client FreshTomato uses to obtain a WAN IP address) has a problem. It has a DHCP discovery packet size 590 bytes long. However, DHCP relay servers can only handle DHCP discovery packets up to 576 bytes. If there are DHCP relay servers between your FreshTomato router and your Internet provider's DHCP server, FreshTomato might fail to acquire a DHCP lease on the WAN interface.

The extra bytes appeared to be entirely padding, and not necessary. FreshTomato developers eliminated the padding, which reduced udhcpc's DHCP discovery packet size to only 331 bytes. This 331 byte size eventually became FreshTomato's default setting. This way, udhcpc can succesfully obtain a DHCP lease from a provider which might have DHCP relays. It may be possible that some users may not be able to obtain a WAN IP address unless they disable this feature, however. (Default: Enabled).

dhcp_dns.1628140920.txt.gz · Last modified: 2021/08/05 06:22 by hogwild