1

I am setting up a Wi-Fi Access Point (AP) using a Raspberry Pi3 powered by dnsmasq at the software layer. The Wi-Fi AP comes up and devices are able to join the network without any problems. However DNS lookups fail, and I have identified the cause to being that dnsmasq fails to pre-empt bind9/named on the wlan0 interface despite the necessary config being in place.

The version of Raspian is: Release 10 (Buster)

Below are the pertinent config files.

dnsmasq.conf

# The Wi-Fi interface configured for static IPv4 addresses
interface=wlan0

# Explicitly specify the address to listen on
listen-address=192.168.1.2

# Bind to the interface to make sure we aren't sending things elsewhere
bind-interfaces

# Forward DNS requests to the Google DNS
server=8.8.8.8

# Don't forward short names
domain-needed

# Never forward addresses in non-routed address spaces
bogus-priv

# Assign IP addresses between 192.168.1.50 and 192.168.1.150 with a 12 hour lease time
dhcp-range=192.168.1.50,192.168.1.150,12h

dhcpcd.conf

hostname

duid

option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate Stable Private IPv6 Addresses instead of hardware based ones
slaac hwaddr

# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
nohook lookup-hostname
nohook wpa_supplicant

denyinterfaces nat*

noipv6rs

interface wpan0
nodhcp
nodhcp6

interface eth0
iaid 1
ipv6rs
ia_na 2
ia_pd 3/::/63 wpan0/1

interface wlan0
iaid 4
ipv6rs
ia_na 5
ia_pd 6/::/63 wpan0/1

denyinterfaces wlan0

Could someone kindly can assist - specifically why the bind-interfaces config in dnsmasq is not having any effect as expected? Bind9 is configured to start after dnsmasq, and has default behaviour of binding on all interfaces... but my expectation is that it should exclude any interfaces that have been exclusively bound by other services.

Here's the link to the sequence of steps I have followed - https://openthread.io/guides/border-router/access-point

Michael-7
  • 1,739
  • 14
  • 17
  • It seems that you are trying to use bind and dnsmasq and bind at the same time. Why do you need both? A quick search turned up this for me, I hope it helps. https://www.wimmeralogic.com/linux-notes/dns-dhcp/dnsmasq-named-bind.html – g_bor Sep 24 '19 at 10:13
  • @g_bor, thanks for responding. I need both so that dnsmasq exclusively services the LAN while bind9/named handles the WAN. I know there are workarounds to have both working, but what I need to understand is why the "bind-interfaces" config in dnsmasq is not having any effect as expected. – Michael-7 Sep 24 '19 at 10:38
  • I believe you should also restrict bind to not try to bind to the interface that should be used by dnsmasq. It seems that there is a race here, but even if it would go the other way around, then it would still not be good, as then bind would fail... – g_bor Sep 24 '19 at 12:09
  • That is what I eventually had to do, but it seems to defeat the purpose of `bind-interfaces` in dnsmasq.conf. Surely, I am missing something - and that's what I am trying to figure out. I believe in clean, clear and self-describing configs hence why this is troubling me. – Michael-7 Sep 24 '19 at 19:10

0 Answers0