1

I have a private network with several OpenWrt routers connecting some local subnets. I use NAT on a couple of the routers to give access to the internet via different providers.

I run a local DNS recursive caching resolver (Unbound) and that serves all my clients on all the local subnets.

Each router handles DHCP for its local subnets and assigns hostnames. But all the subnets are under my-example.com. (So a client of router 1 might be 'client1.router1.my-example.com')

I would like to have all my routers report their DHCP clients to the main DNS-providing router, so that any client on any local subnet can reach any other client by name. (Routing already works; I can reach any from any by IP address.)

It seems like I need something like a private Dynamic DNS setup on my main DNS machine, but I'm not finding a suitable package.

How can I make all my local DHCP client names (from all the subnets under different routers) available to all the other clients in my local network?

Improve this question
5
  • General FYI, you'll likely get a faster answer from the OpenWrt forum
    – JW0914
    Commented Feb 13, 2022 at 5:01
  • dnsmasq (which can be used in OpenWRT) combines DHCP with DNS services (so that's your "private dynamic DNS setup"). So if you have your main DNS router delegate and cache requests to the subnet router, I'd assume it can be made to work.
    – dirkt
    Commented Feb 13, 2022 at 6:38
  • @dirkt dnsmasq is the default DNS/DHCP server in OpenWrt, unless using IPv6, which is handled by odhcpd unless manually configured otherwise.
    – JW0914
    Commented Feb 13, 2022 at 13:50
  • 1
    @JW0914 I know. And?
    – dirkt
    Commented Feb 13, 2022 at 13:56
  • @dirkt The wording in your comment makes it appear as if using dnsmasq is optional - it's the default unless manually configured otherwise.
    – JW0914
    Commented Feb 13, 2022 at 14:06

1 Answer 1

Reset to default
1

You can keep DNS as-is, but configure the central Unbound server to forward requests to the correct nameserver depending on suffix. This can be done using forward-zone or stub-zone blocks. (Both are very similar in operation, but in your case stub-zone is more correct as you're pointing it directly at an authoritative server, while forward-zone expects to be pointed at another recursive resolver.) For example:

stub-zone:
    name: "router1.my-example.com."
    stub-addr: <IPv4 address of router1>
    stub-addr: <IPv6 address of router1>
    stub-first: yes

(In public DNS, you would normally set up subdomain delegations using NS records – this would tell resolvers that e.g. <foo>.router1.my-example.com is handled by a different server.)

Alternatively it would be possible to set up dynamic DNS so that routers directly register records on a central server, but this would likely require switching to entirely different software. On the central server side, you'll probably want to replace Unbound with BIND9 or something else that can host zones and supports the RFC 2136 "DNS update" protocol, and on the routers you'll need a DHCP server that knows how to submit such updates.

I'm not sure if OpenWRT might have additional options, but I suspect that the routers are currently running Dnsmasq, which can do dynamic hostnames because it's all in the same process – the same program handles both DNS and DHCP. But it doesn't know how to submit DNS updates elsewhere. You would need to use Dnsmasq's --dhcp-script to make it run nsupdate with the correct parameters. (ISC DHCP Server supports DDNS and is often paired with BIND, but is no longer maintained.)

Improve this answer
7
  • Could this be configured using dnsmasq's normal config file [/etc/dnsmasq.conf] (OpenWrt uses /etc/config/dhcp as the default DHCP/DNS config since it's used by both dnsmasq and odhcpd - latter handles IPv6 by default - with dnsmasq.conf being processed if content is added to it)? OpenWrt is a full-fledged router OS, with optical fiber being the only thing it doesn't support; however, nuspdate isn't included by default, unless there's a BusyBox equivalent, and must be installed via the package repo in the GUI or by opkg via SSH.
    – JW0914
    Commented Feb 13, 2022 at 14:04
  • Any way to forward to multiple potential resolvers? I'd prefer to have all the clients under my-example.com (whichever router they happen to have connected to, because a client machine might connect to a different router sometimes, etc.). I guess I'm looking for a "union" domain: if a client requests resolution for "foo.my-example.com", then ask router 1, router 2, router 3 ... until someody knows the answer.
    – Dave M.
    Commented Feb 13, 2022 at 19:04
  • Actually, the forward-zone option gets me in the right ballpark for the Unbound configuration. You can specify multiple forward-addr for that (stub-zone too). So perhaps I can forward to the dnsmasq instances on each router, and those (I think) will be authoritative for the DHCP clients they issued addresses to.
    – Dave M.
    Commented Feb 13, 2022 at 19:12
  • No, for a "union" domain you'll really want the second option of setting up a dynamic DNS zone... The problem is, as usual, that a "no such domain" answer is a successful answer as far as the resolver cares – it will not keep trying other forward targets just because the first one gave a NXDOMAIN reply. (Now there's nothing stopping custom code from doing so if it wants, so it's certainly possible for someone to write a "union" DNS resolver, but that's not how existing generic DNS resolvers behave.)
    – grawity_u1686
    Commented Feb 13, 2022 at 20:40
  • Might be easier to write a tweak for Unbound that keeps trying other resolvers in the specific stub-zone case. Otherwise, I'm not sure why you'd have the ability to list multiple resolver addresses? Maybe if an address is simply unreachable or unresponsive, you'd want to try the next one? But a "don't take NXDOMAIN for an answer" option might get me closer to success.
    – Dave M.
    Commented Feb 13, 2022 at 20:46

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .