luci icon indicating copy to clipboard operation
luci copied to clipboard
verified publisher icon openwrt

luci-mod-network: Missing dnsmasq option "listen_address=" in "Network → DHCP and DNS → General settings" section

Open senca23 opened this issue 2 years ago • 16 comments

Steps to reproduce:

"Network → DHCP and DNS → General settings"

  1. go to: "Network → DHCP and DNS → General settings" settings tab
  2. Dnsmasq option "listen_address=" is not configurable via GUI.
  3. Manual configuration via /etc/config/dhcp does work (list listen_address 'XXX.xxx.XXX.xxx'), so the function is present just not present as an option in luci.

image

Expected behavior:

Optional input form in luci to enter "listen_address" list to /etc/config/dhcp via GUI.

Additional Information:

  • Not to be confused with dnsmasq "list address" option. That is a completely different function.

  • It's a list on witch IPs to listen on, so multiple entries should be possible (configured as a "list" not as an "option").

DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='23.05.2'
DISTRIB_REVISION='r23630-842932a63d'
DISTRIB_TARGET='ipq807x/generic'
DISTRIB_ARCH='aarch64_cortex-a53'
DISTRIB_DESCRIPTION='OpenWrt 23.05.2 r23630-842932a63d'
DISTRIB_TAINTS=''

senca23 avatar Mar 03 '24 15:03 senca23

I’ll take a look at this.

systemcrash avatar Mar 03 '24 15:03 systemcrash

I’ll take a look at this.

Thanks

senca23 avatar Mar 03 '24 15:03 senca23

I’ll take a look at this.

It's listen_address and not listen-address... I've made a typo earlier; did an edit now, don't wanna confuse you.

senca23 avatar Mar 03 '24 15:03 senca23

So this might create a bit of a conflict with Listen interfaces which now sits under 'devices' tab in master and 23, where one can limit listening to specific interfaces, and not IPs. That option could be modified to list IPs there also, and provide the listen_address with chosen IPs and/or the interface option with interfaces.

Have you tested the effects of setting both of those options, especially when a chosen IP is not on a chosen interface?

systemcrash avatar Mar 04 '24 14:03 systemcrash

I have tested it and it works in combination with interface option...

The manpage says the following:

-a, --listen-address= Listen on the given IP address(es). Both --interface and --listen-address options may be given, in which case the set of both interfaces and addresses is used. Note that if no --interface option is given, but --listen-address is, dnsmasq will not automatically listen on the loopback interface. To achieve this, its IP address, 127.0.0.1, must be explicitly given as a --listen-address option.

senca23 avatar Mar 04 '24 15:03 senca23

And the especially part I wrote?

systemcrash avatar Mar 04 '24 15:03 systemcrash

In my tests I've used both in combo and only the defined "listen addres" within the "defined interface" gets used. I use it to listen only to a single IP add whithin the defined interface. (usefull for ipv6, etc)

senca23 avatar Mar 04 '24 15:03 senca23

Based on that man page text, the "set" can evaluate to nothing in the "especially" case. In which case more important questions need answering: do we disable dnsmasq entirely if it does not listen.

systemcrash avatar Mar 04 '24 15:03 systemcrash

As far as I can tell its one other the other or both in combo - but in combo use, the IP must be part of the subnet on the specified interface.

I hope its clear now...

senca23 avatar Mar 04 '24 15:03 senca23

Why even use the interface option? If not used the DHCP stops listening on that interface.

senca23 avatar Mar 04 '24 15:03 senca23

Because the option has been there for a long time. Disabling an interface which might have many addresses is more efficient if that’s what is desired.

systemcrash avatar Mar 04 '24 15:03 systemcrash

Because the option has been there for a long time. Disabling an interface which might have many addresses is more efficient if that’s what is desired. Specify an interface for the individual DNSmasq instance (one interface per instance for my needs).

disregard what I've replied earlier. I'm sorry, got my head fo full of different projects I'm starting to loose it. I sat down and re-tested - since my topology recently canged and I reconfigured averything.

The issue I'm facing is the following: I'd like to have a 6 working DNS listener anwsering to DNS request from different interface. The issue is easly solvable via CLI in the following way: Specify an interface for the individual DNSmasq instance (one interface per instance for my needs). Additionally define IP address (IP address from that interface) for DNSmasq stub to listen to (since otherwise DNSmasq will only listen to reqests comming from defined interface.

Lets say 1.1.1.0/24 is LAN, 2.2.2.0/24 is DNS subnet 1.1.1.1 is wrt 2.2.2.1 is wrt and 2.2.2.2 is uplink dns resolver

If I set dnsmasq to listen to LAN IF - DNS from1.1.1.0/24 will be permiterd, requests comming from 2.2.2.0/24 will be rejected.

If I set dnsmasq to listen to LAN and add local address 1.1.1.1 requests comming from 2.2.2.0/24 will get replied. and everything works flawlessly.

senca23 avatar Mar 04 '24 16:03 senca23

so... in short... In order for DNSmasq to reply to querries from foreign subnets "listen_address" has to be set along with the interface option. (if interface is not defined the DHCP stops working).

senca23 avatar Mar 04 '24 16:03 senca23 

listen-address=10.1.66.1
listen-address=2001:15c2:210:2966:xxxXXXxxxXXX
interface=br-lan.66

with this config, DNSmasq will anwsers to querries from IPs residing on other interfaces than br-lan.66 for example from 10.22.22.20/24 or IPv6 balblablablab address connected via on br-lan.111 while dhcp still works normally on br-lan.66.

senca23 avatar Mar 04 '24 18:03 senca23 

listen-address=10.1.66.1
listen-address=2001:15c2:210:2966:xxxXXXxxxXXX
interface=br-lan.66

with this config, DNSmasq will anwsers to querries from IPs residing on other interfaces than br-lan.66 for example from 10.22.22.20/24 or IPv6 balblablablab address connected via on br-lan.111 while dhcp still works normally on br-lan.66.

OK, so this confirms that IPs not also within one and the same interface still listen, as part of the 'set'?

systemcrash avatar Mar 05 '24 15:03 systemcrash 

listen-address=10.1.66.1
listen-address=2001:15c2:210:2966:xxxXXXxxxXXX
interface=br-lan.66

with this config, DNSmasq will anwsers to querries from IPs residing on other interfaces than br-lan.66 for example from 10.22.22.20/24 or IPv6 balblablablab address connected via on br-lan.111 while dhcp still works normally on br-lan.66.

OK, so this confirms that IPs not also within one and the same interface still listen, as part of the 'set'?

Sorry man, can't understand what you are saying.

This is becoming difficult... why not just add the form and who wants it may use it and whoever doesnt just leaves it emtpy. If this is still not clear man, I give up, I don't really care about the luci interface since I configure 95% of everything from CLI... Just wanted to ease the use for others...

listen-address=10.1.66.1
listen-address=2001:15c2:210:2966:xxxXXXxxxXXX
interface=br-lan.66

Listen addreses 10.1.66.1 is local IP for br-lan.66. same goes for ipv6 example.

Man I don't know who decided upon how dnsmasq is configured but this is messy.

If I have "lan" ip 10.0.0.1 and set dnsmasq to listen on lan it will reject foreign querries. If I have "lan" ip 10.0.0.1 and set dnsmasq to listen on lan and add listen-address=10.0.0.1 it will respon to querries from other subnets (after netfilter configuration ofc.)

senca23 avatar Mar 05 '24 16:03 senca23