Sadly my Brume (GL-MV1000/GL-MV1000W) was EOL on November 2nd, 2022 and ended support on November 1st, 2024.
Following this my AdGuard module stop working and instead of troubleshooting that issue I opt to setup BIND DNS server instead. Here are the steps
- First, modify dnsmasq to not handle DNS:
# Edit dnsmasq configuration
vi /etc/config/dhcp
# DISABLE DNS
# Modify dnsmasq section to disable DNS handling but keep DHCP
config dnsmasq
option domainneeded '0'
option boguspriv '0'
option filterwin2k '0'
option localise_queries '0'
option port '0' # This disables DNS
option dhcpleasemax '100'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
- Install and configure BIND
# Install BIND
opkg update
opkg install bind-server bind-tools bind-libs
# Create BIND configuration
mkdir -p /etc/bind
# Create named.conf
cat > /etc/bind/named.conf << 'EOF'
options {
directory "/etc/bind";
listen-on port 53 { any; };
allow-query { any; };
listen-on-v6 { none; }; // Disable IPv6
recursion yes;
allow-recursion { any; };
forwarders {
10.0.0.1
8.8.8.8;
1.1.1.1;
};
};
zone "lab.armand.nz" {
type master;
file "/etc/bind/lab.armand.nz.zone";
};
EOF
# Create zone file
cat > /etc/bind/lab.armand.nz.zone << 'EOF'
$TTL 86400
@ IN SOA lab.armand.nz. admin.lab.armand.nz. (
2024122001 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
@ IN NS ns1.lab.armand.nz.
ns1 IN A 172.16.222.1
; Add your records below
k8s3 IN A 172.16.222.193
EOF
- Configure forwarding for unmatched domains:
# Add to named.conf in the options section
cat >> /etc/bind/named.conf << 'EOF'
zone "." {
type forward;
forwarders {
8.8.8.8;
1.1.1.1;
};
forward only;
};
EOF
- Check BIND configuration
named-checkconf /etc/bind/named.conf
named-checkzone lab.armand.nz /etc/bind/lab.armand.nz.zone
- Restart services:
# Restart dnsmasq with new config
/etc/init.d/dnsmasq restart
# Start BIND
/etc/init.d/named enable
/etc/init.d/named start
- Enable BIND service for auto-start
/etc/init.d/dnsmasq restart
# Enable BIND service
/etc/init.d/named enable
# Verify it's enabled
ls -l /etc/rc.d/ | grep named
- Check BIND status
ps | grep named
- Check if
bindis listening on port 53
netstat -tuln | grep :53
udp 0 0 10.1.1.1:53 0.0.0.0:*
udp 0 0 10.1.1.1:53 0.0.0.0:*
udp 0 0 10.8.0.1:53 0.0.0.0:*
udp 0 0 10.8.0.1:53 0.0.0.0:*
udp 0 0 172.16.222.1:53 0.0.0.0:*
udp 0 0 172.16.222.1:53 0.0.0.0:*
udp 0 0 10.0.0.59:53 0.0.0.0:*
udp 0 0 10.0.0.59:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 ::1:53 :::*
udp 0 0 ::1:53 :::*
udp 0 0 fe80::9683:c4ff:fe03:b311:53 :::*
udp 0 0 fe80::9683:c4ff:fe03:b311:53 :::*
- Test from the router and a external dns client
# Test local resolution
nslookup dns.lab.armand.nz 127.0.0.1
# Test from external machine resolution
nslookup k8s3.lab.armand.nz 172.16.222.1
Troubleshooting
- Check zone file permissions
chown -R bind:bind /etc/bind
chmod 755 /etc/bind
chmod 644 /etc/bind/named.conf
chmod 644 /etc/bind/lab.armand.nz.zone
- Check BIND configuration
named-checkconf /etc/bind/named.conf
named-checkzone lab.armand.nz /etc/bind/lab.armand.nz.zone
- Check BIND logs for errors
logread | grep named