Sadly my Brume (GL-MV1000/GL-MV1000W) was EOL on November 2nd, 2022 and ended support on November 1st, 2024.
Following this my AdGuard module stop working and instead of troubleshooting that issue I opt to setup dnsmasq DNS server instead. Here are the steps
- Configure
dnsmasq(/etc/config/dhcp)
# Edit dnsmasq configuration
vi /etc/config/dhcp
# Add this configuration:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option domain 'local'
option expandhosts '1'
option authoritative '1'
# Listen on all interfaces
option local '0'
# Configure DNS port
option port '53'
# In /etc/config/dhcp under 'config dhcp lan':
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
# Set router as primary DNS
option dns '172.16.222.1'
option domain 'lab.armand.nz'
- Merging my existing configuration looked like this:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_localhost '1'
option domain 'lab.armand.nz'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '0'
option rebind_protection '0'
option interface '*'
option filterwin2k '0'
option nonegcache '0'
option queryport '0'
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option force '1'
option dhcpv6 'disabled'
option ra 'disabled'
option start '5'
option limit '45'
option dns '172.16.222.1'
option domain 'lab.armand.nz'
# etc...
- Edit the firewall configuration
vi /etc/config/firewall
# vi /etc/config/firewall
# Add these rules:
config rule
option name 'Allow-DNS-TCP'
option src 'lan'
option proto 'tcp'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Allow-DNS-UDP'
option src 'lan'
option proto 'udp'
option dest_port '53'
option target 'ACCEPT'
- Restart firewall
/etc/init.d/firewall restart
- Make sure there is no configuration for a non-standard port in the
dnsmasqconfig
# /etc/dnsmasq.conf
# e.g. i had to remove/comment out a older config i had listening on 5300
#echo "port=5300"
- Add DNS records
# Edit hosts file
vi /etc/hosts
# Add your DNS entries (examples):
172.16.222.2 dns.lab.armand.nz
172.16.222.2 nfs.lab.armand.nz
172.16.222.190 k8s0.lab.armand.nz
172.16.222.191 k8s1.lab.armand.nz
172.16.222.192 k8s2.lab.armand.nz
172.16.222.193 k8s3.lab.armand.nz
172.16.222.194 k8s4.lab.armand.nz
- Restart services
/etc/init.d/dnsmasq restart
/etc/init.d/network restart
- Check if
dnsmasqis listening on port 53
netstat -tuln | grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.59:53 0.0.0.0:* LISTEN
tcp 0 0 10.8.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 10.1.1.1:53 0.0.0.0:* LISTEN
tcp 0 0 172.16.222.1:53 0.0.0.0:* LISTEN
tcp 0 0 ::1:53 :::* LISTEN
tcp 0 0 fe80::9683:c4ff:fe03:b311:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 10.0.0.59:53 0.0.0.0:*
udp 0 0 10.8.0.1:53 0.0.0.0:*
udp 0 0 10.1.1.1:53 0.0.0.0:*
udp 0 0 172.16.222.1:53 0.0.0.0:*
udp 0 0 ::1:53 :::*
udp 0 0 fe80::9683:c4ff:fe03:b311:53 :::*
- Check dnsmasq logs:
logread | grep dnsmasq
- Test from the router and a external dns client
# Test local resolution
nslookup dns.lab.armand.nz 127.0.0.1
# Test from external machine resolution
nslookup k8s3.lab.armand.nz 172.16.222.1