6 Dec
2015
6 Dec
'15
3:32 a.m.
This is not strictly Libre-Mesh related but more an OpenWRT related
problem, I'm sharing this because I think it can be a common problem.
I got this problem connecting a the WAN port of a device running
Libre-Mesh to a network where the dns server was used also for private
addresses of the local network (using a custom TLD [1]).
So when a wireless or cabled client connects to this LiMe node it
receives as DNS server the address of the LiMe node which runs dnsmasq
as dns server.
This server in Libre-Mesh is by default configured for ask to 8.8.8.8
which is a DNS server run by Google which clearly ignores the local
sites names which exists just on the local DNS server.
I supposed that manually adding the line
list resolvers '172.31.16.4' (the IP of the local DNS server)
under the
config lime 'network'
section of the /etc/config/lime file should solve the problem.
Indeed it didn't work and I finally got that was a protection against
some kind of attack [2]:
dnsmasq: possible DNS-rebind attack detected: etherpad.calafou
This protection avoids to accept a private IP [3] as an answer for a
request which is expected to have a public IP.
So I had to add the
list rebind_domain '/calafou/' (where .calafou was the local TLD)
option [4] under the
config dnsmasq
section of the /etc/config/dhcp file.
In your opinion, isn't better to leave empty the DNS field in the
default configuration so that LiMe is going to use the one suggested by
the DHCP server instead of fixing 8.8.8.8?
Ciao!
Ilario
PS notice that if in /etc/config/lime you configure just one entry for
the "list resolvers" this replaces the whole list of resolvers in
/etc/config/lime-defaults, so also the IPv6 resolver.
[1] https://en.wikipedia.org/wiki/Top-level_domain
[2] https://en.wikipedia.org/wiki/DNS_rebinding
[3]
https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces
[4] https://wiki.openwrt.org/doc/uci/dhcp#all_options
--
Ilario Gelmetti
iochesonome(a)gmail.com
igelmetti(a)iciq.es
ilario.gelmetti(a)estudiants.urv.cat