Services

Does monowall support named or something comparable? That is, can it act independently as a simple static dns server? DNS is very closely related to other functionality that monowall performs.

Thanks,

Greg Shenaut

No, other than the limited functionality the overrides gives you. dnsmasq, the caching DNS resolver m0n0wall uses, isn't capable of being a full-fledged DNS server.

It appears that dnsmasq will supply dns info from the local /etc/host file. How does this connect to the dns overrides supported by monowall? I ask, because in my lab's network, I've been using h2n to construct the bind database under freebsd. It may be that dnsmasq could be an adequate name server for my purposes.

Has anyone used dnsmasq & monowall as a stand-alone dns server?

Use the overrides on the DNS server page.

Though I'm just saying this from memory, don't have a m0n0wall handy right now. I'm pretty sure that's where it is.

In looking over the dnsmasq documentation, it appears that there are two separate mechanisms, one aimed at doing DNS overrides (command line -A option) and the other aimed at providing basic DNS service for a LAN, which is exactly what I want to do. This second mechanism is based on providing IP addresses for all of the addresses in the server's /etc/hosts file (with some variations possible, such as multiple hosts files). In addition, an MX record can be specified as well for the case, such as mine, where there is a single mail server for the domain.

I can't seem to find a way to upload or otherwise specify a local /etc/hosts file in monowall. Is there a way to do that, or will I need to make a custom version with my hosts file in it? In my hosts file, I've supplied names for all 256 of the addresses in a class C network, although I don't use them all. It would be pretty cool if there were a way to upload this into monowall, even as a secondary hosts file (dnsmasq supports multiple hosts files).

Greg Shenaut

mono has /etc/hosts. Try exec.php to upload a file to /tmp then mv it to where you want it. I've had mixed results with this trick, and as it says on the page itself, use at your own risk.

db

I've been doing a little experimentation using exec.php and here are some preliminary conclusions.

First, it appears that uploading a custom /etc/hosts would be a mistake, because that file is overwritten when changes are made in dnsmasq's configuration, e.g., by adding overrides.

Second, it appears that the overrides are not implemented using dnsmasq's override capability, but rather by adding the hosts to /etc/hosts !

So what I'm currently thinking about is writing a simple script to translate a hosts file into xml format, and patching the config...xml file with the result. The format is simple.

The entire thing is inside <dnsmasq><hosts>...</hosts></dnsmasq> tags, and each entry has four tags: <host>...</host>, <domain>...</domain>, <ip>...</ip>, and <descr>...</descr>, just like the php override-edit page. The result of doing this with a large /etc/hosts file would be a much larger config...xml file, but it is a method that lives more or less completely within the standard interface, in fact, you could hand-enter the hosts info as overrides and you should end up with exactly the same result.

I'm continuing to look into this, though, because there are some other useful features of dnsmasq that are not being exploited by monowall.

Greg Shenaut

I spent a little more time fiddling around, and I think I found a pretty reasonable way to set up monowall as a small but functional independent dns server.

First, you need to set up a standard hosts file with all of the names you want your monowall to serve. Second, you need to set up a dnsmasq.conf file containing the options you need, including things like mx options and so on. The one critical option line is "addn-hosts=/usr/local/etc/hosts". Use exec.php to copy both hosts and dnsmasq.conf into /tmp on the monowall.

Next, you need to store them in on the disk. I'm using a compact flash on a soekris 4801, btw, so ymmd. First, still in exec.php, find out which disk has the permanent monowall image on it, in my case, /cf, mounted on /dev/ad0a. Next, enable writing on that disk, e.g., mount -uw /dev/ad0a. Then create the local.etc directory: mkdir /cf/etc. Copy the two files into it: cp /tmp/hosts /tmp/dnsmasq.conf /cf/etc. Make them universally readable: chmod +r /cf/etc/*. Now you can disable writes on the cf: mount -ur /dev/ad0a.

Now you need to use the backup php page to snag the current config...xml onto your local machine. Insert these two lines right after the end of the <webgui>...</webgui> block:

Code:

        <earlyshellcmd>/bin/mkdir -p /usr/local/etc</earlyshellcmd>
        <earlyshellcmd>/bin/cp /cf/etc/* /usr/local/etc</earlyshellcmd>

This will install the two files into the memory filesystem before dnsmasq is started.

Use the restore php command to load the config...xml file into the monowall, and reboot. At this point, dnsmasq should be using the options you specified in the .conf file, and should be supplying dns information for all the names in the host file you uploaded.

Greg Shenaut