NOTE: I no longer use DD-WRT and am unable to answer any questions about it.
I’ve been slowly feeding you information on how to get the most out of the open-source DD-WRT router firmware.
In this article I’ll show you how to setup DD-WRT to act as a local name server on your home network and as a forwarder for external requests. This will let you lookup names on your internal network (like xbox360, bluray, printer, etc) and continue to lookup names for external sites (like http://www.bing.com, http://www.opendns.com, http://www.apple.com, etc).
Before you begin you should have already enabled JFFS. I showed you how here: Enable JFFS on DD-WRT
Enable DNS and DHCP
First you need to enable Local DNS and DHCP. This turns on DNSMasq (built into DD-WRT) to do local network name resolution and distribute IP addresses via DHCP. Pooled addresses get used and released via timed leases (devices using a pooled address may not always get the same IP address). Static Addresses entered in the DHCP options are respected by DNSMasq and issued to the devices when they connect and request an IP address (devices using static addresses always get the same IP address). Use a static address for devices that will never need to change, like your printer or a desktop computer.
- Open a browser and point it to your router running DD-WRT. Authenticate with the admin ID and password when needed.
- Go to the “Setup > Basic Setup” tab.
- In the “Network Setup > Router IP” section, enter the following details:
Local DNS = 0.0.0.0
- In the “Setup > Basic” tab, in the “Network Address Server Settings (DHCP)” section, set the following options:
DHCP Type = DHCP Server DHCP Server = Enable Start IP Address = Whatever you want Maximum DHCP Users = However big a pool you want. Do not overrun subnet! Client Lease Time = 1440 Static DNS Addresses: 192.168.64.1, 22.214.171.124, 126.96.36.199 WINS = 0.0.0.0 Use DNSMasq for DHCP = Enable Use DNSMasq for DNS = Enable DHCP Authoritative = Enable
Note: The Static DNS Addresses will be different for your network. In this case I have set the address of the router itself (192.168.64.1) – fill in your routers address here (not the WAN one), and two OpenDNS name servers (188.8.131.52 and 184.108.40.206). I’ll talk about OpenDNS in another post, but what these do is filter websites based on my custom criteria (*.220.220). In the event that server does not respond in a timely manner, the request then goes to a more restrictive pre-configured filter supplied by OpenDNS FamilyShield (*.222.123). The filtering effectively blocks access to sites deemed inappropriate.
- In the “Services Management > DHCP Server” section, set the following options. In this example I use “home.net” as the home network identifier. You can replace “home” with whatever your like. You can replace “.net” with a few different choices. Home networks are most closely categorized into “.net” or “.info”. If you are not registering a domain name to point to your WAN IP address, you can use whatever you want including “.com” or “.mil”. You can, but don’t – home networks are not commercial or military. Further, don’t use “.example”, “.test”, “.invalid”, or “.localhost” – these are reserved. See the following link for a list you can choose from: top level domains.
Used Domain: LAN & WLAN LAN Domain: home Add any static leases you want or need.
- In the “Services Management > DNSMasq” section, set the following options:
DNSMasq = Enable Local DNS = Enable
- There is a field for “Addition DNSMasq Options” in the DNSMasq section. Set it as follows:
local=/home/ expand-hosts domain-needed bogus-priv addn-hosts=/jffs/etc/hosts.home strict-order
You may find these options useful as well:
no-poll : (may be useful to reduce system load on non embedded as well)
no-hosts : (we’re not going to read from any system generated hosts file on a ram disk) (for this configuration DO NOT set this!)
- Click “Apply Settings”, then “Save”.
Create Static Hosts File
Now you need to create a hosts file that will be persistent across reboots for those devices which are you want using static IP addresses (like printers, routers, etc).
- ssh into the router and login as root.
- Change directory to jffs/etc: “cd /jffs/etc”
- Create and edit the file “hosts.home” using vi (vi hosts.home).
- Add the entries and save the file (with “ESC Z Z” or “:w!:q!”. Entry formats are “xxx.xxx.xxx.xxx name” where xxx.xxx.xxx.xxx is the IP address you want to reserve and name is the device name you want referenced as. Multiple names can be given, just enter them all on the same line separated by a space (xxx.xxx.xxx.xxx name1 name2 etc).
Reboot the router by going to the “Administration > Management” tab in the browser interface. Scroll to the bottom and click the “Reboot Router” button.
If all goes well, you should be able to lookup names on your network like “xbox360” or “xbox360.home” and get a result, as well as normal internet name resolution for external sites like “www.apple.com”.
If you can not resolve local names, you may need to release and re-acquire the IP and DNS information on the host your trying to resolve from. The easiest way is to just reboot it as well.
Note: Netflix on iOS devices causes DNSMasq to think a DNS rebind attack is occurring and by default an option in DNSMasq is forcibly set that you can not override in the GUI. A special workaround is needed to remove that option when DNSMasq starts. I showed you how to fix rebind here: Fixing DNS Rebind on DD-WRT
Really great stuff — thank you!!
Thanks for the writeup. FYI, my firmware version has a GUI option for “No DNS Rebind”. Firmware: DD-WRT v24SP2-MULTI (07/15/12) std (on Buffalo WZR-HP-G300NH)
If i enable “Local DNS” near DNSMasq then my router stopped connecting to internet and not accessible. If I disable that then the local dns doesn’t work. I am on DD-WRT build R24.
Make sure, the settings are accurately completed. The IP’s I used are examples, not to be filled in literally. Make sure “Use DNSMasq for …” DNS and DHCP are both checked. Then under Service Management -> DNSMasq section, The DNSMasq checkbox must be set to ENABLED, as well as the Local DNS checkbox. Also ensure the additional options are filled in. With v24-SP2, the setup works as described.
Thanks for the reply. I have to do the following things to get local DNS working in R24-SP2 with vpn build.
Under DHCP Server:
Use JFFS2 for client lease DB (Not mounted)
Use NVRAM for client lease DB
Additional DHCPd Options
Additional DNSMasq Options
Static DNS 1… 192.168.2.1 (router / gateway ip)
Static DNS 2.. other external DNS server1
Static DNS 3.. other external DNS server2
Can I specify subdomains on a machine like *.mylaptop.home.net ?
I think you can, but I haven’t tested it since I have no need for it. Presumably you are needing subdomain for a web server. You should be able to add a wildcard entry similar to the following into the dnsmasq.conf file:
The IP address should be the address of the web server. To preserve the entry across boots, you will need to set this in the dnsmasq options or modify the startup command script to make the addition and bounce the dnsmasq service.
With it, you should be able to access the cloud.mylaptop.home.net or drive.mylaptop.home.net.
Interesting… I have always heard that you shouldn’t use a public domain for local DNS to avoid resolution conflicts (even if you own the domain name). Is it safe? What’s the best practice?
FWIW, I always use something.local on my LAN.
You are correct. I’ve known this, but at the time of writing I chose a poor example. I use “.home” (without the “.net” on the end). It won’t resolve externally to any top level domains, which is the risk you could run using something like “.home.net” as in the post. I believe using “.net” can be OK, but if a host is not resolved locally the query will be sent to the external DNS server which will most likely fail to match something like “jimmysxbox.home.net” (unless you get extremely lucky with a name that does exist and resolves externally).
Pingback: DD-WRT Web Server for Viewing All Network IPs | Unfinished Bitness
Pingback: Synology NAS Web Server | Unfinished Bitness
Thanks for the info, but I am having an issue trying to resolve hostnames from a MAC I have on the LAN. I can only resolve them if I put a dot at the end. for example “server.” will resolve but “server” will not.
I used “home.net” as my LAN Domain. Is it just my Mac causing this or is it the dns services on the router.
Use just “home” instead. Double check all settings. Any device that is DHCP should not be listed in the static hosts file. Make sure router has been rebooted post changes.
I had a PFSense router for a while that died unfortunately due to power outage. I have decided to give dd-wrt a go on my asus rt-ac66u.
I have been unlucky so far with the dnsmasq options. every time I tried following other tutorials the entire lan lost internet connection. Luckily I have a very patient wife 🙂
In PFSense, I had a service called DNS Forwarder in which I could type a domain name and an IP address in the lan to be associated with it. Then from the outside world I could reach that domain on the correct mahine inside the lan. Much more convenient than any NAT rules.
Can i do the same with dd-wrt? Can I put in the dnsmaq options something else than IP – Machine name?
Can I do:
Yes. See this post: https://unfinishedbitness.info/2013/03/26/using-dd-wrt-for-local-dns-and-dhcp/
but don’t use .home.net as mentioned, just use .home
I am always losing the internet connection as soon as I check any of the dnsmasq box.
This is so frustrating…
I went through each and every step on this very well written tutorial and it is not working for me.
Any way to have it working?
I really need to be able to get access to my internal server using domain names and so far it is unsuccessful.
Is it really important to use JFFS2a and NVRAM?
I only want to resolve local names when on home network and on VPN to home network, so it works the same regardless of being local of remote on VPN.
Router FW is V24-sp2.
Static DNS 1: local router IP
Use DNSMasq for DHCP: enabled
Use DNSMasq for DNS: enabled
JFFS2: no mount
Used Domain: WAN
LAN Domain: somenet.local
Local DNS: enable
No DNS rebind: disabled
DNS1: local router IP
Now I can get server from VPN using “[servername].somenet.local” but also “[servername].” works, why does adding a dot work?
..but ping on ip with a -a option only gives only [servername] (i.e. ping -a [server ip])
Is it possible to ping server name directly like, or better to use servername + local domain?
What is the bet way(most secure?) to pass names to remote clients (the ones on VPN)?
Thanks for any feedback
I haven’t used DD-WRT in a while now. You do need JFFS, which is stored in NVRAM. This is where the filesystem is created. The filesystem is where the scripts and lookup tables are kept. With it properly setup you should be able to ping just a name without the network name, such as “xbox”. I can’t answer the VPN question with DD-WRT.
Question, when you selected OpenDNS name servers (220.127.116.11 and 18.104.22.168), can these be my ISPs DNS servers? Thanks
Absolutely. Use whatever DNS servers you would like.
great info! lots of bad info out there. this is the nugget!
Thanks. As grant said: lots of bad info out there.
For me it worked without JFFS (I can’t find the option to activate it, but I guess I’ll miss the option to have static IPs).
I played a little with DD-WRT and somehow the VMs in VirtualBox got confused and I had to restart the host system to be able to get IP addresses using DHCP.
Im running build 32868 on a tp-link 1900 ac v3 and the Services Page is grayed out and there is no save or apply radio button . DHCP is enabled in setup. It is the same in every browser I have . Any ideas ? I am a DD-WRT beginner, please be easy.
Sorry for the late response. I havent used DD-WRT for several years now. I’m unable to help with it anymore.