dnsmasq.conf

Web GUI 設定:

Setup->Basic Setup

• Checked "Use DNSMasq for DHCP"
• Checked "Use DNSMasq for DNS"

Administration->Services -> DNSMasq

• LAN Domain = <chosen LAN domain>
• DNSMasq = Enabled
• Local DNS = Enabled

Additional DNSMasq Options: (在 /tmp/dnsmasq.conf 內的設定)

strict-order
dhcp-host=MAC,IP,24h
dhcp-host=MAC,ignore        // 某 MAC 永遠拿不到 IP
address=/datahunter.org/192.168.123.11
ptr-record=datahunter.org,192.168.123.11

host datahunter.org
datahunter.org has address 192.168.123.11

host 192.168.123.11

11.123.168.192.in-addr.arpa domain name pointer datahunter.org.

/etc/config/dhcp + /etc/dnsmasq.conf  ->>  /var/etc/dnsmasq.conf

/usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf

 /etc/dnsmasq.conf

# default gateway and dns for LAN ports
  dhcp-option=vlan0,3,10.0.0.1
  dhcp-option=vlan0,6,10.0.0.1

相當於:

Network -> LAN -> DHCP Server -> Advanced Settings -> DHCP-Options

/etc/hosts

由於在 dd-wrt 的 /etc/host 會在下次開機後消失,

所以用建立 start up script  每次建立它

echo '192.168.1.50    somename''>> /etc/hosts

killall -HUP dnsmasq

No DNS Rebind

Enables DNS rebind attack protection by discarding upstream RFC1918 responses

Web browsers can implement DNS pinning: the IP address is locked to the value received in the first DNS response

Private IP addresses can be filtered out of DNS responses.
(block the resolution of external names into internal IP addresses.)

Firefox NoScript extension provides partial protection using its ABE feature.

DHCP-Authoritative

When a DHCP server believes that a client is requesting an address that is not appropriate for the subnet to which it is attached, the server is expected to send a DHCPNAK in response to the client's DHCPREQUEST. This causes the client to immediately fall back to INIT state, forget its old lease, and start over from scratch as though it never had one.