diff --git a/docs/features/dns-cache.rst b/docs/features/dns-cache.rst new file mode 100644 index 00000000..c5376ce8 --- /dev/null +++ b/docs/features/dns-cache.rst @@ -0,0 +1,51 @@ +DNS caching +=========== + +User experience may be greatly improved when dns is accelerated. Also, it +seems like a good idea to keep the number of packages being exchanged +between node and gateway as small as possible. In order to do this, a +DNS cache may be used on a node. The dnsmasq instance listening on port +53 on the node will be reconfigured to answer requests, use a list of +upstream servers and a specific cache size if the options listed below are +added to site.conf. Upstream servers are the DNS servers which are normally +used by the nodes to resolve hostnames (e.g. gateways/supernodes). + +There are the following settings: + servers + cacheentries + +To use the node's DNS server, both options should be set. The node will cache at +most 'cacheentries' many DNS records in RAM. The 'servers' list will be used to +resolve the received DNS queries if the request cannot be answered from +cache. Gateways should announce the "next node" address via DHCP and RDNSS (if +any). Note that not setting 'servers' here will lead to DNS not working: Once +the gateways all announce the "next node" address for DNS, there is no way for +nodes to automatically determine DNS servers. They have to be baked into the +firmware. + +If these settings do not exist, the cache is not initialized and RAM usage will +not increase. + +When next_node.name is set, an A record and an AAAA record for the +next-node IP address are placed in the dnsmasq configuration. This means that +the content of next_node.name may be resolved even without upstream connectivity. +It is suggested to use the same name as the DNS server provides: +e.g. nextnode.location.community.example.org (This way the name also works if a +client uses static DNS Servers). Hint: If next_node.name does not contain a dot +some browsers would open the searchpage instead. + +:: + + dns = { + cacheentries = 5000, + servers = { '2001:db8::1', }, + }, + + next_node = { + name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' }, + ip6 = '2001:db8:8::1', + ip4 = '198.51.100.1', + } + + +Each cache entry will occupy about 90 bytes of RAM. diff --git a/docs/features/dns-forwarder.rst b/docs/features/dns-forwarder.rst deleted file mode 100644 index d74f9618..00000000 --- a/docs/features/dns-forwarder.rst +++ /dev/null @@ -1,26 +0,0 @@ -DNS forwarder -============= - -A Gluon node can be configured to act as a DNS forwarder. Requests for the -next-node hostname(s) can be answered locally, without querying the upstream -resolver. - -**Note:** While this reduces answer time and allows to use the next-node -hostname without upstream connectivity, this feature should not be used for -next-node hostnames that are FQDN when the zone uses DNSSEC. - -One or more upstream resolvers can be configured in the *dns.servers* setting. -When *next_node.name* is set, A and/or AAAA records for the next-node IP -addresses are placed in the dnsmasq configuration. - -:: - - dns = { - servers = { '2001:db8::1', }, - }, - - next_node = { - name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' }, - ip6 = '2001:db8:8::1', - ip4 = '198.51.100.1', - } diff --git a/docs/index.rst b/docs/index.rst index c9bcbdb3..99fc8535 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -25,7 +25,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre features/wlan-configuration features/private-wlan features/wired-mesh - features/dns-forwarder + features/dns-cache features/monitoring features/multidomain features/authorized-keys diff --git a/docs/releases/v2017.1.rst b/docs/releases/v2017.1.rst index 9e8e72c9..5319aae3 100644 --- a/docs/releases/v2017.1.rst +++ b/docs/releases/v2017.1.rst @@ -88,6 +88,8 @@ New features * Add support for making nodes a DNS cache for clients (`#1000 `_) + See also: :doc:`../features/dns-cache` + * Add L2TP via tunneldigger as an alternative VPN system (`#978 `_) diff --git a/package/gluon-core/check_site.lua b/package/gluon-core/check_site.lua index 103cb929..06b9ac59 100644 --- a/package/gluon-core/check_site.lua +++ b/package/gluon-core/check_site.lua @@ -66,6 +66,7 @@ need_boolean(in_site({'poe_passthrough'}), false) if need_table({'dns'}, nil, false) then need_string_array_match({'dns', 'servers'}, '^[%x:]+$') + need_number({'dns', 'cacheentries'}, false) end need_string_array(in_domain({'next_node', 'name'}), false) diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config b/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config index f3fdfbff..0db66301 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config @@ -12,7 +12,7 @@ uci:set('dhcp', dnsmasq, 'localise_queries', true) uci:set('dhcp', dnsmasq, 'localservice', false) uci:set('dhcp', dnsmasq, 'server', dns.servers) -uci:delete('dhcp', dnsmasq, 'cachesize') +uci:set('dhcp', dnsmasq, 'cachesize', dns.cacheentries) uci:delete('firewall', 'client_dns') if dns.servers then diff --git a/package/gluon-setup-mode/Makefile b/package/gluon-setup-mode/Makefile index 5ee9117c..cb5aac40 100644 --- a/package/gluon-setup-mode/Makefile +++ b/package/gluon-setup-mode/Makefile @@ -9,7 +9,7 @@ include ../gluon.mk define Package/gluon-setup-mode TITLE:=Setup mode - DEPENDS:=+gluon-core +gluon-lock-password +ubus +dnsmasq + DEPENDS:=+gluon-core +gluon-lock-password +ubus +dnsmasq-full endef define Package/gluon-setup-mode/description diff --git a/package/gluon-wan-dnsmasq/Makefile b/package/gluon-wan-dnsmasq/Makefile index da42cf01..44a68f3b 100644 --- a/package/gluon-wan-dnsmasq/Makefile +++ b/package/gluon-wan-dnsmasq/Makefile @@ -6,7 +6,7 @@ include ../gluon.mk define Package/gluon-wan-dnsmasq TITLE:=Support for a secondary DNS server using the WAN interface - DEPENDS:=+gluon-core +libubus-lua +dnsmasq +libpacketmark + DEPENDS:=+gluon-core +libubus-lua +dnsmasq-full +libpacketmark endef define Package/gluon-wan-dnsmasq/description diff --git a/targets/generic b/targets/generic index 806e39d2..c9bce1e0 100644 --- a/targets/generic +++ b/targets/generic @@ -42,6 +42,15 @@ try_config('PACKAGE_usbip', false) -- fails to build try_config('PACKAGE_ATH_DEBUG', true) +try_config('PACKAGE_dnsmasq_full_dhcpv6', false) +try_config('PACKAGE_dnsmasq_full_auth', false) +try_config('PACKAGE_dnsmasq_full_ipset', false) +try_config('PACKAGE_dnsmasq_full_nftset', false) +try_config('PACKAGE_dnsmasq_full_conntrack', false) +try_config('PACKAGE_dnsmasq_full_noid', false) +try_config('PACKAGE_dnsmasq_full_broken_rtc', false) +try_config('PACKAGE_dnsmasq_full_rtc', false) + try_config('TARGET_SQUASHFS_BLOCK_SIZE', 256) config('KERNEL_PROC_STRIPPED', true) @@ -81,6 +90,7 @@ config('GLUON_MINIFY', istrue(env.GLUON_MINIFY)) packages { '-ca-bundle', + '-dnsmasq', '-kmod-ipt-offload', '-kmod-nft-offload', '-libustream-wolfssl',