Help with EDNS(0) MAC

sean311 · June 23, 2021, 10:45am

I use my DD-WRT router as DHCP and DnsMasq server - for many (valid) reasons...and most clients on the LAN just accept the automatic settings (meaning their DNS setting is the router). Yes, I understand that means that when a request gets to pi-hole it is seen as coming from the router... not the originating client.... I also have read 100's of posts about this.... Most of them just say - "you should change it so pi-hole runs the dhcp and dnsmasq for the local LAN" - which is avoiding the actual issue with a workaround. That workaround will be suitable for some, but not for many..

There seems to be a another potential approach to build a real solution for this.... I am going to say "MAC Address" but before you roll your eyes and shout me down with the standard arguments... just listen... this is a little bit different:

I run DNSMasq on

sean311 · June 23, 2021, 10:51am

part2 - (Accidentally hit enter)

I run DNSMasq on my router and it does great job - even making local devices that are not static automatically addressable by name ..... AND there is an optional config setting:

Add Requestor MAC to DNS Query adds the internal requestor's MAC address to the query sent to the upstream DNS server, which could be necessary if the upstream server filters requests by MAC.

Currently that setting is being ignored by (upstream DNS) pi-hole. I have enabled it. It means that pi-hole is getting details of the originating device.... Surely that setting - if used - could be read by pi-hole to discern the downstream originating clients ?

yubiuser · June 23, 2021, 10:54am

This has been implemented a while ago:

sean311 · June 23, 2021, 10:58am

IF it is already implemented, and I am using that setting "add-mac" , then why are the downstream clients (ie the LAN devices ) not showing in PI-Hole, but rather just the router shows as the pi-hole client with 99% of the acitivity... ?

and BTW ... WOW !! your response time on that post was AMAZING ! It was like sub-second !

yubiuser · June 23, 2021, 11:05am

--add-mac[=base64|text]

Did you specify any option here? base64 is not supported by Pi-hole, only text is.
__

Please add

DEBUG_EDNS0=true

to /etc/pihole/pihole-FTL.conf (create if it does not exist) so you get debug log lines in /var/log/pihole-FTL.log

After adding the option, you need to restart Pi-hole by

pihole restartdns

sean311 · June 23, 2021, 11:13am

ok - I will do

The dnsmasq.conf in my router just has "add-mac" has no "=base64 or text" .. I will specify "=text"

Ok - I have added the ``` DEBUG_EDNS0=true ..

There was only one line that conf file before, being: "PRIVACYLEVEL=0"

sean311 · June 23, 2021, 11:26am

I can see now using TAIL on the FTL log that the mac addresses are coming through...

[2021-06-23 19:24:08.502 14159M] EDNS(0) requestor's UDP payload size: 512 bytes
[2021-06-23 19:24:08.502 14159M] EDNS(0) code 65073, optlen 17 (bytes 4 - 21 of 21)
[2021-06-23 19:24:08.502 14159M] EDNS(0) MAC address (TEXT format): 9e:b6:4f:bf:0d:cf

each request also has records for: pheader[0] to pheader[31]

so now what ??? should I be seeing client names in the dashboard TOP LISTS now ? ( am not)

yubiuser · June 23, 2021, 2:36pm

No.

For name resolution at the dashboard Pi-hole needs to know the IP of the clients, not the MAC.

You (also) need to add

--add-subnet=32 to your dnsmsq config (and 128 for IPv6)

In Tools -> Network you should than start seeing the individual client IP's.

In order to obtain the host names you have two ways: configure conditional forwarding for the relevant subnet to your router (which can provide hostnames it knows about via DHCP) or your configure them individually via Local DNS records.

sean311 · June 23, 2021, 3:21pm

ok - I do not use IPv6 so I will add "add-mask=32" to the DNSMasq settings on my router. Why 32 , that seems strange ? I mean as subnet mask it would be 24... But, whatever, I will add it like that =32.

There are no other subnets. I mean the pi-hole and the router are on the same subnet and that is the only subnet. On that subnet - the DNS ( in the router ) knows about all hostnames including the ones that are not static IP addresses... When you write "configure them individually via Local DNS records"... they (hostnames) are all in the local DNS at this time (running on the router).

yubiuser · June 23, 2021, 3:30pm

Because this will add the exact IP of the client making the request. If you only add /24 dnsmasq will only add the /24 subnet to the request, making it impossible to identify the specific client.

That makes it easier I did not know how complicated your network is. In this case you can use the Pi-hole GUI to configure conditional forwarding to your router.

sean311 · June 23, 2021, 3:44pm

As soon as I added "add-mask=32" (I also tried 24) ... all name resolving stopped on my network. Meaning it could not resolve local name nor internet names.. I have taken "add-mask" out again.

I added it on my router ( which is running dnsmasq for the LAN ) ... or did you mean I should add that into the settings in the pi-hole ?

yubiuser · June 23, 2021, 5:44pm

No it should be added to your router.

Does dnsmasq at the router stop or is it a problem with Pi-hole receiving the new queries? What version is of dnsmasq is your router running? The option was added in version 2.67.

sean311 · June 24, 2021, 3:32am

This from the syslog of the router... so it is definitely sending MAC and hostname on to pi-hole.

Jun 24 10:25:31 nighthawk daemon.info dnsmasq-dhcp[13181]: DHCPREQUEST(br0) 192.168.9.142 4e:77:eb:1e:fc:ae
Jun 24 10:25:31 nighthawk daemon.info dnsmasq-dhcp[13181]: DHCPACK(br0) 192.168.9.142 4e:77:eb:1e:fc:ae SJSiPho11ProMax

I am trying to check the version of dnsmasq on the router.... But the add-mask was not ignored, it did do something, when I added it . I mean it stopped all names from being resolved for devices on the LAN....

sean311 · June 24, 2021, 3:56am

Jun 24 11:51:28 nighthawk daemon.info dnsmasq[19103]: started, version 2.85 cachesize 1500
Jun 24 11:51:28 nighthawk daemon.info dnsmasq[19103]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack ipset no-auth cryptohash DNSSEC loop-detect no-inotify no-dumpfile
Jun 24 11:51:28 nighthawk daemon.info dnsmasq-dhcp[19103]: DHCP, IP range 192.168.9.128 -- 192.168.9.159, lease time 1d

my router has dnsmasq version 2.85

sean311 · June 24, 2021, 4:00am

I am pretty sure that DNSmasq in the router did not stop. But I do not know what else happened.... When I added the add-sub option, I then restarted DNSmasq on the router... it gave no errors, seemed to restart like every other time, so I assume it was running.

yubiuser · June 24, 2021, 4:40am

Then please re-add add-sub and have a look in /var/log/pihole-FTL.log what happend there

system · July 15, 2021, 4:41am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.