Gold Hunt
I spent the day reconfiguring my apartment wireless network. It’s been a long ordeal, not just today, but since I started with wireless a year and a half ago. My problem is that I’ve got all this 802.11b equipment that doesn’t support WPA, and we know WEP is easily broken. (WPA and WEP are technologies that basically try to make the wireless transmissions between your laptop/wireless device and a wireless access point unreadable to others in the geographic vicinity.) So for a long time I was using an 802.11b access point connected to my linux box which was running a VPN server that controlled access to the apartment LAN and Internet (cool, I know!). Each wireless client therefore also had to run a VPN client and needed proper VPN credentials. Anyway, it worked alright, but my brother’s computer’s internet connection would go dead about 4 times a day.
So I decided a hybrid solution might work: have an 802.11g/b router that used WPA for wireless clients that supported WPA like my brother’s computer, as well as a 802.11b router that used no encryption and was connected to the VPN. Unfortunately my 802.11g wireless router’s (Buffalo WBR2-G54) signal strength was overwhelming the 802.11b access point (D-Link DWL-1000AP). So today I said, “To hell with it, I’ll just not support my old 802.11b equipment that doesn’t support WEP and ugrade everything to WPA stuff.” So I ditched the secondary VPN access point, and reconfigured the network around the wireless router. Unfortunately, that wireless router, doesn’t support “loopback” NAT. In layman’s terms, none of the computers in my apartment that I type “www.scrambledbrains.net” into the web browsers of will connect to my website. Instead, I have to use the internal IP of my webserver. Stupid! I guess it’s ’cause my wireless router is about 3 years old. Nonetheless, my D-Link DI-604 router had no problems with this functionality, nor did my Belkin F5D6231-4. I then spent most of the day trying to set up the djbdns DNS server. So confusing. And didn’t get it to work. Why didn’t anyone make a simple home LAN scale DNS server that could just resolve to the hosts file?! I was this close to flashing the firmware of my WBR2-G54 with OpenWRT firmware (which may or may not resolve the problem but would surely give me a week’s headache) when I came across dnsmasq! Halle-freakin’-lujah! Does exactly what I wanted it to: simple domain name resolution against a hosts file. My head almost exploded of joy! So I setup the wireless router to dish out the IP address of my linux box as the DNS server, and my linux box resolves first against the hosts file and second against my ISP’s DNS. Whoo! Celebrate! I should have a party now where people bring their wireless devices over to my apartment and access my website over the WLAN! Preparations must be made!
So as I leave you with dnsmasq, that wonderful nugget of gold, I myself leave to Las Vegas, with my brother and Natalie, and cousins in search of gambling gold! Yeeeaaaaahhh!
Update: Regarding LAN host name resolution with dnsmasq. I started tinkering with it and I noticed that local LAN names weren’t resolving without adding a domain. In other words, from my workstation (named ‘neelix’) I couldn’t ping my server (named ‘riker’). Running ‘ping riker’ gave a name resolution error. Problem was Windows XP, which neelix runs on, tries to resolve any names having no dots by WINS rather than DNS.
The dnsmasq FAQ (which comes with the source; if you’re using Gentoo, remember to check /usr/share/doc/<package-name> for documentation before you give up, because in this case the FAQ is not avaliable online or anywhere else) suggests setting the domain suffix for each host on the LAN. Rather than do this manually for each host (which I’m explicitly trying to avoid) I configured my DHCP server to suppy ’scrambledbrains.net’ as the domain. If you don’t have an actual domain name, anything will suffice, ‘localnet’ for example. Now my Windows hosts will automatically qualify un-dotted names, in other words ‘riker’ automatically becomes ‘riker.scrambledbrains.net’, which is then resolved by DNS. You can verify the domain suffix on Windows machines by running ‘ipconfig /all’–note, however, for some reason this information isn’t displayed in the domain suffix list in the TCP/IP network configuration dialog. (Also, on *nix machines including Mac OS X, this information is added to the system as a domain line in /etc/resolv.conf; this causes the resolver to append that domain to unqualified names that fail to resolve.)
Now, dnsmasq must be configured to answer for this domain, so specify this domain with the ‘domain’ parameter and include ‘expand-hosts’ in the configuration file. Voila! Now ‘ping riker’ works! And more importantly I can use ssh, Firefox, ftp and mail clients, and other programs with intuitive and simple host names, all of which are managed in the hosts file on the machine running dnsmasq. Simplicity is so refreshing! And it only took 4 hours to figure out! Yes, what I lack in task prioritization, I make up for in unyielding, persitent, stupid tenacity.
Follow me on Twitter for the latest updates, and make sure to check out my community opinion social networking project, Blocvox.
1 Comment
Commenting options at bottom.Wow. I googled and googled for the solution to this problem. Thank you so much for taking the time to explain this solution!!