search

openthread / ot-br-posix

OpenThread Border Router, a Thread border router for POSIX-based platforms.
https://openthread.io/
BSD 3-Clause "New" or "Revised" License
403 stars 227 forks source link

BorderRouter Wi-Fi Access Point DNS lookups fail. Lookup responses return as Refused #333

Closed mmukada closed 3 years ago

mmukada commented 5 years ago

I am setting up a BorderRouter using a Raspberry Pi3, following the Wi-Fi Access Point manual configuration instructions detailed here: https://openthread.io/guides/border-router/access-point. The Wi-Fi AP comes up and I am able to join without any problems. However any action requiring DNS lookup fails, and the response returns with the message "Refused". I should note that I am yet to setup the NCP, I am stuck on getting Wi-Fi AP to work correctly allowing access to the internet by domain name. Pings/Requests specified by IP address are working fine.

The version of Raspian is: Release 10 (Buster)

Below are the pertinent config files and wonder if someone can assist.

dhcpcd.conf

hostname

duid

option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate Stable Private IPv6 Addresses instead of hardware based ones
slaac hwaddr

# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
nohook lookup-hostname
nohook wpa_supplicant

denyinterfaces nat*

noipv6rs

interface wpan0
nodhcp
nodhcp6

interface eth0
iaid 1
ipv6rs
ia_na 2
ia_pd 3/::/63 wpan0/1

interface wlan0
iaid 4
ipv6rs
ia_na 5
ia_pd 6/::/63 wpan0/1

denyinterfaces wlan0

dnsmasq.conf

# The Wi-Fi interface configured for static IPv4 addresses
interface=wlan0

# Explicitly specify the address to listen on
listen-address=192.168.1.2

# Bind to the interface to make sure we aren't sending things elsewhere
bind-interfaces

# Forward DNS requests to the Google DNS
server=8.8.8.8

# Don't forward short names
domain-needed

# Never forward addresses in non-routed address spaces
bogus-priv

# Assign IP addresses between 192.168.1.50 and 192.168.1.150 with a 12 hour lease time
dhcp-range=192.168.1.50,192.168.1.150,12h
mmukada commented 5 years ago

Turns out that the bind9 service is listening on all interfaces (default behaviour), consequently "overriding" dnsmasq. I cannot make sense why this would be given the bind-interfaces configuration in dnsmasq.conf. I got around this by making bind9's respective interface explicit by including (listen-on { 192.168.1.224; };) in the config file - /etc/bind/named.conf.options

jwhui commented 3 years ago

Closing stale issue.