Synology DHCP Server using Multiple NameServers - Parental Control over the network for Some PCs using OpenDNS

I had a requirement to improve the parental filters on the home network.  OpenDNS is a good solution for this, however, I also use other DNS providers to stop being geo-blocked.  I need a solution that allows some machines to be pushed through to OpenDNS and others to my other DNS provider (unotelly).

I have a synology NAS running diskstation, and that has the ability to control DNS, however, the GUI doesn't provide the feature I am looking for.  Under the hood it's using dnsmasq, and I can ssh onto the box to make changes required.

The first step was to enable DNS on the Synology router (and disable it from my router).  This puts the Synology in control of the DNS selections I run.

My diskstation runs on the IP 192.168.2.101.  I also installed the Synology NameServer and that was to be used for a few things, amongst which is google safe searching, as written about previously.

The first step was to enable the DHCP server.  I pointed the primary DNS back to itself, which is running on 192.168.2.101.


I also entered the various static allocations that I require that map MAC addresses to some fixed IP addresses.

I typically allocate any of the children's wifi devices (laptop, iPad) to the 192.168.2.12x range.

Now inside DNS server, I configured it to point to OpenDNS.


Inside OpenDNS, I configure some required filters.

This has the desired effect.

The next issue though was how to unblock my own PC from such restrictions, and use a different DNS provider.

Well, it appears that the Synology is using dnsmasq under the hood, and not everything is available via the GUI.  But using ssh onto the box, you can create better flexibility.

You can make changes to /etc/dhcpd/dhcpd.conf but when you can restart using the following command


admin@ds413:/etc/dhcpd$ sudo /etc/rc.network restart

The changes are lost.

To get around this, your must modify the rc.network task, that pulls in different components.  This is what I did.  Create a file /etc/dhcpd/dhcpd-extras.conf.  Into that file put in the changes you want.  In my case I wanted to change the nameserver used by a number of machines on my network, so the contents of my file became:

dhcp-mac=set:altdns,00:26:18:94:1e:62 # winpc
dhcp-mac=set:altdns,50:2e:5c:f0:7d:99 # android phone
dhcp-mac=set:altdns,00:1c:85:40:20:97 # kodi tv living room
dhcp-option=tag:altdns,option:dns-server,118.88.19.172,208.67.220.123
dhcp-option=tag:unodns,option:dns-server,118.88.19.172,208.67.220.123
dhcp-option=tag:googdns,option:dns-server,8.8.8.8,8.8.4.4

Where the dns-servers were entries for unotelly dns that I required (and differ from the default nameserver 192.168.2.101 and the entries found inside its Resolution (forwarder) settings!). I also adjusted the config recently, so that i called them unodns, I added in googlesnameservers 8.8.8.8.  Should I have issues with unodns, then i swap over to googdns, by renaming it to altdns.  (And yes this changed was made because I had a problem with unodns, which meant I dropped into the OpenDNS defaults).

If you want to know more about the settings in dnsmasq, I used this reference.  I got the idea of the config above having read this.

I modified the /etc/rc.network file to add the following in
        if [ "${CONF_LIST}" = "" ]; then
                return 1;
        fi

        local CONF_EXTRAS="/etc/dhcpd/dhcpd-extras.conf"
        if [ -e ${CONF_EXTRAS} ]; then
          CONF_LIST="${CONF_LIST} ${CONF_EXTRAS}"
        fi

        DNS_INFO_FILE="/etc/dhcpd/dhcpd-dns-dns.info"
        DNS_CONF_FILE="/etc/dhcpd/dhcpd-dns-dns.conf"
        isEnable=`/bin/get_key_value ${DNS_INFO_FILE} enable`
        if [ "x${isEnable}" = "xyes" ] && [ -f ${DNS_CONF_FILE} ]; then
                CONF_LIST="${CONF_LIST} ${DNS_CONF_FILE}"
        fi

Now restart the service (sudo /etc/rc.network restart).  If you want to check the contents of the /etc/dhcpd/dhcp.conf file - it should contain the entries that are stored in dhcp-extras.conf.

On my main pc (windows 10), I performed the following commands

ipconfig /flushdn
ipconfig /release
ipconfig /renew

Now when I perform an ipconfig /all I can see the dnsservers allocated correctly.

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : homezone
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-26-18-94-1E-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c037:2096:bf44:99d%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.50(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, 28 August 2016 12:35:50 AM
   Lease Expires . . . . . . . . . . : Monday, 29 August 2016 12:35:50 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.101
   DHCPv6 IAID . . . . . . . . . . . : 50341400
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-66-29-2B-00-26-18-94-1E-62
   DNS Servers . . . . . . . . . . . : 118.88.19.172
                                       208.67.220.123
   NetBIOS over Tcpip. . . . . . . . : Enabled
 

This is just the first of my exploration in this area, it proves it works.   I may revisit the configuration and investigate options around different ip ranges, but that is for another day.



Comments

Popular Posts