DNS and DHCP for extra VLANs

DNS and DHCP were both setup for the native LAN in an earlier chapter. The same dnsmasq config can be used (and should still be working, because the name lan has not changed). You need to create additional dnsmasq configs for any extra VLANs you have configured.

Following the example, you need create dnsmasq configs for the extra VLANs:

  • 11 WORK
  • 12 APPS
  • 13 IOT

Configure dnsmasq for WORK, APPS, IOT

Run this on the Router VM
#!/bin/bash
set -e

create_vlan_dnsmasq_config() {
  local VLAN_ID=$1
  local VLAN_NAME=$2

local SUBNET_BASE="192.168"
local SUBNET="${SUBNET_BASE}.${VLAN_ID}.0"
  local LISTEN_ADDRESS="${SUBNET_BASE}.${VLAN_ID}.1"
  local DHCP_RANGE_START="${SUBNET_BASE}.${VLAN_ID}.50"
  local DHCP_RANGE_END="${SUBNET_BASE}.${VLAN_ID}.250"

## Bind to the VLAN interface:
export INTERFACE=${VLAN_NAME}
  export LISTEN_ADDRESS=${LISTEN_ADDRESS}

## DHCP config:
export DOMAIN_LAN=${VLAN_NAME}.example.com
  export GATEWAY_LAN=${LISTEN_ADDRESS}
export DHCP_LAN_RANGE_START=${DHCP_RANGE_START}
  export DHCP_LAN_RANGE_END=${DHCP_RANGE_END}
export DHCP_LAN_LEASE=12h

## Static DHCP Leases:
## bash array of "MAC_ADDRESS,IP_ADDRESS,HOST_NAME,LEASE_TIME"
STATIC_LEASES=(

)
## Convert array to string:
export DHCP_LAN_STATIC_LEASES="${STATIC_LEASES[@]}"

## DNS config - Forward DNS to dnscrypt on localhost
export DNS_LAN=${LISTEN_ADDRESS}
export DNS_UPSTREAM_1=::1
export DNS_UPSTREAM_2=127.0.0.1

nifty-filter dnsmasq | dnsmasq -C - --test

echo "## Applying dnsmasq config for VLAN ${VLAN_NAME}:"
  (echo "## This file is generated by nifty-filter. DO NOT EDIT."; \
   nifty-filter dnsmasq) > /tmp/dnsmasq-${INTERFACE}.conf

  dnsmasq -C /tmp/dnsmasq-${INTERFACE}.conf -d --user=dnsmasq --pid-file
}

declare -A vlan_names
vlan_names=(
  [11]="work"
  [12]="apps"
  [13]="iot"
)

for VLAN_ID in "${!vlan_names[@]}"; do
  VLAN_NAME="${vlan_names[$VLAN_ID]}"
  SCRIPT_NAME="dnsmasq-${VLAN_NAME}.sh"

  cat <<EOF > /usr/local/sbin/"${SCRIPT_NAME}"
#!/bin/bash
$(declare -f create_vlan_dnsmasq_config)

create_vlan_dnsmasq_config ${VLAN_ID} ${VLAN_NAME}
EOF

  chmod +x /usr/local/sbin/"${SCRIPT_NAME}"
  echo "Generated script: ${SCRIPT_NAME}"
  ln -sf /usr/local/sbin/"${SCRIPT_NAME}" ~/"${SCRIPT_NAME}"
done
Tip

Make sure to edit the following config variables:

  • DOMAIN_LAN customize your own LAN domain name.
  • DHCP_LAN_STATIC_LEASES customize your own list of hosts that should have static DHCP leases
    • STATIC_LEASES is an intermediate array to help build DHCP_LAN_STATIC_LEASES, with a set of examples commented out.

Enable the dnsmasq services

Run this on the Router VM
systemctl enable dnsmasq@{work,apps,iot}.service
systemctl restart dnsmasq@{work,apps,iot}.service