2025年7月13日星期日

Replace OpenWrt DHCP and DNS Servers with Kea DHCP4 and BIND9

This guide explains how to replace the default OpenWrt DHCP and DNS servers with Kea DHCP4 and BIND9.

1. Install BIND and Kea DHCP4

opkg update
opkg install bind-server bind-check bind-dnssec bind-tools kea-dhcp4

2. Remove OpenWrt's default dnsmasq and odhcpd-ipv6only

opkg remove dnsmasq odhcpd-ipv6only
uci -q delete dhcp.@dnsmasq[0]
uci commit dhcp

3. Install and Configure Kea DHCP4

Copy init script and configuration file:

cp ./kea-dhcp4/etc/init/kea-dhcp4 /etc/init/
cp ./kea-dhcp4/etc/kea/kea-dhcp4.conf /etc/kea/

Edit the DHCP server configuration:

vim /etc/kea/kea-dhcp4.conf

Start and enable Kea DHCP4 service:

/etc/init.d/kea-dhcp4 start
/etc/init.d/kea-dhcp4 enable

4. Configure BIND9 DNS Server

Edit the main configuration:

cp ./bind/etc/bind/named.conf /etc/bind/
vim /etc/bind/named.conf

(Optional) Edit zone files:

vim /etc/bind/db.liuyu.dns
vim /etc/bind/db.192.168.1

5. Configure OpenWrt to use local BIND DNS Server

Set WAN DNS to localhost:

uci set network.wan.dns='127.0.0.1'
uci commit network

6. Start and enable BIND service

/etc/init.d/named start
/etc/init.d/named enable

7. Other useful commands

Restart services if needed:

service kea-dhcp4 restart
service named restart

This setup replaces the default dnsmasq with a more flexible and robust Kea DHCP4 and BIND9 combination.

GitHub Repository: https://github.com/liuyuf78fk/isc-openwrt

at

没有评论:

发表评论

订阅: 博文评论 (Atom)

CVE-2026-31431 漏洞验证和临时修复方案

昨天披露了一个漏洞,CVE-2026-31431。 简单说就是普通用户一旦拿到shell,就可以利用该漏洞直接提权到root。 漏洞验证: git clone https://github.com/rootsecdev/cve_2026_31431.git cd cve_2026...

  • 20250816 更新: 红米AX6 OpenWrt NSS固件
    20250816 更新:  redmi_ax6_20250810  Latest What's New 1  Added kmod-nf-tproxy 2 Added kmod-nft-tproxy 3 Added kmod-tcp-bbr 20250807 更新:  r...
  • What's My IP
      查询自己的IP Display your current IP   👇 https://ip.f78fk.com