|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Disable DHCP: is it at all possible?
hi everyone,
my machine is standalone and connects to the internet using a fiber broadband modem provided by my isp. during installation of openbsd, i opt for dhcp. now that i have openbsd up and running on my machine, can i disable dhcp while at the same time able to resolve dns requests and surf websites? |
|
|||
Yes, that is possible. You just have to manually configure the things that dhclient.conf requests from the dhcpd server.
From an old OpenBSD box: Code:
request subnet-mask, broadcast-address, routers, domain-name, domain-name-servers, host-name;
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Note that if you're receiving public IP addresses from your ISP you might not be allowed to re-use an address that was previously assigned to you using manual configuration and you'll have to stick to using DHCP. If you modem does NAT and the addresses assigned to your machines are RFC1918 addresses (10.*.*.*, 172.16-31.*.* and 192.168.*.*) then it does not matter.
|
|
|||
question: do i need to input numerical values for "subnet-mask", "broadcast-address", "routers", etc.? if i need to, how do i obtain the relevant details?
|
|
|||
is there a welcome gift waiting for me to collect?....ok, just kidding...
i remember that my isp told me that my subscription package comes with dynamic ip addresses only, no static ones. if i need static ip addresses, i need to pay a lot more than i am currently paying. Quote:
surprisingly my openbsd operating system does not have mygate in /etc i had to create one. (there is only a myname file.) an idea just came to me when i am writing this reply to you. during installation of openbsd, can i choose to not use dhcp and then configure the various options that you have shown me in your reply? will that help to simplify matters? |
|
|||
Quote:
what do you mean by "you might not be allowed to re-use an address that was previously assigned to you using manual configuration and you'll have to stick to using DHCP"? how do i know that my modem/router does NAT? what tests can i perform to find out if it does NAT? there is only one machine connected to the modem/router. when i do an ifconfig, i only see 192.168.xxx.xxx. is that what you term "RFC1918" addresses? what are non-RFC1918 addresses? some examples please. |
|
||||
Let me try to do a little level-setting. It appears you may be confused. I hope this is neither repetitive nor insulting. It's only intended as a level-set.
The Internet is an interconnection of millions of separate networks. Some of those networks are designated for private use -- and their addresses are not used over the Internet. Specifically, the address ranges 10.x.x.x., 192.168.x.x, 172.16.x.x-172.31.x.x, and some others address ranges are never actually used "on" the Internet, they are used only inside private networks. For example you and I can have the same 192.168.10.20 device, on our separate private networks. But you and I can still communicate over the Internet. Our device addresses get translated by our gateway routers into actual Internet-facing addresses. This is done through a technology called Network Address Translation ("NAT"). With me so far? I hope so. Your ISP provided you with a gateway device. A modem/router of some kind. When you connected through it to the Internet, there were only two possibilities: 1) Your DHCP address was assigned by the that gateway/modem/router, on one of those private address ranges. This is the more likely scenario. Congratulations, you have a private network attached to the Internet through a NAT router. 2) Your DHCP-supplied address was assigned further upstream by your ISP, and is an actual "on-the-Internet" address not in one of those private ranges. You do not have a private network, your computer is directly "Internet-facing". If you issue the command "ifconfig egress" at any shell prompt, you will see the currently configured Network Interface Connection ("NIC") for outbound traffic on your OpenBSD system. If that address starts with 10, or 192.168, or 172.16*, you have a private network. Your ISP-provided device "does NAT" for you, and all devices on your private network, if you ever add any, will share a single, Internet-facing IP address. They will all share the Internet address of that ISP-provided device, actually. In my example provisioning steps, above, I showed a private network address for a NIC - em0, sis0, vr0 ... there are many possible NIC drivers, and the first one will be device number 0. I used an address that began with the number 10 in the example hostname file, assuming the far more common use of a private network attachment. You have a hostname.<some NIC> file already, containing the keyword "dhcp". I also provided an example of a routing configuration, and chose another address on the same private network. Whatever the address of the router might be on your private network. Your computer needs to know where to send packets that are addressed to other networks, and so it needs to know the address of the router on your local network. Of course, the addresses I chose were just examples, and may have no bearing on any use of either a private network defined by your ISP-provided device, or a direct on-the-Internet address. To assign a static address on your private network, if you have one, you must pick an address within the subnet defined by the ISP-provided device. And, the address must be in the range delegated to static addresses, and not one within the pool of dynamic addresses the device might assign. --- If this information is all review, I apologize. If this information seems complex and confusing perhaps you could help us understand what it is you want to accomplish. Why does it matter if the OS uses or does not use DHCP for addressing? --- * 172.16.0.0 through 172.31.255.255 Last edited by jggimi; 28th March 2016 at 05:07 PM. Reason: clarity, one typo. |
|
|||
Quote:
my router starts with 192.168.0.1. i suppose you call that the default gateway. sometimes my router assigns 192.168.0.47 or 192.168.0.123 or 192.168.0.131 to my machine. are these addresses within the range delegated to static addresses? i'm trying to control the way the operating system makes dns requests through my specified resolvers. |
|
||||
Great! The other 5% would be my inability to articulate clear ideas.
Quote:
I would guess then that your private network is the range of addresses from 192.168.0.0 - 192.168.0.255. Commonly called a "/24", meaning that the first 24 bits (3 bytes) are the network address, the remaining 8 bits (1 byte) are device addresses on the network. The reason? /24 subnets are easy to read and understand in a.b.c.d addressing notation. A /24 notation or a "netmask" of 255.255.255.0 mean the same thing. FYI: There are 256 addresses available on a /24 subnet, but only 254 can be assigned to devices. The low and high addresses of any subnet (.0, .255 for a /24) are reserved for routing and broadcast. Quote:
Quote:
The DHCP protocol is client-server. In this case, your OpenBSD system is the client, and the name of the program it runs for you during boot up (and while your network is up) is dhclient. You can read about it in the dhclient(8) man page. You'll want to adjust the dhclient configuration file, to tell it to ignore what your ISP's device submits for nameservers, and use your own. The configuration file is called /etc/dhclient.conf, and it has a man page too: dhclient.conf(5). The man page describes a supersede directive, and that's all you need to add. As an example to use Google's domain name servers, you would use: Code:
supersede domain-name-servers 8.8.8.8, 8.8.4.4; Last edited by jggimi; 28th March 2016 at 07:29 PM. Reason: added resolv.conf resolver sentence. And some clarity. And some typos. |
|
|||
Quote:
In base there is unbount resolver. In this case you need to configure system to: 1. Have "nameserver 127.0.0.1" in /etc/resolv.conf. You can do it as, jggimi suggested, through supersede directive in /etc/dhclient.conf. 2. Enable unbound using rcctl(8). 3. Edit /var/unbound/etc/unbound.conf to set up remote DNS server(s) you want to use. 4. Restart or reload configuration in unbound using rcctl(8). |
|
||||
Quote:
Quote:
Quote:
Quote:
after booting up openbsd, i launch my web browser and type in, say, www.openbsd.org in the URL field and press Enter. as i have already configured dhclient.conf to ignore the nameservers provided by my isp, how on earth is my browser able to resolve www.openbsd.org? |
|
|||
Quote:
the way i see it is that having a local caching resolver poses a great risk. openbsd, like other operating systems, may contain security vulnerabilities that allow malicious scripts to hack into the cache of Unbound and send them surreptitiously back to the hackers. in addition, the Unbound source code may contain bugs that allow such exploits to take place. Quote:
some suggest installing and configuring dnsmasq as my local recursive nameserver. what are the advantages of using Unbound over dnsmasq? are the two mutually exclusive, meaning, i cannot install both at the same time on my machine? |
|
||||
Quote:
In the case of a router, this could include all sort of settings, such as:
Quote:
Those who use dhclient on OpenBSD and wish to manipulate the contents of /etc/resolv.conf do so one of two ways. Either via provisioning rules in /etc/dhclient.conf, or via the /etc/resolv.conf.tail file. This snippet of rules the admin defines is appended to /etc/resolv.conf by dhclient every time it runs, as discussed in the resolv.conf(5) man page. Quote:
Last edited by jggimi; 29th March 2016 at 12:58 AM. Reason: clarity, typos, more clarity, more typos. It never ends. |
|
||||
It would have some performance improvement, since a portion of your network traffic is DNS queries and responses. If the name to address map is already in memory, no network query is required.
The performance advantage is greater if you have multiple devices on your local network sharing a cache. At the moment, you have only one device on the local network other than the ISP's router. You may not see noticeable improvements. Quote:
(Of course, Google will not sell individual IP information, only "big data" aggregations. We hope. Did they already switch their slogan from "Don't be Evil" to "Evil is OK sometimes"? ) Quote:
Quote:
--- I didn't recommend a caching resolver to you. For two reasons. 1) While there may be some performance advantage to caching name resolution, you're currently dealing with initial provisioning and you can always add one later, after you have a greater understanding of the system and its surrounding infrastructure. 2) It takes us out of the initial scope of query, which we try to avoid on this forum. When a new question arises, admins ask us to start a new thread. And if it arises as you look at DNS in more detail, should you have any questions about technologies that mitigate risk of DNS traffic exposure -- such as DNSSEC or Tor -- please start a new thread. Last edited by jggimi; 29th March 2016 at 01:41 AM. Reason: clarity |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How do I disable/uninstall fvwm and cwm | bsd007 | OpenBSD General | 6 | 24th December 2015 10:42 PM |
would machdep.allowaperture=0 be enough to disable X ? | daemonfowl | OpenBSD Security | 9 | 6th April 2012 11:39 PM |
How to disable the pc speaker (beep)? | aleunix | OpenBSD General | 2 | 11th March 2012 03:53 PM |
How to disable touchpad | gpatrick | OpenBSD General | 3 | 4th March 2012 03:36 PM |
Disable Ctrl+Alt+Backspace | There0 | OpenBSD General | 9 | 1st January 2010 02:38 AM |