FritzBox 7490: Handing out a secondary internal DNS via DHCP impossible

dhcpdnsfritzboxrouter

I have a Fritz!Box 7490 residential DSL/Modem/Router by AVM.

Additionally I run a DNS server at 192.168.178.5 (actually a Pi-hole Ad Blocker) which I have set in the Fritz!Box's DHCP settings as the DNS address to be distributed via DHCP to all clients. [2]

So when clients request an IP from the Fritz!Box, they are automatically told to ask DNS requests at 192.168.178.5. So far, so good.

The problem is, if this DNS server goes down (updates, reboot, anything), all clients lose the ability to resolve domains (i.e. no more internet). Therefore, I'd like to give them a secondary DNS to use in case the first is unavailable. This secondary DNS could even be the Fritz!Box itself (192.168.178.1), in which case ad-blocking won't work anymore but at least the internet access wouldn't be broken for them.

Seems easy enough, right? Well, unfortunately, the Fritz!Box GUI does not allow me to specify a secondary DNS to be distributed via DHCP (the GUI simply only has one field for one internal DNS server, whatever the reason for that might be). Elsewhere it does have fields for two external DNS servers to be used by the Fritz!Box itself if it acts as the DNS server itself but that's not useful or relevant in my scenario (those are set to OpenDNS servers).

So, seeing as it's not possible to set a secondary DNS in the GUI, I have looked into the configuration file (which you can access by downloading a backup of the Fritz!Box and opening it in a text editor). The relevant section for the LAN DNS server is:

dhcpserver {
        saveinterval = 1h;
        generic {
                default_lease_time = 10d;
                max_lease_time = 13d;
        }
        lan_dns4_server = 192.168.178.5;
}

Does anyone know how I can add a secondary DNS server here?

I'm really desperate, and removing the whole DHCP functionality from the Fritz!Box and setting up my own DHCP server to get around the fact that the Fritz!Box can't seem to give out a secondary DNS unfortunately is not an option, as it breaks several functions of the Fritz!Box (such as the built-in VPN and others).

² Setting the DNS that should be given to DHCP clients is done on the web interface at "Home Network > Home Network Overview > Tab 'Network Settings' > Button 'IPv4 Addresses' (German: Heimnetz > Heimnetzübersicht > Netzwerkeinstellungen > Schaltfläche IPv4-Adressen).

Hope you can help.
Thanks.

Best Answer

Can't answer the question as given, but here's an alternative:

Let the Fritzbox hand out its own address for DNS via DHCP, as is the default. Configure the first of the two external DNS servers of the Fritzbox to be your DNS proxy (192.168.178.5), and the second your ISP's DNS server, or Google's, or whatever.

Configure your DNS proxy to use the ISP's DNS server directly.

Result: A DNS client making a DNS lookup will contact the Fritzbox. The Fritzbox will relay the lookup to your DNS proxy server. If the proxy server is down, the Fritzbox will use the ISP's DNS server.

Which should give the result you want. If the Fritzbox ever goes down, you'll have no internet, anyway, so that shouldn't be an issue.

All this assumes the Fritzbox uses the DNS server in the order given, and doesn't override them by your ISP's servers, which it may or may not do, so that needs testing.

Related Solutions

Dynamic DNS for both IPv4 and IPv6 (using freedns.afraid.org or others)

Answering my own question as I have now found a solution.

I am now using the service nsupdate.info, which supports what I want: Both IPv4 and IPv6 are reached using the same name, for which both A and AAAA records are provided.

They had specific instructions for the Fritz!Box, which were shown when I was setting up my account. I repeat here what I have in my Fritz!Box settings now:

Dynamic DNS provider: User-defined

Update URL: https://ipv4.nsupdate.info/nic/update https://ipv6.nsupdate.info/nic/update

Domain name: mydomainname.nsupdate.info

User name: mydomainname.nsupdate.info

Password: [as provided by nsupdate.info]

I have been using this service for just over half a year now, and it works flawlessly so far (but I am not logging into my Fritz!Box daily, so your mileage may vary). Apologies for not replying earlier, but I completely forgot about this question, and just received a reminder e-mail as someone else wrote a comment.

Hope this helps others!

Fritz!Box 7490: How to upload modified configuration file

Here is a script which seems to correctly compute the checksum, which turns out to be a CRC32 checksum. In the end, I didn not succeed to clear the DHCP cache of the Fritz!Box via dump/modify/restore of the configuration. Sigh.

#!/usr/bin/perl

# Read Fritz!Box configuration dump file and compute its checksum using CRC32.
# The problem is only knowing what to checksum exactly, and in this case its not pretty.
# Inspired from the very compact Visual Basic script by Michael Engelke available at
# http://www.mengelke.de/Projekte/FritzBoxVBScript 

# The Fritz!Box accepts a modified file where the checksum has been changed 
# manually to the output of this program in the last line. I have no idea what 
# happens if there is a syntax error anywhere inside the config file, so beware.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.

use strict;
use warnings;

# ---
# Compute CRC start values
# ---

sub build_crc_table() {
   my @crctbl = (); # Accepts 256 values

   for (my $a = 0; $a < 256; $a++) {
      my $c = $a;
      for (my $b = 0; $b < 8; $b++) {
         my $d = $c & 0x01;
         $c = ($c >> 1) & 0x7FFFFFFF;
         if ($d) { 
            $c = $c ^ 0xEDB88320;
         }
      }
      push @crctbl, $c
   }

   my $print = 0;

   if ($print) {
      my $i = 0;
      foreach my $x (@crctbl) {
         print sprintf("CRC table value $i: %08x\n", $x);
         $i++
      }
   }

   return @crctbl
}

# ---
# Transform a string into a vector of its ASCII code points
# ---

sub numerize {
   my ($str) = @_;
   my @res = ();
   foreach my $ch (split('',$str)) {
      push @res, ord($ch)
   }
   return @res;
}

# ---
# Transform a hexstring into a vector of its 8-bit values
# ---

sub hexnumerize {
   my ($str) = @_;
   my @res = ();
   my $tmp;
   my $i = 0;
   foreach my $ch (split('',$str)) {
      if ($i == 0) { $tmp = $ch; $i++; }
      else         { $tmp.= $ch; $i=0; push @res,hex($tmp) } 
   }
   if ($i != 0) {
      die "Irregular hex string: $str\n";
   }
   return @res;
}

# ---
# Compute CRC-32 checksum
# See https://en.wikipedia.org/wiki/Cyclic_redundancy_check
# This must yield 414fa339:
# print sprintf("%08Xi\n", compute_crc32(numerize("The quick brown fox jumps over the lazy dog")));
# ---

sub compute_crc32 {
   my(@data)  = @_;
   my @crctbl = build_crc_table(); # not very efficient on multiple calls
   my $crc = 0xFFFFFFFF;
   my $i = 0;
   foreach my $x (@data) {
      my $index = ($crc ^ $x) & 0xFF;
      $crc = $crctbl[$index] ^ ($crc >> 8); # ">>" is zero-filling in Perl
      $crc = $crc & 0xFFFFFFFF;             # format to 32 bit
      #if ($i > 98700 && $i < 99000) {
      #   print sprintf("$i %c : $x => %08X\n",$x,$crc); 
      #}
      $i++
   }
   return $crc ^ 0xFFFFFFFF
}

# ---
# The name of the configuration file may have been given on the command line. 
# If so slurp the file.
# If nothing has been given, slurp STDIN.
# After that, the input can be found in "@lines" (line terminators are still in there)
# ---

my @lines;

if ($ARGV[0]) {
   open(my $fh,'<',$ARGV[0]) or die "Could not open file '$ARGV[0]': $!";
   @lines = <$fh>;
   close($fh)
}
else {
   @lines = <>;
}

# ---
# Stateful analysis.
# If there are lines after "END OF EXPORT" we will disregard them
# ---

my $firmware;       # will capture firmware version
my $fritzbox;       # will capture name string in header
my @data = ();      # will capture 8-bit values to be CRC-checksummed later
my $cursum;         # will capture the current CRC checksum in the text

# "state" indicates where we are in the file

my $state = 'NOTSTARTED';

# we consider the lines as a stack and push/pop to the stack

@lines = reverse @lines;

while (@lines && $state ne 'END') {

   my $line = pop @lines;

   if ($state eq 'NOTSTARTED') {
      if ($line =~ /^\*{4} (.*?) CONFIGURATION EXPORT/) {
         $fritzbox = $1;
         $state    = 'HEADER'
      }
      else {
         chomp $line;
         die "Expected 'CONFIGURATION EXPORT' in NOTSTARTED state, got '$line'"
      }
      next
   }

   if ($state eq 'HEADER') {
      chomp $line;
      if ($line =~ /(\w+)=([\w\$\.]+)$/) {
         my $key = $1;
         my $val = $2;
         if ($key eq 'FirmwareVersion') { $firmware = $val }
         push @data,numerize($key);
         push @data,numerize($val);
         push @data,0;
      }
      elsif ($line =~ /^\*{4}/) {
         $state = 'NEXTSECTION';
         push @lines,$line
      }
      else {
         die "Unexpected line in HEADER state: '$line'"
      }
      next
   }

   if ($state eq 'NEXTSECTION') {
      chomp $line;
      if ($line =~ /^\*{4} (?:CRYPTED)?(CFG|BIN)FILE:(\S+)/) {
         $state = "INSIDESECTION_$1";
         my $secname = $2;
         print "Section $line\n";
         push @data,numerize($secname);
         push @data,0
      }   
      elsif ($line =~ /^\*{4} END OF EXPORT (\w{8}) \*{4}/) {
         $state  = 'END';
         $cursum = $1
      }
      else {
          die "Unexpected line in NEXTSECTION state: '$line'"
      }
      next
   }

   if ($state eq 'INSIDESECTION_BIN') {
      chomp $line;
      if ($line =~ /^\*{4} END OF FILE \*{4}/) {
         $state = 'NEXTSECTION'
      } 
      else {
         push @data,hexnumerize($line)
      } 
      next
   }

   if ($state eq 'INSIDESECTION_CFG') {
      if ($line =~ /^\*{4} END OF FILE \*{4}/) {
         # Something unbelievably dirty: All section-internal linefeeds (and carriage returns)
         # are kept as is for checksumming, except for the last one before the "END OF FILE"
         if ($data[-1] == ord("\n")) {
            pop @data;
            if ($data[-1] == ord("\r")) {
               pop @data;
            }
         }
         $state = 'NEXTSECTION'
      }
      else {
         # More dirty stuff: Double backspaces are replaced by single ones for some reason.
         $line =~ s/\\\\/\\/g;
         push @data,numerize($line)
      }
      next
   } 

   die "Unexpected state $state"

}

if ($state ne 'END') {
   die 'Did not find proper end of configuration'
}
if (@lines) {
   my $n = @lines;
   print "There are still $n lines left that will be disregarded"
}

my $crc = compute_crc32(@data);
my $newsum = sprintf("%08X", $crc);

print "$fritzbox with firmware $firmware\n";

if ($newsum eq $cursum) {
   print "Checksum is OK: $cursum\n"
}
else {
   print "Found new checksum: $newsum\n";
   print "Checksum embedded in file is $cursum\n"
}

Best Answer

Related Solutions

Dynamic DNS for both IPv4 and IPv6 (using freedns.afraid.org or others)

Fritz!Box 7490: How to upload modified configuration file

Related Question