This is a project to build a SmartDNS plus DNS cache to provide very fast response ping rates, whilst unblocking all those nice helpful streaming and torrent sites that some like to use, like Kodi users huh?

Unrestricted Web Access

This can provide any device connected to the network with unrestricted web access, without any slowdown associated with VPN use. It will also stop your ISP logging your metadata from DNS lookups (soon to be logged for a year in UK under upcoming changes to legislation)

In addition where you have ISP’s like Sky who refuse to give you your own login details and lockout changes to the router DNS options – this solution allows you to to set the supplied router into “modem only” mode and piggy back the Pi/Pi2 from it to look after the DHCP and DNS services.

Preparation and Kit

  • Pi B (2nd hand) OR Pi2 B (new most likely!)
  • Sandisk 8GB SD Card
  • DDNS account (optional)
  • Smart DNS account (optional – I used Unblockr http://bit.ly/unblockr-trial
You’ll need a Pi B (or Pi2), SD card, power cable, Monitor or TV, Keyboard ( I used a sumvision wireless one (1/2 size), off ebay, which I use on all my Pi stuff). I did this from my Ubuntu laptop, but no reason that you couldn’t start this from a Windows as once the image is burned to the SD card, we’ll work on the Pi directly.

You’ll need a good space to work and your favourite brew to hand. Open a new txt document “Worklog” on your desktop – this will hold a few things for us whilst we set this up. It should help you keep track of where you’re up to if you take a break. It will have the access codes and passwords for your account so ensure you delete it when we’re done!

Running order

  • Flash Raspbian
  • Set Up Pi (password, SSH, overclock etc)
  • Set Fixed IP
  • Update Raspbian (always a good idea before starting work)
  • Install dnsmasq
  • Configure dnsmasq

Optional Extras Smartdns (using Unblockr) requires your IP to update so we need to handle DDNS option so I’ll use Inadyn – to handle DDNS updates automatically.

Before we Start..

Just before we embark on this, I tested my dns lookup speed on my Ubuntu lappie using some code from Sam Hobbs (look him up!) You can cut n paste this into a CLI;

for i in {1..30}; do dig www.bbc.co.uk | grep time; sleep 1; done | awk /time/'{sum+=$4} END { print “Average query = “,sum/NR,”ms”}’

This was giving me around 50ms responses across a couple of sites. Test yours – we’ll be testing how much faster this is later.

Just one other point, I’ve found Fing tools (android app) great for checking my network, devices, services etc and also Juice (another android app!) that allows SSH to Pi.

First flash Raspbian to your sd card

identify your sd card via gparted – in this case its /dev/mmcblk0

sudo gparted

BEFORE you do this DOUBLE check you have the right destination device or you’ll screw your hdd or whatever it is you accidentally target!! In this case the target is “mmcblk0” (our SD card)

dd bs=4M if=~/Downloads/2015-05-05-raspbian-wheezy.img of=/dev/mmcblk0

this will be finished in about 5m; note there is no progress indicator with this…patience, enjoy your brew, you did make one didn’t you?

You’ll see a report like this;

781+1 records in 781+1 records out 3276800000 bytes (3.3 GB) copied, 447.052 s, 7.3 MB//s

Initialising

You’ll need a monitor or TV for this bit and your keyboard plugged in as well to make the changes.

boot up pi and follow the setup but remember;

  • change pw – note in worklog file
  • enable overclock medium – you can go more, but its not needed
  • enable ssh – we will use this as admin connection once the initial install is completed.

boot up and login

Now, I like to use fixed IP’s many folks just allow the router DHCP to do that. Lets run through setting a fixed IP now. (we need the Pi to be fixed for the DNS anyway)

Fixed IP Ethernet

Lets edit the interface file;

  • sudo nano /etc/network/interfaces

Identify the eth0 and edit thus;

# auto eth0  (Used ‘#’ to comment out auto configure) allow-hotplug eth0 iface eth0 inet static address 192.168.1.252  (is the ip for this box I used 252) netmask 255.255.255.0 (netmask is usually this value) gateway 192.168.1.254  (This is the IP of your router) dns-nameservers 192.168.1.252 (The Pi will be the dns server)

The other options can be left or omitted if you like things nice and tidy.

  • Ctrl O to output
  • Press ‘return’ to write the file
  • Ctrl X to exit

SSH Server

So before we forget, lets set the ssh server to start on boot;

  • sudo update-rc.d ssh defaults

You should now get; update-rc.d: using dependency based boot sequencing

and/or (if its already done) update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match ssh Default-Stop values

and/or The disable|enable API is not stable and might change in the future

I have no idea how that affects things to be perfectly frank, but this works and is tested, so lets move on. (any feedback much appreciated)

Now we might want to change the SSH port, if you’re planning to access remotely its as well to change from the default port to avoid casual scanning and brute force attacks (which I read anecdotally is quite common). If you’re leaving it as port 22 you can skip over this;

On the PI

  • sudo nano /etc/ssh/sshd_config

Find the “port 22” listing and change as required.

Dont forget to change on any clients etc! (sudo nano /etc/ssh_config -if your on linux)

  • Sudo reboot

You can now hook this into your network router and we can SSH into it – or you can continue on your tv etc.

Setting Up DNSMASQ

So now we have a blank raspbian setup we can shell into your pi and start building, I prefer to work remotely and headless as I can work on my laptop, which I find easier.

Note: if you changed the port earlier you need to edit your client to match or tag the CLI with the port number after the colon m(1222 is what i changed to, but you may still have it as 22 which means you can leave it blank)

  • ssh pi@192.168.1.254:1222
  • pw xxxxx (what ever you set)

Ensure the Pi is connected to internet and type

  • sudo apt-get update

Lots of stuff will be scrolling by, just let it do its job.

Now lets install dnsmasq;

  • sudo apt-get install dnsmasq

Run through the install as required; then we need to edit the config file;

sudo nano /etc/dnsmasq.d/dnsmasq.custom.conf

(the list below is a copy of the .conf file )

# Set up your local domain here domain=pib1.local resolv-file=/etc/resolv.dnsmasq min-port=4096

# Unblockr DNS (You need an account to use these) # Free 7 day trial to test http://bit.ly/unblockr-trial

# server=78.129.194.80 # server=37.235.54.46

#Google DNS

server=8.8.8.8 server=8.8.4.4

#Max cache size cache-size=10000  (10000 entries)

#DHCP IP Range & Options #Specify Per Interface Options #Can use different range/dns on each

interface=eth0

# The “24” is the lease time (hrs) dhcp-range=eth0,192.168.1.50,192.168.1.69,24

# our router dhcp-option=3,192.168.1.254

# our DNS Server dhcp-option=6,192.168.1.252

#Wifi Option

interface=wlan0 dhcp-range=wlan0,192.168.1.70,192.168.1.89,24 dhcp-option=3,192.168.1.254 dhcp-option=6,192.168.1.252

dhcp-authoritative # force clients to grab a new IP

  • Ctrl O to output
  • Return/Enter to write the file
  • Ctrl X to exit

NOTE: The dhcp-range above can be tailored to suit your own preference or network layouts; each interface can have its own options set. I have included the wlan0 in this only to demonstrate, as I haven’t deployed this myself at the time of writing.

Lets set dnsmasq to run on boot;

  • sudo update-rc.d dnsmasq enable

Ok, well your now need to login to your router and disable DHCP there, alongwith the DNS options if they are listed. This is VITAL!

You”ll need to access your router via a web browser and type in the ip address common ones can be found here;

If you’re having trouble, use the Fing app I mentioned earlier; this will allow you to identify all the attached devices etc.

Then you need to reboot your network devices to pickup the new DHCP and DNS cache server on the Pi. If you’ve manually created ip addresses on any devices you need to edit the dns element to be 192.168.1.252 (or whatever you used in the build, i used 252 remember?).

If you are not using Unblockr or another paid smartdns service, that’s it! Vastly superior dns lookup speeds and greater control over you dhcp. We can also start to do some interesting things for all attached devices, especially when some devices like Amazon Fire TV and Fire Stick cannot support vpns, we can create a vpn they can use!

Smart DNS Setup

Now if youre using a smartdns service or want remote access then we need to setup ddns;

Register for a Free domain at http://freedns.afraid.org/signup/

You might want to make a donation if you decide use the service permanently.

You’ll need to make a note of your username and password in the Worklog doc, too.

Goto Subdomains,

Login to freedns if you havent still got it open, goto Dynamic Dns, right click Direct Url – open in new tab, and you’ll see something like this;

http://freedns.afraid.org/dynamic/update.php?Zm8yRVhsT1E0cVVoMFhGRjB1cG9hZElaOjE0NTg3NTg3

I had to make this appear on one line to avoid confusion, so apologies for the small font, however, you should now notice the large key that follows update.php? – you need to cut and paste this to the Worklog.doc document we created earlier

sudo apt-get install inadyn

sudo nano /etc/inadyn.conf

and enter the following with your added details for username and password;

update_period 3600 forced_update_period 14400 alias ‘alias and alphanumeric key’ username ‘username password ‘password background dyndns_system default@freedns.afraid.org syslog

  • Ctrl O to output
  • Return to write the file
  • Ctrl X to exit

We need to make Inadyn start on boot, however this time we have to use a different method; crontab

Now, I have little or no clue how this all works, except that it needs to be done; thanks to the Ubuntu support website for this;

export EDITOR=gedit && sudo crontab -e

add the following to the file @reboot /usr/sbin/inadyn

  • Ctrl O
  • Return to save the file
  • Ctrl X to quit

on reboot, you can use

ps -A | grep inadyn

and something like this will come up to confirm its running;

2203 ? 00:00:51 inadyn

This will now update your ddns entry on afraid.dns.org and thus we can enter the url into your unblockr account, or the dns service of your choice.

Do a few router reboots to check. I have found this 99% stable in use, every month or so, I found the Pi had crashed, possibly due to fluctuations in power, I honestly dont know. I have added a better quality 5 port 8a pwr supply to my home Pi cluster and this seems to have

Additional Reading

dnsmasq

This is the authors site and being a 1 man operation he needs our support, if you install and use this to improve your network and kodi access etc, please think about making a donation, however small.

http://www.thekelleys.org.uk/dnsmasq/doc.htm http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

This article set me off (it has a lot of typos that need correcting)

http://makezine.com/projects/browse-anonymously-with-a-diy-raspberry-pi-vpntor-router

http://blogging.dragon.org.uk/howto-setup-dnsmasq-as-dns-dhcp/ https://help.ubuntu.com/community/Dnsmasq

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Inadyn

https://help.ubuntu.com/community/DynamicDNS#inadyn http://www.techjawab.com/2013/06/setup-dynamic-dns-dyndns-for-free-on.html