FTLDNS™: Pi-hole's Own DNS/DHCP server


#1

Originally published at: https://pi-hole.net/2018/02/22/coming-soon-ftldns-pi-holes-own-dns-dhcp-server/

What Is FTLDNS™?

In a sentence, FTLDNS™ is dnsmasq blended with Pi-hole's special sauce. We bring the two pieces of software closer together while maintaining maximum compatibility with any updates Simon adds to dnsmasq.

The Problems

We have used dnsmasq as our DNS/DHCP server since Pi-hole began. However, as the project has grown and evolved, we reached a point where we started looking into providing our own powerful resolver for a few reasons:
  • With FTL, we generate a variety of statistics by interpreting dnsmasq's log file. While this works, doing it through a middleman (a log file) is obviously quite inefficient
  • If a user chooses to disable logging, we're unable to compute any statistics at all
  • There are some details of the DNS server we do not have access to (like cache usage) through the log file alone
  • Each OS distribution provides a different version of dnsmasq and this can prevent users for getting a flawless Pi-hole experience

The Solution

All these problems lead us to the idea of actually integrating a DNS resolver directly into FTL. The obvious choice for this is, of course, to base it on dnsmasq. We have a proof-of-concept implementation of FTL already developed and running. So we're officially announcing FTLDNS™ and you can find it right here.

One of the many ways to support us is purchasing from our Swag Store. Get your hands on this sweet mug to help spread the word.

The Non-technical Details

FTLDNS has many benefits for you as user:

  • No more dnsmasq version compatibility issues since we develop and provide the DNS resolver and FTL together
  • Upstream updates to dnsmasq can easily be integrated into our code since we don't modify its code heavily
  • Processing will be much faster since we interact directly with the resolver instead of periodically parsing a log file
  • We can provide stats on cache usage and probably much more, which has been previously unavailable
  • Due to the direct integration into the resolver (using "FTL hooks"), we can compute statistics without any need for a log file. Instead of a "must have", the log file will become an "opt-in" feature!

The Technical Details

We implement dnsmasq into our code using the modular nature of the C language. FTL v4.0 has always been multi-threaded for speed and efficiency. On startup, it launches a number of threads, each dedicated for specific tasks. We extend the already existing multi-threading in FTL to provide an even faster experience. After the historic information has been imported from the database, we start the DNS/DHCP resolver.
The daemon itself will behave exactly as dnsmasq with the addition of having threads orbiting it that provide the known FTL statistics on a dedicated Unix socket as well as on a Telnet-like interface. Furthermore, we add some minor speed improvements to enhance the user's experience on low-performance devices when using huge blocking lists.
We keep our changes inside the code base of dnsmasq to the functional minimum to be able to easily upgrade to any future dnsmasq releases.
Note: this also means that we are not looking into making big changes to the resolver (like implementing regular expressions support). Although this seems advantageous at first sight, it will make upgrading dnsmasq later on almost impossible as these customizations would have to be reimplemented and carefully tested each time. Also, changing parts of the resolver's source code could introduce new bugs to a code base that is extensively tested. We clearly want to avoid that! Stability and speed are the two drivers for the development of FTLDNS.
FTLDNS ( FTL v4.0 ), with its integrated resolver is beneficial in many ways
  • We can never be sure which version we can expect on user's systems as they run a variety of operating systems. This makes adding new features problematic as old versions of dnsmasq could, and have , fail(ed) if provided with unknown options. This will be resolved as we are in direct control of which version of the resolver is getting compiled into our binary. It makes both development and bug-tracing much easier
  • We will still leave logging enabled in the early days of FTL v4.0 to ease debugging in cases where it is needed. However, the user will be free to disable the logging at any time without losing any statistics
  • Due to that fact that everything is one binary, we have full access to the resolver's internal data structure and can easily provide users with more information, e.g. on cache usage (which has been a feature request for some time now). Although this additional functionality might not be there in the initial release, it will come soon afterwards

#2

Will the FTLDNS v4.0 support openvpn interface like dnsmasq do??

EDIT: Did you have a timeplan for when FTLDNS 4.0 will be ready?

EDIT2: When its ready, can i update from current version or will i have to reinstall the server


#3

Estimated release date?


#4

As with all requests for ETAs:

soon™


#5

I thought that was a Google trade mark


#6

https://wow.gamepedia.com/Soon


#7

Yes, FTLDNS will support everything you know from dnsmasq.

We’re not yet able to say this. There is nothing at the moment that seems to point at having to reinstall.


#8

5 posts were split to a new topic: Ftdns - conntrack?


#9

Edit: Added as a wildcard blacklist solved the problem


#10

hi, I have just updated to FTLDNS but my ads are back. There were no errors when updating and I am on Raspbian Jessie. My bottom footer says Pi-hole Version vDev (FTLDNS, v3.3-65-g295ac49) Web Interface Version vDev (FTLDNS, v3.1-411-g517fa24) FTL Version vDev (FTLDNS, vDev-a26da52)

Not sure what isn’t working. Help please!
Pihole and DNS are both enabled.


#11

A post was split to a new topic: Error when starting FTLDNS


#12

What settings does it for the upstream nameserver?


#13

You have a choice of eight pre-configured, or you can specify your own. The screen shot shows the options - this particular Pi-Hole is configured to use unbound as it’s local recursive resolver.

image


#14

Ok, so it will follow the “server=” “/etc/dnsmasq.d” settings.
It was confusing for me if the unbound server also did the DNS forwarding.


#15

If you configure unbound per the instructions at FTLDNS and Unbound Combined For Your Own All-Around DNS Solution, unbound will be your local recursive resolver. It will go to the appropriate authoritative servers to find the IP for the domain (replacing a third party DNS service).

Pi-Hole then uses unbound as it’s resolver.

The path: Client requests DNS — Pi-Hole processes request from cache/blacklist or asking unbound — unbound finds the address and sends it back to Pi-Hole — Pi-Hole returns it to the client.

If you don’t use unbound for this and use Google as your upstream DNS server (for example), in the path above substitute Google DNS for unbound.


#16

So if i have trust in my local DNS server. i don’t need unbound, or set “127.0.0.1#5353” as custom DNS server?


#17

If you have trust in your local DNS server, just put its IP address in Custom 1 (and Custom 3 if there is an IPV6 address as well).

The 127.0.0.1#5353 address is for when you have unbound configured on that port. It listens on port 5353 at the Pi’s loopback address 127.0.0.1 (explanation of that address here: http://www.tech-faq.com/127-0-0-1.html).