Poor Man’s device discovery (DNS)

Mike Green
Aug 4, 2016 · 7 min read

Dnsmasq

First things first, I wanted to keep DHCP services with the home router. DNS could be off-loaded with ease to Dnsmasq, a very lightweight DNS / DHCP / RA server, due to the option in the router that allowed me to specify which DNS server to advertise with DHCP requests. That is, whenever a device on my home network asks for an IP address via DHCP, it also receives details about which DNS server(s) to use.

# If you don’t want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
server=8.8.8.8
server=8.8.4.4
server=/home/192.168.1.1

ARP-scan

So I needed a way to 1) find all the devices on my home network and 2) assign a host name to known devices regardless of IP address and then 3) pass this information on to Dnsmasq. Lucky me, there’s a rather simple solution to this than might seem. Enter arp-scan, the tool that sends out ARP packets and outputs the responses received.

# mac-vendor.txt — Ethernet vendor file for arp-scan
#
# This file contains Ethernet vendor mappings for arp-scan. These are used
# to determine the vendor for a give Ethernet interface given the MAC address.
#
# Each line of this file contains a MAC-vendor mapping in the form:
#
# <MAC-Prefix><TAB><Vendor>
#
# Where <MAC-Prefix> is the prefix of the MAC address in hex, and <Vendor>
# is the name of the vendor. The prefix can be of any length from two hex
# digits (one octet) to twelve hex digits (six octets, the entire Ethernet
# hardware address).
#
# For example:
#
# 012345 would match 01:23:45:xx:xx:xx, where xx represents any value;
# 0123456 would match 01:23:45:6x:xx:xx; and
# 01234567 would match 01:23:45:67:xx:xx.
#
# …truncated…
#
# The alphabetic hex characters [A-F] must be entered in upper case.
#
# The order of entries in this file are not important.
#
# arp-scan will attempt to match larger prefixes before trying to match
# smaller ones, and will stop at the first match.
#
# Blank lines and lines beginning with “#” are ignored.
#
# Additional information is available on the arp-scan wiki at
# http://www.nta-monitor.com/wiki
B82734FAB128 raspberrypi.home
~# ifconfig eth0 | grep HWaddr
eth0 Link encap:Ethernet HWaddr b8:27:34:fa:b1:28
~# arp-scan -l -m /etc/mac-dns.txt
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.197 b8:27:34:fa:b1:28 raspberrypi.home
…(truncated output)…14 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 2.584 seconds (99.07 hosts/sec). 11 responded

Putting it together

Now that I could quickly gather information about the devices in my home network and the host name they should be using, I needed a way to feed this into Dnsmasq, so that DNS lookups for these devices would work. Once again luck was on my side, as Dnsmasq offers the option for providing additional host files. I edited the /etc/dnsmasq.conf file accordingly to read a file called /etc/hosts.home:

# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
addn-hosts=/etc/hosts.home
arp-scan -l -m /etc/mac-dns.txt | head -n-3 | tail -n+3 | cut -f1,3-
*/15 * * * * arp-scan -l -m /etc/mac-dns.txt | head -n-3 | tail -n+3 | cut -f1,3- > /etc/hosts.home && pkill -SIGHUP dnsmasq
~# dig raspberrypi.home; <<>> DiG 9.9.5–9+deb8u6-Raspbian <<>> raspberrypi.home
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13944
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;raspberrypi.home. IN A
;; ANSWER SECTION:
raspberrypi.home. 0 IN A 192.168.1.197
;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 04 22:25:23 CEST 2016
;; MSG SIZE rcvd: 61

Thoughts

There are more elegant options out there, of course. You have mdns-scan / DNS Service Discovery, but it only supports devices that actually advertise themselves. Similarly, there are also agent-based solutions, particularly enterprise solutions meant for etcd (think Docker) or similar. But for a simple 123 = abc.home solution, this would suffice, particularly as it is very low on resources and essentially requires 10 minutes of work to set it all up.

Myatu’s

Myatu’s Tech Blog, from the site that has been wasting bits…

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store