Posted by Grommish on Oct 13, 2019; 5:09am
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1904.html

Gnomad wrote

Yeah, I'm still having some network grief, haven't had the time to get far with it since I had to start reading up about dnsmasq from scratch..  My router doesn't still seem to be forwarding DNS queries properly to the Shield either, might be related?  So let me know when you can post your latest build & I'll happily give it a whirl!

Well, if the blacklist files get deleted somehow and the service restarts for dnsmasq, it'll silently die.  This makes the dns on the Shield inop, including to itself.  You can ping IP addresses all day, but no dns.  And, you can't run the updater to get the files, because... no dns :D  

As long as you're running from eth1/2 to your router's WAN port, I don't know why it wouldn't process requests.  The router's dns will be set to the Shield (by the Shield's DHCP response).  It should just daisy-chain up the line.

My personal network, which is a mess at the moment, goes:

Build Laptop -> Dlink router -> Shield -> Dlink router -> Netgear 48-port switch -> Edge Router -> Cable OPE.  And, just for giggles, my first domain's DNS/DHCP is handled by my server rather than the initial Dlink for the stub.  I suspect the issue you're seeing are just dnsmasq not running and not telling anyone it wasn't running.  Check your `ps` from the console and make sure it's there.  If not, grab the files and toss them onto your Shield..  Or..

At the bottom of your /etc/dnsmasq.conf, comment out the following lines and reboot (or service dnsmasq restart)
# Import bad URL and Domains for blocking
addn-hosts=/etc/snort/rules/bad-domains.txt
conf-file=/etc/snort/rules/bad-hostnames.txt

Then you should be able to get dnsmasq running, run the update script manually, and then uncomment them again.