Cannot access openwrt.org / tencent.com urls

I cannot install any package now while ssh-ing to my NanoPI openwrt router.

nslookup downloads.openwrt.org (OR mirrors.cloud.tencent.com)
nslookup: write to '127.0.0.1': Connection refused
nslookup: write to '::1': Connection refused
;; connection timed out; no servers could be reached

I don't know why. I am still learning how to use openwrt, so my NanoPI4S is still connected to a lan port of my main router from my internet provider (that doesn't support bridging).

The latest time I installed something on my openwrt router was that one time I added adguard.

opkg update
opkg install adguardhome
service adguardhome enable
service adguardhome start
# Get the first IPv4 and IPv6 Address of router and store them in following variables for use during the script.
NET_ADDR=$(/sbin/ip -o -4 addr list br-lan | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
NET_ADDR6=$(/sbin/ip -o -6 addr list br-lan scope global | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')

echo "Router IPv4 : ""${NET_ADDR}"
echo "Router IPv6 : ""${NET_ADDR6}"

# 1. Enable dnsmasq to do PTR requests.
# 2. Reduce dnsmasq cache size as it will only provide PTR/rDNS info.
# 3. Disable rebind protection. Filtered DNS service responses from blocked domains are 0.0.0.0 which causes dnsmasq to fill the system log with possible DNS-rebind attack detected messages.
# 4. Move dnsmasq to port 54.
# 5. Set Ipv4 DNS advertised by option 6 DHCP
# 6. Set Ipv6 DNS advertised by DHCP
uci set dhcp.@dnsmasq[0].noresolv="0"
uci set dhcp.@dnsmasq[0].cachesize="1000"
uci set dhcp.@dnsmasq[0].rebind_protection='0'
uci set dhcp.@dnsmasq[0].port="54"
uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server="${NET_ADDR}"

#Delete existing config ready to install new options.
uci -q delete dhcp.lan.dhcp_option
uci -q delete dhcp.lan.dns

# DHCP option 6: which DNS (Domain Name Server) to include in the IP configuration for name resolution
uci add_list dhcp.lan.dhcp_option='6,'"${NET_ADDR}"

#DHCP option 3: default router or last resort gateway for this interface
uci add_list dhcp.lan.dhcp_option='3,'"${NET_ADDR}"

#Set IPv6 Announced DNS
for OUTPUT in $(ip -o -6 addr list br-lan scope global | awk '{ split($4, ip_addr, "/"); print ip_addr[1] }'); do        echo "Adding $OUTPUT to IPV6 DNS";      uci add_list dhcp.lan.dns=$OUTPUT; done
uci commit dhcp
/etc/init.d/dnsmasq restart
ls

I can provide my adguard settings upon request.
I hypothesize something is up with the DNS.
However, I see that even while disabling adguard, I still cannot access 'downloads.openwrt.org' or 'mirrors.cloud.tencent.com'. I really don't know why.
Also, if I check these domains from a device connected to the upstream router, everything is okay. That means my upstream PiHole DNS isn't causing the issue.
A quick search on the forum didn't help..

I don't really want to reinstall the firmware (https://drive.google.com/file/d/1ftI0XwnqPfq9qRvxC47_T8BQmd-vN02I/view?usp=sharing / ~ rk3399-sd-friendlywrt-23.05-docker-20231031.img.gz) without understanding the problem.
Can anybody help me in the process?

You need to ask the people who make the friendlywrt fork. It is significantly different than openwrt and thus does not work the same way. Therefore we cannot help you, only the people who maintain that fork can.

2 Likes

Thanks for the reply, I will keep an eye on it and decide whether I gain something in terms of convenience by keeping the friendlywrt fork instead of the main version of openwrt.

I am running an older version of friendlywrt (23.05.0) based on openwrt 23.05.0 and that's somewhat creating the problem whenever I run the command

sed -i -e 's/mirrors.cloud.tencent.com/downloads.openwrt.org/g' /etc/opkg/distfeeds.conf

If this info was enough to explain the issue from your point of view, would you mind re-explaining what you think the issue is for me to metabolize what's going on as a novice? If that's not the case, nevermind.

I am not even fully grasping the advantage of the friendlywrt fork for my hardware, although I do see everything is working out of the box without too much fine-tuning.

Maybe you should try official openwrt.

Because friendly wrt is so very different, it is not supportable here.

2 Likes