Can't change DNS server on my openwrt

Installing and Using OpenWrt Network and Wireless Configuration
1

hi, i'm using OpenWrt 18.06.6 installed on HG556a (version B)
the setup is a 4G sim card in a 3G modem plugged in my openwrt
i have the following interfaces

Capture
Capture1058×470 30.3 KB

i enter the following dns servers on the wan and lan interfaces :8.8.8.8 8.8.4.4 1.1.1.1
but when i open https://www.dnsleaktest.com/ i get the isp dns
i tryed also changing it on the 3g interface but when i do it internet seem not working
Capture
also when i change dns manually on my connected device to my router internet seem not working on the router

2

Disable peer DNS and specify custom DNS on the active upstream interfaces.
Make sure to remove the ending dot after 8.8.4.4.

1 Like
3

i did and its not working (the dot is just a mistake while taking screenshot)

4

is it posible to change dns for a 4G/3G network ? cause i dont know if the protocoles used in the conncetion allow that or not

5

Post the output redacting the private parts:

uci show network; head -v -n -0 /etc/resolv.* /tmp/resolv.*

https://openwrt.org/docs/guide-quick-start/sshadministration

1 Like
6

If there is an option under the 3G interface it will be supported.
In my LTE connection with NCM protocol it is supported.
If it is not you can ignore the resolv file and use forwarders.

2 Likes
7 
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.6, r7957-d81a8a3e29
 -----------------------------------------------------
root@OpenWrt:~# uci show network; head -v -n -0 /etc/resolv.* /tmp/resolv.*
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd4b:adbb:942c::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.dns='8.8.8.8 1.1.1.1 8.8.4.4'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 5t'
network.3g=interface
network.3g.proto='3g'
network.3g.device='/dev/ttyUSB1'
network.3g.service='umts'
network.3g.apn='www.inwi.ma'
network.3g.dialnumber='*99#'
network.3g.ipv6='auto'
network.wan=interface
network.wan.type='bridge'
network.wan.proto='dhcp'
network.wan.ifname='eth0 eth0.1'
network.wan.peerdns='0'
network.wan.dns='8.8.8.8 8.8.4.4 1.1.1.1'
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface 3g
nameserver 105.67.10.4
nameserver 105.71.24.5
# Interface lan
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 8.8.4.4

==> /tmp/resolv.conf.ppp <==
nameserver 105.67.10.4
nameserver 105.71.24.5
root@OpenWrt:~#
8

i think its not possible cause i tryed use the dns auto installed by isp internet work well i edit my mobile configuration and change dhcp to static i enter dns 8.8.8.8 8.8.4.4 and internet didnt work so may they use something in the protocole or in firewall rulles that block those dns requests

9

I don't think its the DNS itself that's blocked -- you could know by specifying static IP/DNS then from terminal:

ping 8.8.8.8

If it works, then IP connectivity is there and DNS is blocked. My theory though is that with a static IP, this will not work. A lot of networks these days have firewall entries that are DHCP aware and static addresses, unless specifically allowed by admins on a per-device level (say for servers) are not allowed to communicate with anyone.

This means you'd need to find a way to get DHCP IP settings but override/specify the DNS.

1 Like
10

Have you tried setting the DNS options on the 3G interface itself?

You may also need to force the DNS traffic to route through your router as lot of devices are pre-programmed to use their own DNS.

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/forced_dns_redirection

1 Like
11

when i change dns on the 3G interface ping to 8.8.8.8 still work but requesting any domain will not work goole.com not working but when i typed google's ip 172.217.168.163 it work
so that mean that there is a problem while sending /receving dns requests

12

i followed the instructions in the link https://openwrt.org/docs/guide-user/firewall/fw3_configurations/forced_dns_redirection but it did nothing

13

this is my system.log

Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain localhost
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain local
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain invalid
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain bind
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain lan
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.8.8#53
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.8.8#53
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using nameserver 1.1.1.1#53
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.4.4#53
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: reading /tmp/resolv.conf.auto
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain test
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain onion
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain localhost
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain local
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain invalid
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain bind
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain lan
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 105.67.10.4#53 (isp dns)
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 105.71.24.5#53 (isp dns 2)
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.8.8#53
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 1.1.1.1#53
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.4.4#53

even that i got the isp dns on dnsleaktest

14

Its looking more and more like they (the ISP) do have UDP port 53 blocked.

You have a couple things left to do....

  1. Check to see if you have nslookup on your OpenWRT device with

which nslookup

If this returns /usr/bin/nslookup for example, then try to do a request w/ nslookup with the server specified:

nslookup yahoo.com 8.8.8.8

NOTE this bypasses all system DNS settings and looks up yahoo.com using 8.8.8.8

  • If this works, then the ISP doesn't have DNS blocked.
  • If this doesn't work, then UDP port 53 is blocked.

All that said, what I'd do is see if your 3G/4G supports IPv6 and if so, I'd try Google's IPv6 DNS servers to see if your ISP forgot to block it in ip6tables:

  • 2001:4860:4860::8888
  • 2001:4860:4860::8844

Good luck!

1 Like
15

Something else I am noticing...

In your image given below:

Capture

You fail to show which interface you set this on... In your posting giving the output of:

uci show network; head -v -n -0 /etc/resolv.* /tmp/resolv.*

We see:

In addition, your networks TAB screenshot shows on your WAN interface:

RX: 0 B (0 Pkts.)
TX: 6.81 MB (19927 Pkts.)

Did you apply the ignore peer DNS + custom DNS servers on your unused WAN interface as opposed to your 3G interface? If so, I think that may be your problem?

Let me know.

16

unfortunately it seem to be port 53 blocked

root@OpenWrt:~# nslookup yahoo.com 8.8.8.8
;; connection timed out; no servers could be reached

thanks for the help

17

Yeah, that's pretty definitive... looks like UDP port 53 is blocked by your ISP.

The only ways I can think of that we've gotten this wrong would be:

1.) There's some firewall entry messing with outbound port 53 (maybe some setting from the https://openwrt.org/docs/guide-user/firewall/fw3_configurations/forced_dns_redirection tutorial) but your internet clearly works, so this is highly unlikely.

or

2.) You somehow didn't have IP connectivity when you ran nslookup yahoo.com 8.8.8.8, but I'd assume you ran ping 8.8.8.8 first to eliminate this possibility.

So, sorry we couldn't get it going, looks like you may be forced to use your ISPs DNS :\

1 Like
18

i did that in both wan and lan (it does not affect dns i run dnsleaktest and got isp dns) but when i did it on 3G the internet stop working

i run the command while 3G dns not changed ( internet working)

19

Understood, thanks for the clarification.

1 Like
20

thanks for the time you spend trying help me :+1: