Changing DNS on LAN vs WAN interfaces

I wanted to set up OpenWRT so my IOT VLAN devices connect to a VPN (and use the VPN's DNS) and my 2 other VLANS connect to a local Pi Hole DNS server.

I was configuring this on the LAN interface side but couldn't get a network connection on my non IOT VLANSs. I tried i) changing the DHCP-Options (which I believe is a UI feature for editing dnsmasq entries) on the LAN interface; ii) Adding a DNS server entry on my VLAN interfaces without luck.

Now I started again with a clean install and simply changed my WAN and WAN6 interface settings under the Advanced tab: unchecked "Use DNS servers advertised by peer" and set the local IP of my PiHole server in the "Use Custom DNS Servers" field.

I was very happy to find that this works. And want to understand what are the pros/cons or considerations of changing DNS Servers on LAN interfaces vs changing them on WAN interfaces?

I now believe that when I restore my previous VLAN set up, even my IOT VLAN devices will use my local PiHole DNS rather than the VPN's DNS but this is a reasonable compromise for me provided that the IOT VLAN devices will not be revealing my true IP when connected via VPN (albeit without the VPN servers DNS).

1 Like

It is best to specify DNS servers on the interface through which these IPs are routed.
If you have multi-WAN, it will still work even when the first WAN is down, otherwise requires to duplicate local DNS on each WAN, or use the loopback interface as a workaround.

3 Likes

Apologies I am still learning - can you please build on what this means?

It is best to specify DNS servers on the interface through which these IPs are routed.

My understanding is that because I am specifying my DNS server as a local IP (192.168.x.x), I should specify this on the LAN interface, not WAN. On the other hand if I was referencing a DNS like 8.8.8.8, I should set this on the WAN interface. Is that what you mean?

By Multi-Wan do you mean ipv4 and ipv6?

Correct.

Multiple ISPs with the same version of IP protocol.
To be fair, this also applies to dual-stack setups as it helps improve redundancy and fault tolerance, provided that OpenWrt uses a separate upstream interface for each IP stack.

2 Likes

Ah thank you. I am pretty confident in not having Multi-WAN then. I only have one ISP.

So let me try to set this up on my LAN interface then.

Should I set the DNS server:
a) In DHCP Server > Advanced Settings > DHCP-Options = 6,192.168.x.x


or
b) Advanced Settings> Use custom DNS servers = 192.168.x.x

1 Like

This tells your clients to use the local DNS directly.
Although it has certain benefits, some clients may ignore the offer.
In addition, dual-stack clients generally require to configure both IP stacks.

This configures the specified resolvers as upstream forwarders for dnsmasq, which is used by both OpenWrt and its LAN clients by default, unless the clients resort to own static DNS or DoH/DoT.

1 Like

Thank you, I really appreciate your guidance here and was able to confirm the same with some experimentation.

Using option a) my DNS is configured to both my ISP's preferred server and the upstream servers of my Pihole.

Using option b) only my upstream PiHole servers are visible :ok_hand:

Very grateful for your kindness and help today :grin:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.