Clients without custom DNS queries listed as coming from router (and not the clients)

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi, I'm using a RaspberryPI with Pi-Hole as DNS resolver (IP 192.168.1.4) and my OpenWrt router (nanoPi R4S IP 192.168.1.2) as DHCP server, but since some days I see in the Pi-Hole interface all the queries from my LAN clients, like that are coming from the R4S, maybe I've changed something but I don't think...

I'm also using a R7800 as access point with OpenWrt but it hasn't any DNS configured on the LAN interface.

This setup was working fine untill... I don't know. Not a big issue but I prefer to see the queries from the correct clients if possible!

For example I have 3 Echo devices, and other IoT devices (plugs, thermostat) you can't change the DNS on those, and I see the queries to amazon domains from the Echos, as queries from the nanoPi R4S. Obviously on other devices (where I can change the DNS) the names are correct.

I don't know, maybe ther's an option in the DHCP setting of the R4S to disable the marking of DHCP packets?

Thanks for the help!

Screen Shot 2022-10-02 at 14.27.20
Screen Shot 2022-10-02 at 14.27.201638×1348 229 KB

Config

root@R4S:~# cat /etc/config/dhcp 

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option ednspacket_max '1232'
	option authoritative '1'
	option localservice '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

root@R4S:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd4b:d0d9:85a6::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.2'
	list dns '192.168.1.4'

config interface 'wan'
	option device 'eth0'
	option proto 'pppoe'
	option username 'aliceadsl'
	option password 'aliceadsl'
	option ipv6 'auto'
	option peerdns '0'
2

On your DHCP server is (the OpenWrt as I understand) - you'll have to use DHCP Option 6 (search the forum) to assign 192.168.1.4 as the clients' DNS server for the network.

Since you don't a show you're config, it's difficult to speculate. Hope this helps.

1 Like
3

Hi! Thanks for the reply, yes I'm using it, in format 6,192.168.1.4, sorry I forgot the DHCP setting in the first post:

root@R4S:~# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.@dnsmasq[0].localservice='0'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv4='server'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_flags='managed-config' 'other-config'
dhcp.lan.dhcp_option='6,192.168.1.4'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.@host[0]=host
...lots of clients
root@R4S:~# 


root@R4S:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd4b:d0d9:85a6::/48'
network.@device[0]=device
network.@device[0].name='br-LAN'
network.@device[0].type='bridge'
network.@device[0].ports='eth1'
network.LAN=interface
network.lan.device='br-LAN'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ipaddr='192.168.1.2'
network.lan.dns='192.168.1.4'
network.WAN=interface
network.wan.device='eth0'
network.wan.proto='pppoe'
network.wan.username='aliceadsl'
network.wan.password='aliceadsl'
network.wan.ipv6='auto'
network.WAN.peerdns=

'0'

4

We haven't seen the firewall setting, but I believe you have configured DNS hijacking.

Thus, all DNS requests to external servers are intercepted by the R4S, forwarded to the Pi-Hole (on behalf of the router), and then the responses are returned to the initiator(s).

This will not change even if you create a port forwarding rule (which forwards all intercepted DNS queries directly to the Pi-Hole) because the requests will be SNATed to the router's lan IP address in order to avoid the NAT loopback "triangle routing problem".

Possible explanations are that you have recently configured DNS hijacking and the previous DNS queries made by these devices have been hidden from you, or after some software update the devices no longer respect DHCP Option 6 and use only their hardcoded DNS servers.

2 Likes
5

Thanks for the reply!

Now I found the issue and the solution: something changed when I switched from snapshot to stable build, I don't know what (because I changed lots of settings), I had to restart dnsmasq, the LAN interface, and most important: the Echo devices!

And now the names of the clients are correctly displayed in my Pi-Hole

Screen Shot 2022-10-05 at 07.44.52
Screen Shot 2022-10-05 at 07.44.522018×1042 140 KB

Because if I restart only the dnsmasq service, some echo devices were still reported as my router, after a reboot they appear correctly reported as a separate clients.

Another weird thing in switching from snapshot to stable, that I discovered only now after 10/20 days, the Netlink Bandwidth Monitor (nlbwmon) settings went changed alone :roll_eyes: ...and I lost this period of data recording, because it has changed the local subnets addresses to monitor, the ones inside the rectangle are the default/wrong ones:

I also have no idea why, probably some different settings from the opkg package in stable to snapshot

Screen Shot 2022-10-05 at 07.43.32
Screen Shot 2022-10-05 at 07.43.321278×1182 180 KB

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.