Correct DNS config on OpenWrt router

I have a Pi-Hole setup on a local server 192.168.1.xxx ! Combined with recursive unbound. My colplete DNS solution asking the root servers for evrething.

I blocked all DNS requests to WAN (port 53 out ) except the Pi-hole's and unbound's requests from the same server 192.168.1.xxx

The resolution is correct without leaks and tested.

I'd like to know what the router does if I enter the server's ip on WAN DNS config.
WAN DNS server ip: 192.168.1.xxx which is an internal - local server. Does the wan interface query the inside network and then the pi-hole+unbound does the rest or does it search the whole internet (WAN) for a DNS server with 192.168.1.xxx ip (Probably in vain)?

If anybody only specify a local dns server in WAN interface and nothing else anywhere, will the lan have any hostname resolution at all?

All clients are served via another DHCP server on 192.168.1xxx (different than router) with ips and correct local DNS address.

Dnsmasq is disabled on router for my config and to avoid any kind of resolution on router level.

If you have enough flash memory on your router, thy this:

opkg update
opkg install wget luci-app-adblock

Then enable adblock in the LuCi web gui.

I know that option. I prefer to have a pi-hole ready on my local lan.

The question remains about the DNS resolution with a local DNS server set as WAN DNS.

1 Like

Does the wan interface query the inside network and then the pi-hole+unbound does the rest or does it search the whole internet (WAN) for a DNS server with 192.168.1.xxx ip (Probably in vain)?

AFAIK the DNS server setting will be used if the interface is connected, but the interface used when sending DNS requests to the servers depends on the routing. If you have access to the shell then use this command to look up the route: ip route get 192.168.1.xxx. It will show 192.168.1.xxx dev br-lan src 192.168.1.1 if it's on you lan subnet.

I will have access to the router tomorrow and maybe test it.
Routing is fine. DNS is setup correctly. IP ranges and subnets are all ok. I have LAN and internet connectivity just fine.
Wan is connected to my isp. I don't use isp DNS and set my own.

I just wanted to know if the WAN DNS is something that can be set to a local subnet address and work...

It's a WAN DNS for the WAN interface connected to bridge modem with ip range 192.168.0.xxx ! Can the 192.168.0.x network DNS be an ip of 192.168.1.xxx ???

Will the WAN interface ever look for a DNS server inside the LAN network or internet only?

You can set a device to use any DNS server anywhere its gateway (router) can reach. Just understand that you will not receive hostname resolution on your router if you somehow disconnect the DNS server from LAN (obviously).

That's exactly what I wanted to know.

It reaches both ways so the DNS can be on lan or wan.

But how can it recognize without looking everywhere that it's on lan and not in wan somewhere. If I had a lan DNS like 18.43.22.7 how can it distinguish it from an wan 18.43.22.7 DNS server?

Because of your device's routing table. That's the point of a router.

Run: ip route show

You should see a default route to the Internet and a route to the WAN subnet where your ISP's gateway is located...and a route to br-lan where your local subnet resides.

You do know that you can't assign arbitrary IPs to devices...right???

This LAN DNS will have to use an IP in your LAN's IP range.

Yes. But isn't the WAN DNS always set to be routed in WAN side?

What DNS does openwrt uses to opkg update then?

No, software doesn't do routing, the router space of the Kernel does. So even if your router wants to go to a LAN IP, it will too be routed like any other client in your network.

Yes. My lan range wwould be 18.43.22.xxx and local DNS would be 18.43.22.7 !
How does my router know that is inside or outside the lan? Does it route wan dns inside my lan when lan ip range matches the 18.43.22.xxx range?

:confused:

You are intentionally using public IP space on your local network....OK...I don't advise it, though.

In any case, YES, your router knows because that's the subnet you assigned to your LAN, that simple. Just run ip route show, you should see something like this:

18.43.22.0/24 dev br-lan proto kernel scope link src 18.43.22.1

Again, I HIGHLY suggest that you use RFC1918 IP space for your LAN, instead.

Long story short

clients DNS none - relying on router
Router lan dns none
Router WAN dns 192.168.1.xxx (within lan range)
router wan interface ip 192.168.0.xxx
will it resolve?

No so simple, read up.

This information entirely differs from what you posted above.

But yes, this will resolve...as long as your router is properly configured. At this point, why don't you just test???

Ok. So router knows because it already has a network in that range. Even if that network is my lan.

That's all I needed to know. I think is an important peace of how traffic moves for DNS resolving between two networks. I don't know how common is to set up a separate home DNS/dhcp/tftp server in parallel with openwrt just as plain router I think.

I always use RFC ips but I wanted to be sure.

I ll test it tomorrow and come back with results.

Thanks for the info and sorry if I messed anyhting up.