DHCP providing wrong DNS server

Hikari · December 23, 2020, 9:52pm

I have OpenWRT on my router, it's responsible for defining LAN devices' domain names and IPv4 and IPv6 addresses, DHCP and DHCPv6 server, IPv6 RA.

I have a server on 192.168.49.2 where I have some services like proxies, and pihole which is responsible for resolving domain names on my LAN. It has a setting to forward all queries to OpenDNS servers, and to forward LAN domain do router, so that all devices know each other by their domain names.

On /etc/conf/dhcp I have a setting that directs DNS requests to my server, so that all devices use it and not the router dnsmasq.

The issue is that recently I noticed that domains I had blocked on pihole were being accessible, meaning its block is being bypassed. On a Win10, I executed ipconfig /all and this is what I found:

   Default Gateway . . . . . . . . . : fe80::xxxx:xxxx:fe5d:79d7%4
                                       192.168.49.1
   DHCP Server . . . . . . . . . . . : 192.168.49.1
   DNS Servers . . . . . . . . . . . : fdfa::1
                                       192.168.49.2
                                       fdfa::1
   NetBIOS over Tcpip. . . . . . . . : Enabled

pihole IPv4 addr 192.168.49.2 is correctly being used as DNS server, but router IPv6 addr fdfa::1 is also there. This means that DNS queries are being sent to my router and not to pihole.

I reviewed /etc/conf/dhcp and found no reference to fdfa::1

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option local '/mydomain.lan/'
	option domain 'mydomain.lan'
	option nonwildcard '0'
	option localservice '0'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option start '110'
	option limit '60'
	option leasetime '1h'
	option ra_default '0'
	option ra_management '1'
	list dhcp_option '6,192.168.49.2'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config domain

config host
	option name 'router'
	option dns '1'
	option mac 'xxxxxxxxxxxxx'
	option ip '192.168.49.1'
	option hostid '1'
	option leasetime '600'

config host
	option name 'wifi'
	option dns '1'
	option mac 'xxxxxxxxxxxxx'
	option ip '192.168.49.3'
	option leasetime '3600'
	option hostid '3'

(...)

config host

Am I missing anything? Might RA be doing that by default?

How can I force to list dhcp_option '6,192.168.49.2' be the only DNS server they use?

vgaetera · December 23, 2020, 9:58pm

Providing custom DNS with DHCP options:

Configure odhcpd using the IPv6 ULA address of Pi-hole
Use the same IPv4 address for both dnsmasq and odhcpd

frollic · December 23, 2020, 10:14pm

And don't forget to disable DoT/DoH in the browsers.

Hikari · December 24, 2020, 12:11am

tnx! But it doesn't seem to have worked...

uci -q delete dhcp.lan.dns
uci add_list dhcp.lan.dns="fdfa::2"

resulted in

   DNS Servers . . . . . . . . . . . : fdfa::1
                                       192.168.49.2
                                       fdfa::2
                                       fdfa::1
   NetBIOS over Tcpip. . . . . . . . : Enabled

fdfa::2 was added, but 1 remained.

Isn't it possible to just have 192.168.49.2 and nothing else?

vgaetera · December 24, 2020, 2:00am

# OpenWrt
uci -q delete dhcp.lan.dns
uci add_list dhcp.lan.dns="fdfa::2"
uci add_list dhcp.lan.dns="192.168.49.2"
uci commit dhcp
/etc/init.d/odhcpd restart
uci show dhcp

# Client
ipconfig /release
ipconfig /release6
ipconfig /flushdns
ipconfig /renew
ipconfig /renew6

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig

Hikari · December 24, 2020, 4:55am

It worked! 2 new settings were added to lan:

config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option start '110'
	option limit '60'
	option leasetime '1h'
	option ra_default '0'
	option ra_management '1'
	list dhcp_option '6,192.168.49.2'
	list dns 'fdfa::2'
	list dns '192.168.49.2'

system · January 3, 2021, 4:55am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.