DNS and how to configure

martin.arg · May 20, 2022, 4:36pm

Hi I just received my new router a glinet Beryl router, and I want to configure to use it in my work's network. I connect everything, I connect to the wan port the cable that was going to my pc, I connect my pc to the router, and everything work fine, almost. There are several pages that I can not access. I can access by IP but not with the URL, this pages use .local instead of .com (or similar). So I think it's a DNS problem, but my work DNS is correctly assigned by my work's DHCP server. So I don't know what to do.

lleachii · May 20, 2022, 4:42pm

Assign the correct domain suffix to your DNS settings; or
Simply use a Fully-Qualified Domain Name when typing the URL

BTW, OpenWrt has .lan set by default.

martin.arg · May 20, 2022, 4:43pm

Can you elaborate a bit?, please.

lleachii · May 20, 2022, 4:46pm

On what?

I don't control your router or network, so I'm not sure what you're having difficulties on.

If you mean the settings:

If your work network uses .local as you claim, type in the full name in the URL.

e.g.:

employee-fileserver

vs

employee-fileserver.local this is the FQDN

martin.arg · May 20, 2022, 4:53pm

It's to the FQDN that I don't have access, and that is the problem. With the FQDN I can access an internal menu from which I cannot access from the IP, I do type url.local.

lleachii · May 20, 2022, 4:59pm

???

Can you clarify this, please?

Run:

ubus call network.interface.wan status

Verify your IP and DNS servers are correct

Next: Paste the output of the following commands:

nslookup <name_of_server.domain> <WAN_dns-server1>
nslookup <name_of_server.domain> <WAN_dns-server2>
nslookup <name_of_server.domain> <IP_of_OpenWrt>

(Omit revealing information/verify they match.)

martin.arg · May 20, 2022, 5:13pm

I work with a software call koha, this software has a page for general user and an admin panel, If I access the software by IP I can only get access to the general user page, If I use the webpage URL koha.local I access the admin page. Since I connected the new router, I can access the IP, but I can not access the URL koha.local. So i know I can reach the IP, but the DNS does not resolve.

	"dns-server": [
		"157.xxx.xxx.29"
	],

Sorry this would be something like

nslookup koha.local <my router ip>

If this is correct the reseult is
** server can't find koha.local: NXDOMAIN
** server can't find koha.local: NXDOMAIN

jow · May 20, 2022, 5:29pm

You will need to disable rebind protection and/or whitelist the domains you expect responses with private IPs from.

martin.arg · May 20, 2022, 6:00pm

I disable the rebind protection option, but there are no changes. I will search for the whitelist domain options.

Bill · May 20, 2022, 6:54pm

Flush DNS on your PC.

trendy · May 20, 2022, 9:19pm

root@magiatiko:[~]#logread -e dnsmasq | grep local
Thu May 12 15:16:02 2022 daemon.info dnsmasq[23573]: using only locally-known addresses for domain test
Thu May 12 15:16:02 2022 daemon.info dnsmasq[23573]: using only locally-known addresses for domain onion
Thu May 12 15:16:02 2022 daemon.info dnsmasq[23573]: using only locally-known addresses for domain localhost
Thu May 12 15:16:02 2022 daemon.info dnsmasq[23573]: using only locally-known addresses for domain local
Thu May 12 15:16:02 2022 daemon.info dnsmasq[23573]: using only locally-known addresses for domain invalid
Thu May 12 15:16:02 2022 daemon.info dnsmasq[23573]: using only locally-known addresses for domain bind

local and other suffixes are hardcoded.
You need to add a DNS forwarding for the local domain to the company nameserver.

Bill · May 20, 2022, 10:29pm

How would that look for @martin.arg?

uci add_list dhcp.@dnsmasq[0].server="/example.com/192.168.2.1"
uci commit dhcp
/etc/init.d/dnsmasq restart

Could and/or should he be advised to reenable rebind protection ?

jow · May 20, 2022, 11:19pm

Only if the NS returns non-RFC1918 IPs. If it does, rebind protection must be disabled or the corresponding domain must be whitelisted.

martin.arg · May 23, 2022, 11:43am

Done, no difference.

martin.arg · May 23, 2022, 11:51am

Hi there, sorry I didn't replay, but I wasn't at work. One of the first things I did was to add the DNS server for forwarding. Also ping the server by its IP and received answer. What, I don't know If I did it correctly.
imagen

Also I must admit I'm doing this to learn more about network and OpenWrt. I could resolve this removing the new router and access directly to the network.

martin.arg · May 23, 2022, 12:07pm

I just resolve this with your help. First I add the DNS server in the correct way /koha.local/157.xxx.xxx.29 and second I could disable rebind protection, but I choose to white list the domain koha.local. I mark ¡this one as solution, but the solution was provided with the sum of several posts.

Thanks.

system · June 2, 2022, 12:07pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.