DNS is not working properly

jany · May 2, 2024, 7:01am

I have a specific question.
There is an authoritative DNS server on the Internet for one domain examplexx.com with a public IP address 77.77.77.77 (IP addresses and domains are fictitious).
On the other side of the Internet, there is a client with OS win 10.
If I set the IP address of the DNS server manually, everything works correctly, including examplexx.com.
If I set the client to add the DNS IP address of the openwrt server, it does not work.

When I check with the command
ipconfig /all
so I see that DNS uses 77.77.77.77

frollic · May 2, 2024, 7:13am

and when you do nslookup examplexx.com in win10, which DNS IP is used ?

brada4 · May 2, 2024, 7:19am

Authoritative DNS server will not offer recursive DNS service for the internet.
You need to configure upstream DNS servers in dnsmasq forwarder section, not DHCP options.

jany · May 2, 2024, 7:26am

I'm now away from PC win 10, but I think it was something like that.

nslookup examplexx.com
Server:  unknown
Address:  77.77.77.77
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
     
Name:    examplexx.com
Address:  77.77.77.77

I'll elaborate when I'm at the PC

brada4 · May 2, 2024, 7:27am

Pretty obvious your authoritative server does not offer you recursive service.

jany · May 2, 2024, 7:53am

The DNS server is built on BInd9.
My first thought was that only one DNS should be set for the client, namely 77.77.77.77.
DNS binb will resolve one authoritative query (examplexx.com) and will forward the rest to recursive resolvers.
That's why I also set it in Bind 9

options {

    forwarders {
        8.8.8.8;  // Google Public DNS
        8.8.4.4;  // Google Public DNS

    };

    forward only;
    allow-query { 66.66.66.0/24; };
 
};

66.66.66.66 is a subnet that is allowed for forward query

brada4 · May 2, 2024, 8:05am

forwarders for dnsmasq:
/xxxamplexxx.xom/77.777.7.77
8.8.8.8
4.4.4.4

You need to read BIND ARM pdf file included with your bind installation, which seems not related to OpenWRT in any way.

jany · May 2, 2024, 6:18pm

This works

/examplexx.com/77.77.77.77

The question is how it works. First, openwrt asks for the public recursive resolver on the examplexx.com domain, and if the answer is not found, then it asks for 77.77.77.77 ?
Or is it the other way around?

stangri · May 6, 2024, 12:21am

AFAIK it explicitly tells dnsmasq to use DNS 77.77.77.77 for domain examplexx.com.

brada4 · May 6, 2024, 2:43pm

I looked through crystal ball that authoritative server will not provide recursive service, not by that single parameter at least. Explanations are in BIND ARM guide.

jany · May 6, 2024, 7:39pm

For me, it is important that the DNS server 77.77.77.77 resolves the query on exampexx.com.
If it solves examplexx.com, then don't have to solve other queries.

See my first post.
When I set it up as you can see in my first post, Bind9 solved recursive queries, but it did not solve exampexx.com.

brada4 · May 6, 2024, 7:47pm

I understood whats missing, if you want full recursive service via work you need VPN , or read deep in BIND Admin Reference Manual PDF to enable public recursion.

jany · May 12, 2024, 3:41pm

Now I have 2 websites set up

 /examplexxa.com/77.77.77.77
 /examplexxb.com/77.77.77.77

These websites do not exist on the real Internet. I would like to set up a third website, but that one exists on the real internet e.g.

 /example.com/77.77.77.77

This website also works, but not on all PCs with Win 10. I want it to work on a company PC where I have access as a user. Examplexxa.com and examplexxb.com work correctly even on a company PC, but example.com does not work. The DNS query is always resolved and directed to the official website.