Dns issue just after installing 25.12

Installing and Using OpenWrt
1

Hi,

I have been using OpenWrt for quite a long time now. My last implementation on Raspberry Pi3 with version 22.03.5 works perfectly but USB2.0 locks my USB2ETH to 100Mb/s. I have upgraded my internet so I decided to use a Raspberry Pi4 and installed version 25.12 Connecting both implementations on parallel on my internet box, therefore I can see the differences live.

Configuration is the same, but on the new one dns seems to be blocked… as for example

~# apk update
wgetFailed to send request: Operation not permitted
ERROR: wget: exited with error 4
WARNING: updating and opening https://downloads.openwrt.org/releases/25.12.0/targets/bcm27xx/bcm2711/packages/packages.adb: unexpected end of file

or

# nslookup www.google.com
nslookup: write to '127.0.0.1': Connection refused
nslookup: write to '::1': Connection refused
;; connection timed out; no servers could be reached

I have been searching this for 1 entire day now! :confounded_face: Does an expert have a clue to help me? Thx

2

No DNS(masq) running ...

3

Let's take a look at the config...

Also, what is the current connection to the upstream?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Screenshot 2025-10-20 at 8.14.14 PM

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
4 
~# ubus call system board
{
        "kernel": "6.12.71",
        "hostname": "ow",
        "system": "ARMv8 Processor rev 3",
        "model": "Raspberry Pi 4 Model B Rev 1.5",
        "board_name": "raspberrypi,4-model-b",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "25.12.0",
                "firmware_url": "https://downloads.openwrt.org/",
                "revision": "r32713-f919e7899d",
                "target": "bcm27xx/bcm2711",
                "description": "OpenWrt 25.12.0 r32713-f919e7899d",
                "builddate": "1772496855"
        }
}


# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        list ipaddr '127.0.0.1/8'

config globals 'globals'
        option dhcp_default_duid '0004cfc738de289d45ccba68ed850b955198'
        option ula_prefix 'fd32:bef7:2197::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'eth0'
        option proto 'static'
        list ipaddr '192.168.xxx.xxx/24'
        option gateway '192.168.yyy.yyy'         -->> This is on the wan
        option ip6assign '60'
        option multipath 'off'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth1'
        option multipath 'off'


# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option band '5g'
        option channel '36'
        option htmode 'VHT80'

# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '10'
        option limit '40'
        option leasetime '2h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ra_preference 'medium'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/odhcpd.leases'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
        option piodir '/tmp/odhcpd-piodir'
        option hostsdir '/tmp/hosts'

Thx :folded_hands:

5

This is over-redacted. RFC1918 addresses do not reveal anything sensitive, so you can post without redactions:

That said, the gateway is unnecessary and should be removed.

Since the upstream is clearly an RFC1918 address, let's see the result of:

ifstatus wan

and also, please tell us what subnet you're using for the lan on the Pi.

6 
# ifstatus wan
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 2884,
        "l3_device": "eth1",
        "proto": "dhcp",
        "device": "eth1",
        "updated": [
                "addresses",
                "routes",
                "data"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "192.168.197.195",
                        "mask": 24
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "0.0.0.0",
                        "mask": 0,
                        "nexthop": "192.168.197.254",
                        "source": "192.168.197.195/32"
                }
        ],
        "dns-server": [
                "192.168.197.254",
                "8.8.8.8"
        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {
                "dhcpserver": "192.168.197.254",
                "leasetime": 86400
        }
}
root@ow:~# clear
root@ow:~# clear
root@ow:~# ifstatus wan
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 2891,
        "l3_device": "eth1",
        "proto": "dhcp",
        "device": "eth1",
        "updated": [
                "addresses",
                "routes",
                "data"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "192.168.197.195",
                        "mask": 24
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "0.0.0.0",
                        "mask": 0,
                        "nexthop": "192.168.197.254",
                        "source": "192.168.197.195/32"
                }
        ],
        "dns-server": [
                "192.168.197.254",
                "8.8.8.8"
        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {
                "dhcpserver": "192.168.197.254",
                "leasetime": 86400
        }
}


192.168.197.195 is eth1
192.168.197.254 is internet box inside
7 
# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        list ipaddr '127.0.0.1/8'

config globals 'globals'
        option dhcp_default_duid '0004cfc738de289d45ccba68ed850b955198'
        option ula_prefix 'fd32:bef7:2197::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'eth0'
        option proto 'static'
        list ipaddr '192.168.196.254/24'
        option gateway '192.168.197.254'
        option ip6assign '60'
        option multipath 'off'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth1'
        option multipath 'off'
8

And what is this subnet:

9 
list ipaddr '192.168.196.254/24'
10 
192.168.196.254 is eth0
11

Ok... so it seems your subnets are non-overlapping, so that's good.

Remove the gateway from the lan interface. Then reboot and test again.

1 Like
12

Done… Same behavior…

# apk update
wgetFailed to send request: Operation not permitted
ERROR: wget: exited with error 4
WARNING: updating and opening https://downloads.openwrt.org/releases/25.12.0/targets/bcm27xx/bcm2711/packages/packages.adb: unexpected end of file
13

how about some ping tests:

ping 192.168.197.254
ping 8.8.8.8
ping 151.101.2.132
ping downloads.openwrt.org
14

Everything not related to dns is OK

ping 192.168.197.254

PING 192.168.197.254 (192.168.197.254): 56 data bytes
64 bytes from 192.168.197.254: seq=0 ttl=64 time=1.991 ms
64 bytes from 192.168.197.254: seq=1 ttl=64 time=0.747 ms
64 bytes from 192.168.197.254: seq=2 ttl=64 time=0.737 ms
^C
--- 192.168.197.254 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.737/1.158/1.991 ms

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=119 time=6.484 ms
64 bytes from 8.8.8.8: seq=1 ttl=119 time=7.832 ms
64 bytes from 8.8.8.8: seq=2 ttl=119 time=5.962 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 5.962/6.759/7.832 ms

ping 151.101.2.132
PING 151.101.2.132 (151.101.2.132): 56 data bytes
64 bytes from 151.101.2.132: seq=0 ttl=60 time=42.341 ms
64 bytes from 151.101.2.132: seq=1 ttl=60 time=40.617 ms
64 bytes from 151.101.2.132: seq=2 ttl=60 time=41.520 ms
^C
--- 151.101.2.132 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 40.617/41.492/42.341 ms



ping downloads.openwrt.org
ping: bad address 'downloads.openwrt.org'
15

That shows the only issue is DNS based (which matches your original description).

service dnsmasq status
1 Like
16 
# service dnsmasq status
not running

I’ve just downloaded & installed openwrt-25.12.0-bcm27xx-bcm2711-rpi-4-squashfs-factory.img.gz

isn’t it running by default??

1 Like
17

That's the issue.

/etc/init.d/dnsmasq enable
/etc/init.d/dnsmasq start

I did just notice another issue that needs to be fixed:

In addition to removing the gateway line (presumably already done), the device being used here should be br-lan.

18

I changed it… But it still is weird!

# /etc/init.d/dnsmasq enable
# /etc/init.d/dnsmasq start
# service dnsmasq status
not running
19 
logread -e dnsmasq
1 Like
20

OK Thx…

The answer to logread -e dnsmasq was

Actually I had many entries in /etc/config/dhcp was

daemon.crit dnsmasq[1]: DHCP host has multiple names at line 48 of /var/etc/dnsmasq.conf.cfg01411c
daemon.crit dnsmasq[1]: FAILED to start up

config host
        option name 'pi2'
        list mac 'B8:27:FB:1A:7A:8A'
        option ip '192.168.196.2'

I took them out & it works again. THANK YOU! & I’ll need to investigate