DNS not working on new OpenWRT install on GL-MT6000

Hi there, I've put an official OpenWRT image (24.10.1) onto my GL-MT6000 and got it up and running. However, I don't seem to have working DNS.

I'm able to ping 1.1.1.1, and generally any pingable IP address, but I can't ping any domain names like openwrt.org, duckduckgo.com, etc.

The WAN port of the GL-MT6000 is connected to the LAN port of my ISP's router, which is providing internet access to the router.

Trying to ping any domain I've tried results in:

ping: bad address 'openwrt.org'

or similar.

nslookup gives me

;; connection timed out; no servers could be reached

I'd like to just set it up to use my ISP's DNS servers for now. Or if that's not possible, I just want to set it to any working DNS server.

I apologise for the basic question, but how can I get DNS working?

Let’s take a look at your config.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

# ubus call system board
{
	"kernel": "6.6.86",
	"hostname": "OpenWRT",
	"system": "ARMv8 Processor rev 4",
	"model": "GL.iNet GL-MT6000",
	"board_name": "glinet,gl-mt6000",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.1",
		"revision": "r28597-0425664679",
		"target": "mediatek/filogic",
		"description": "OpenWrt 24.10.1 r28597-0425664679",
		"builddate": "1744562312"
	}
}

# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd51:f10a:6bca::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'lan5'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option type 'bridge'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'
	option type 'bridge'

config device
	option type 'bridge'
	option name 'br-guest'
	option bridge_empty '1'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'

# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list interface 'guest'
	list interface 'lan'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '12h'

# cat /etc/config/firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'guest'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'guest'

config forwarding
	option src 'guest'
	option dest 'wan'

config rule
	option src 'guest'
	option name 'Allow-DNS-Guest'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option src 'guest'
	option name 'Allow-DHCP-Guest'
	option dest_port '67'
	option target 'ACCEPT'

Guest Wi-Fi was set up according to this article, but the DNS issues predate setting that up.

At least this doesn't appear to be the standard config.

Reset, and it should start working.

I'd like to not get rid of my existing configs if that's possible. What is the "standard config"?

Then export the config, reset, check if it works, if it does, don't reimport it...

I've tried resetting and same issue, can ping IP addresses but not domain names.

To clarify, are you running the non working pings from the router, or a client ?

What's the LAN side subnet of the ISP's router ?

From the router. My clients are using Mullvad VPN so I'm using Mullvad's DNS servers, but if I disable the VPN I also can't resolve DNS on clients.

What's the LAN side subnet of the ISP's router ?

How would I find this out?

Then paste output of nslookup openwrt.org, exected on the router.

Check the WAN port IP.

That is expected because the DNS servers cannot be reached when the VPN is not active.
If you use a public DNS, things should work properly.

No that's not what I meant; disabling the VPN also means I use the DNS resolver available through my internet connection ie should be my ISP's resolver. In any case, I have no VPN on the router, and the router also cannot resolve DNS. I've not played with any DNS settings (at least, not on purpose, and it seems not accidentally either since resetting the config doesn't change things) on the router and the router can't ping domains.

ok... let's see the router's current configuration:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
ifstatus wan | grep -C 2 dns-server
ping 64.226.122.113
ping openwrt.org

;; connection timed out; no servers could be reached

as I put in the OP.

Check the WAN port IP.

LuCI says

Address: 192.168.1.187/24
Gateway: 192.168.1.254
DNS: 192.168.1.254

Start by changing the LAN subnet on the Openwrt device, it can't be the same as on the WAN side, edit /etc/config/network, replace 192.168.1.1 with 192.168.2.1, and reboot.

/etc/config/network, /etc/config/dhcp, /etc/config/firewall haven't changed since last reply (scroll up)

# ifstatus wan | grep -C 2 dns-server
		}
	],
	"dns-server": [
		"192.168.1.254"
	],
--
			
		],
		"dns-server": [
			
		],

# ping 64.226.122.113
PING 64.226.122.113 (64.226.122.113): 56 data bytes
64 bytes from 64.226.122.113: seq=0 ttl=52 time=22.198 ms
64 bytes from 64.226.122.113: seq=1 ttl=52 time=21.492 ms
64 bytes from 64.226.122.113: seq=2 ttl=52 time=21.784 ms
64 bytes from 64.226.122.113: seq=3 ttl=52 time=22.296 ms
64 bytes from 64.226.122.113: seq=4 ttl=52 time=22.105 ms
^C
--- 64.226.122.113 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 21.492/21.975/22.296 ms

# ping openwrt.org
ping: bad address 'openwrt.org'

Thank you so much! Glad the fix was that simple. Yes, I'm able to ping domains from the router now, and it seems to be using my ISP's DNS without issue.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.