emmy
January 7, 2023, 12:25pm
1
I using openwrt 22.03.2 in my access point which take internet wirelessly from my modem.
I tried to secure my DNS using dnsmasq (DoH with Dnsmasq ).
After that, I lose internet connection for my laptop (wifi client) but the AP (with OpenWRT) has internet access. Why? What can I do?
this is results of command vi /etc/config/https-dns-proxy
:
config main 'config'
option canary_domains_icloud '1'
option canary_domains_mozilla '1'
option dnsmasq_config_update '*'
option force_dns '1'
list force_dns_port '53'
list force_dns_port '853'
option procd_trigger_wan6 '0'
option update_dnsmasq_config '*'
config https-dns-proxy
option resolver_url 'https://cloudflare-dns.com/dns-query'
option listen_addr '127.0.0.1'
option listen_port '5054'
option user 'nobody'
option group 'nogroup'
option bootstrap_dns '1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001'
config https-dns-proxy
option resolver_url 'https://dns.google/dns-query'
option listen_addr '127.0.0.1'
option listen_port '5053'
option user 'nobody'
option group 'nogroup'
option bootstrap_dns '8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844'
Who/What is myself?
Because the APs don't use your proxy?
emmy:
What can I do?
Depends on what you want to achieve.
1 Like
emmy
January 7, 2023, 12:36pm
4
frollic:
Who/What is myself?
The modem has internet and give it to AP via Wifi.
The AP (OpenWRT) repeat wifi.
I connect to AP.
Now:
AP has internet but I do not have.
I want internet connection.
emmy
January 7, 2023, 12:40pm
5
trendy:
uci export dhcp
?
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option doh_backup_noresolv '-1'
option noresolv '1'
list doh_backup_server ''
list doh_backup_server '/mask.icloud.com/'
list doh_backup_server '/mask-h2.icloud.com/'
list doh_backup_server '/use-application-dns.net/'
list doh_backup_server '127.0.0.1#5054'
list doh_backup_server '127.0.0.1#5053'
list server '127.0.0.1#5054'
list server '127.0.0.1#5053'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
list server '/use-application-dns.net/'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ra_slaac '0'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'GUESTY632'
option interface 'GUESTY632'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'IOT'
option interface 'IOT'
option start '100'
option limit '150'
option leasetime '12h'
trendy
January 7, 2023, 2:53pm
6
What is the output of nslookup openwrt.org
from a lan host?
emmy
January 7, 2023, 3:21pm
8
Sorry. I thought you tolled me to write this on putty.
I just write in in windows powershell:
Server: OpenWrt.lan
Address: 172.16.0.1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to OpenWrt.lan timed-out
But just something weird happens.
the lan host with windscribe vpn will connect and respond to the same command :
Server: UnKnown
Address: 10.255.255.2
Non-authoritative answer:
Name: openwrt.org
Addresses: 2a03:b0c0:3:d0::1af1:1
139.59.209.225
They're querying 2 different servers.
172.16.0.1
is not
10.255.255.2
You're bypassing the OpenWrt.
emmy:
with windscribe vpn
???
It works because it's using DNS server 10.255.255.2 when connected (per your pic)
You should not test your LAN DNS, etc. with VPN connected on the client
1 Like
trendy
January 7, 2023, 10:18pm
10
Does the command nslookup openwrt.org 172.16.0.1
from openwrt router give some result or still timeout?
emmy
January 8, 2023, 6:52pm
11
It gave so many timeout errors that I completely regretted doing it.
Now my dns requests are naked.
trendy
January 8, 2023, 7:24pm
12
Maybe something was blocking your access to the DoH servers?
Have you tried DoT with stubby?