DNS queries not being forwarded between 2 private domains

I have a openwrt router (R1) that has 2 vlans, one for a public wifi and local pcs, and one for my private network. Everything works great.
Recently I added another openwrt router (R2) to give added security and private wifi for my private use. R2 wan port now plugs into R1 private vlan where previously there was a switch plugged in.
The domain name on R1 is local.
The domain name on R2 is man.
R2resolves names like mypc.man fine, and forwards traffic to internet fine, but gets "Name or service not found" when trying to resolve a .local hostname on R1.
If .com, etc domains are being forwarded to R1 and then internet, why are .local requests not be resolved by R1?
I've tried a few things , but don't really know what I'm doing (newbie).
What is the correct way to set this up?
Thanks in advance.

Disable the protection against DNS rebind attacks.


Alternatively, add local to the Domain whitelist on R2.
The corresponding uci option is called rebind_domain.

1 Like

Yah, yes this works.
However it only resolves plain hostnames on R1 like r1host. If add the domain like r1host.local it still hangs and timeouts.
Is there something else I need to change on either R1 or R2 to address hosts on R1 as r1host.local?
Hosts on the lan side of R2 can be accessed by either r2host or r2host.man
Thank-you very much for your help.

I couldn't get this to work.
@slh's solution did work but only resolving plain hostnames on R1 and not r1host.local.
Maybe the same issue is stopping your domain whilelist and @slh solution from fully working?
Any suggestions?
Thanks very much for your help.

Did you actually set your OpenWrt's default domain to .local. ?

and setup R1 for .local to resolve to R2:

Screenshot from 2020-02-29 18-24-18

1 Like

Plain hostnames are resolved to ip addresses, but anything with .local appended timeouts.
Any device connected to R1 correctly resolves hostnames as well as hostname.local.
Any suggestions?
Thanks for the reply.

$ ping swerve.local
ping: swerve.local: Name or service not known

$ ping swerve
PING swerve ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=62 time=0.920 ms

This output is from a host plugged into R2.

  • Are these hosts Windows devices?
  • How did you get swerve to respond without a domain appended?
  • Why do you alter the output from devices?

And a couple of questions:

Would I be better off using a sub-domain for my private network like private.local?
Would I still need to disable rebind protection for this to work?
Would all I need to do to get this to work is change local server domain on R2 to /private.local/?

I'm really just looking for the simplest solution for hosts on R2 to access hosts on either R1 or R2 with a domain suffix.

.local as a subdomain shouldn't be used at all, as this domain has been hijacked by avahi/ bonjour and similar dynamic services a few years back.

1 Like


Correction, are these Apple devices?

(I agree .local should not be used and assumed the OP knew this about the domain in question.)

Rebind protection must be turned off any time you want OpenWrt to provide a RFC1918 IP as its upstream DNS reply.

Using .local is not the simplest solution. Why did you change the default .lan?

1 Like


Thanks to @slh and @mpa and @lleachii for solving the core issue of allowing RFC1918 IP as its upstream DNS reply.

Changing domain from local back to lan and rebooting both routers has led to the happy day where everything works perfectly.

So Thanks to you all for your awesome help.

One small thing though - how to mark as solved?. According to docs, there should be a pencil icon next to the original post to edit tile to [SOLVED.... but here is not. How do I do this?]

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.