I can't reach any website with my OpenWRT router. I have access to any website if set custom DNS to my laptop.
dnsmasq's log shows forwarded requests with no reply:
Thu Jun 6 16:00:13 2019 daemon.info dnsmasq[15002]: 18 10.10.10.10/61478 query[A] www.zoomit.ir from 10.10.10.10
Thu Jun 6 16:00:13 2019 daemon.info dnsmasq[15002]: 18 10.10.10.10/61478 forwarded www.zoomit.ir to 8.8.4.4
Thu Jun 6 16:00:13 2019 daemon.info dnsmasq[15002]: 19 10.10.10.10/56485 query[A] nav.smartscreen.microsoft.com from 10.10.10.10
Thu Jun 6 16:00:13 2019 daemon.info dnsmasq[15002]: 19 10.10.10.10/56485 forwarded nav.smartscreen.microsoft.com to 8.8.4.4
But whenever I restart my WAN interface manually, I don't have this problem anymore.
Thu Jun 6 16:25:12 2019 daemon.info dnsmasq[6660]: 60 10.10.10.10/54660 query[A] cdn01.zoomit.ir from 10.10.10.10
Thu Jun 6 16:25:12 2019 daemon.info dnsmasq[6660]: 60 10.10.10.10/54660 forwarded cdn01.zoomit.ir to 8.8.4.4
Thu Jun 6 16:25:13 2019 daemon.info dnsmasq[6660]: 60 10.10.10.10/54660 reply cdn01.zoomit.ir is 185.143.235.5
Thu Jun 6 16:25:13 2019 daemon.info dnsmasq[6660]: 60 10.10.10.10/54660 reply cdn01.zoomit.ir is 185.143.232.5
I have this issue either with my ISP DNS or any custom DNS server
What can I do to solve this?
Model and version of Openwrt?
Also post the following configuration:
uci show network; uci show dhcp
Have you editted any other dnsmasq files?
2 Likes
Thanks for reply,
Xiaomi Mi Router 3G / OpenWrt SNAPSHOT, r10121-06e63aa (Kernel 4.14.121)
No I change nothing else
Network:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.10.10.1'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '50:64:2b:ab:10:10'
config interface 'wan'
option ifname 'eth0.2'
option proto 'pppoe'
option username 'XXX'
option password 'XXX
option keepalive '0'
option ipv6 '0'
option force_link '1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
option vid '2'
config interface 'LAN_VPN'
option proto 'static'
option netmask '255.255.255.0'
option type 'bridge'
option ipaddr '10.10.0.1'
config interface 'LAN_GUEST'
option proto 'static'
option ipaddr '10.0.10.1'
option netmask '255.255.255.0'
config interface 'OpenVPN'
option proto 'none'
option ifname 'tun0'
config interface 'OpenConnect'
option proto 'openconnect'
option interface 'wan'
option username 'XXX'
option password 'XXX'
option authgroup 'DEFAULT'
option server 'XXX'
option port 'XXX'
option serverhash 'XXX'
#I USE THIS INTERFACE FOR ACCESSING MY ISP MODEM BEHIND NAT
config interface 'MODEM'
option proto 'static'
option ifname 'eth0.2'
option ipaddr '10.0.0.10'
option netmask '255.255.255.0'
DHCP:
config dnsmasq
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option nonwildcard '1'
option localservice '1'
option authoritative '1'
option sequential_ip '1'
option domainneeded '1'
option noresolv '1'
option logqueries '1'
list server '8.8.4.4'
config dhcp 'lan'
option interface 'lan'
option start '10'
option limit '90'
option leasetime '12h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'LAN_VPN'
option leasetime '12h'
option interface 'LAN_VPN'
option start '10'
option limit '90'
config host
option name 'XXX'
option dns '1'
option mac 'XXX'
option ip '10.10.10.10'
config host
option name 'XXX'
option dns '1'
option mac 'XXX'
option ip '10.10.10.11'
config dhcp 'LAN_GUEST'
option interface 'LAN_GUEST'
option start '10'
option limit '90'
option leasetime '2h'
config host
option name 'XXX'
option dns '1'
option mac 'XXX'
option ip '10.10.10.12'
config host
option name 'XXX'
option dns '1'
option mac 'XXX'
option ip '10.10.10.13'
config host
option dns '1'
option ip '10.10.10.14'
option mac 'XXX'
option name 'XXX'
config host
option name 'XXX'
option dns '1'
option mac 'XXX'
option ip '10.10.10.15'
config host
option name 'XXX'
option dns '1'
option mac 'XXX'
option ip '10.10.10.16'
config host
option dns '1'
option mac 'AC:5F:3E:9D:F3:74'
option name 'XXX'
option ip 'XXX'
I also Using VPN Routing Policies if that can help:
config vpn-policy-routing 'config'
option verbosity '2'
option ipv6_enabled '0'
option ipset_enabled '1'
option dnsmasq_enabled '0'
option boot_timeout '30'
option strict_enforcement '1'
option enabled '1'
config policy
option chain 'PREROUTING'
option interface 'wan'
option name 'LAN'
option local_address '10.10.10.1/24'
config policy
option chain 'PREROUTING'
option interface 'wan'
option name 'Guest'
option local_address '10.0.10.1/24'
config policy
option interface 'wan'
option name 'ARIA2'
option remote_port '80 8080 443'
option proto 'tcp'
option chain 'OUTPUT'
Config looks fine to me.
I would add more servers to use for forwarders, e.g 8.8.8.8 , 1.1.1.1 , 1.0.0.1 , 208.67.222.222 etc.
Also run a tcpdump on all WAN interfaces to make sure that you send the packets from the correct interface with the correct source IP.
1 Like
Firstly I use this script to avoid further wasting time
#Internet Auto-Reconnect
if ping -q -c 1 google.com >/dev/null; then
logger [Internet is Connected]
else
ifup wan
logger [Internet is Reconnecting]
fi
But finally found that if routing port 53 through WAN interface with vpn-policy-routing, solving the problem
config policy
option interface 'wan'
option name 'DNS'
option remote_port '53'
option proto 'tcp udp'
option chain 'OUTPUT'