DNS Server Forwarding for *.mydomain.lan


I have a setup with 4 devices.

  • router.mydomain.lan
  • ap.mydomain.lan (connected by cable to the router)
  • wifi-bridge.mydomain.lan (connected over WiFi as WDS Client to the WDA AP)
  • laptop.mydomain.lan (connected via cable to wifi-bridge)
+------+  +--+  +-----------+  +------+
|Router+--+AP|  |WiFi Bridge+--+Laptop|
+------+  +--+  +-----------+  +------+

On the router, there are all 4 hostnames added.
/etc/init.d/dnsmasq reload && /etc/init.d/dnsmasq restart is done accordingly and after updating settings.

On the laptop/debian, DNS Server is set correctly in network settings, it's received by DHCP.

root@laptop:~$ nslookup router.mydomain.lan  
Name:	router.mydomain.lan

When i do nslookup on my Router, it's working also. A mix out Domain/Hostnames and /etc/hosts is resolved correctly on localhost.

root@router:~# nslookup router.mydomain.lan
Name:      router.mydomain.lan
Address 1:

root@router:~# nslookup ap.mydomain.lan
Name:      ap.mydomain.lan
Address 1:

root@router:~# nslookup wifi-bridge.mydomain.lan
Name:      wifi-bridge.mydomain.lan
Address 1:

So the laptop has received DNS via DHCP and uses router.mydomain.lan/ for NSLOOKUP.
The router used localhost and was able to resolve hostnames.

On the AP and the Wifi-Bridge i have a different behaviour. Both are freshly deployed with OpenWRT v22.03.3

root@ap:~# nslookup router.mydomain.lan

root@wifi-bridge:~# nslookup router.mydomain.lan

Both use localhost/ as the DNS-Server.

When i explicitly specify the DNS-Server, it will let me resolve the Hostname.

So the issue is not on the router.mydomain.lan device.

root@ap:~# nslookup router.mydomain.lan
Name:	router.mydomain.lan

root@wifi-bridge:~# nslookup router.mydomain.lan
Name:	router.mydomain.lan

my settings:

root@ap:~# cat /etc/config/network
config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask ''
	option ip6assign '60'
	option ipaddr ''
	option gateway ''
	list dns ''
	list dns_search 'lan'
root@ap:~# cat /etc/config/dhcp 
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list server ''

list server '' & list dns '' <-- i expected one of these to solve my issues.

I'm now reading the documentation cross in all directions, but i miss the option to tell the System to pick a different and specified DNS-Server instead of localhost.

To forward every local-FQDN hostname like *.mydomain.lan => DNS Server 192.168.100

What do i miss here?

I don't understad what you're asking about ....

The AP and wifi bridge doesn't have working DNSes, but it shouldn't be an issue.

I want to specify the Default DNS-Server on my OpenWRT Devices.

If i

For example, when i use one as a jumphost, FQDN Hostnames come in handy.
I do not want on all of them to update my /etc/hosts files.
One of them should be the central DNS-Server and the others use it.

There are also other usecases as well. But i guess the Jumphost should be sufficient.

That for example works. the local DNS doesn't know the domain and tries to resolve with the next DNS server.

root@ap:~# nslookup openwrt.org
Non-authoritative answer:
Name:	openwrt.org

I want that as well for my *.mydomain.lan to be handled by my central DNS when i nslookup in my lan.

Remove list server '' and add option port '0' to the dnsmasq config on your AP. Then restart dnsmasq.

What is the dns server address that the computer is currently using?

Where is the active dhcp server on your network? It is that server that must advertise the correct dns server.

or populate /etc/resolv.conf, but the setting doesn't survive a reboot.

Laptop is using, see below/above. The DNS for my laptop is successfully set by my DHCP Server.


The router.mydomain.lan/ is my DHCP Server. I do not expect any issues with the DHCP Server.

Anyhow, the AP and the WIFI-BRIDGE have a static IP in the interface. So no DHCP involved with them.

PORT Config is the Listen Port for incoming querys to the local DNS Server.

From the Docs:

That's not the way to go.

root@ap:~# nslookup openwrt.org
;; communications error to connection refused
;; communications error to connection refused
;; communications error to connection refused
;; communications error to ::1#53: connection refused
;; no servers could be reached

dnsmasq shouldn't be running on an AP, so that's logical.

(if that's where the nslookup was run)

1 Like

You mean, the DHCP Server has to be disable on AP and WIFI-Bridge. That is the case, on both.


config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ignore '1'

option ignore '1' is set. so the DHCP server is disabled on both.

Try /etc/init.d/network restart. What is the content of /etc/resolv.conf after?

correct, but you probably don't need the DNS either, so why have "half" of the daemon running ?
assuming it is, since it doesn't appear to be.

what does netstat say about port 53 ?

and dnsmasq isn't required for upstream DNS, can't see the use case here, populate resolv.conf.

Removing all DNS-Entries breaks nslookup in general.

root@ap:~# nslookup openwrt.org

** server can't find openwrt.org: REFUSED
root@ap:~# netstat -tulpn | grep dns
tcp        0      0  *               LISTEN      10463/dnsmasq
tcp        0      0*               LISTEN      10463/dnsmasq
udp        0      0  *                           10463/dnsmasq
udp        0      0*                           10463/dnsmasq

Disclaimer, IPv6 Results are not pasted.

Disable dnsmasq, ensure nothing is running on port 53. Restart the network on the device (or just the whole device) and then see what's in /etc/resolv.conf.

root@ap:~# cat /etc/resolv.conf
nameserver ::1

still don't understand why you're messing with the a DNS on a device that doesn't need one, and wouldn't have clients utilizing it.

add another entry poiting to the LAN DNS (was it?)

we had that already, heh.

If it were disabled then it wouldn't still be listening on port 53 would it?