DNS Server Forwarding for *.mydomain.lan

cavebeat · January 18, 2023, 11:15am

Hi,

I have a setup with 4 devices.

router.mydomain.lan 192.168.100.1
ap.mydomain.lan 192.168.100.2 (connected by cable to the router)
wifi-bridge.mydomain.lan 192.168.100.3 (connected over WiFi as WDS Client to the WDA AP)
laptop.mydomain.lan 192.168.100.4 (connected via cable to wifi-bridge)

+------+  +--+  +-----------+  +------+
|Router+--+AP|  |WiFi Bridge+--+Laptop|
+------+  +--+  +-----------+  +------+

On the router, there are all 4 hostnames added.
/etc/init.d/dnsmasq reload && /etc/init.d/dnsmasq restart is done accordingly and after updating settings.

On the laptop/debian, DNS Server is set correctly in network settings, it's received by DHCP.

root@laptop:~$ nslookup router.mydomain.lan  
Server:		192.168.100.1
Address:	192.168.100.1#53
Name:	router.mydomain.lan
Address: 192.168.100.1

When i do nslookup on my Router, it's working also. A mix out Domain/Hostnames and /etc/hosts is resolved correctly on localhost.

root@router:~# nslookup router.mydomain.lan
Server:		127.0.0.1
Address:	127.0.0.1#53
Name:      router.mydomain.lan
Address 1: 192.168.100.1

root@router:~# nslookup ap.mydomain.lan
Server:		127.0.0.1
Address:	127.0.0.1#53
Name:      ap.mydomain.lan
Address 1: 192.168.100.2

root@router:~# nslookup wifi-bridge.mydomain.lan
Server:		127.0.0.1
Address:	127.0.0.1#53
Name:      wifi-bridge.mydomain.lan
Address 1: 192.168.100.3

So the laptop has received DNS via DHCP and uses router.mydomain.lan/192.168.100.1 for NSLOOKUP.
The router used localhost and was able to resolve hostnames.

On the AP and the Wifi-Bridge i have a different behaviour. Both are freshly deployed with OpenWRT v22.03.3

root@ap:~# nslookup router.mydomain.lan
Server:		127.0.0.1
Address:	127.0.0.1:53

root@wifi-bridge:~# nslookup router.mydomain.lan
Server:		127.0.0.1
Address:	127.0.0.1#53

Both use localhost/127.0.0.1 as the DNS-Server.

When i explicitly specify the DNS-Server, it will let me resolve the Hostname.

So the issue is not on the router.mydomain.lan device.

root@ap:~# nslookup router.mydomain.lan 192.168.100.1
Server:		192.168.100.1
Address:	192.168.100.1:53
Name:	router.mydomain.lan
Address: 192.168.100.1

root@wifi-bridge:~# nslookup router.mydomain.lan 192.168.100.1
Server:		192.168.100.1
Address:	192.168.100.1#53
Name:	router.mydomain.lan
Address: 192.168.100.1

my settings:

root@ap:~# cat /etc/config/network
config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.100.2'
	option gateway '192.168.100.1'
	list dns '192.168.100.1'
	list dns_search 'lan'

root@ap:~# cat /etc/config/dhcp 
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list server '192.168.100.1'

list server '192.168.100.1' & list dns '192.168.100.1' <-- i expected one of these to solve my issues.

I'm now reading the documentation cross in all directions, but i miss the option to tell the System to pick a different and specified DNS-Server instead of localhost.

To forward every local-FQDN hostname like *.mydomain.lan => DNS Server 192.168.100

What do i miss here?

frollic · January 18, 2023, 11:35am

I don't understad what you're asking about ....

The AP and wifi bridge doesn't have working DNSes, but it shouldn't be an issue.

cavebeat · January 18, 2023, 11:44am

I want to specify the Default DNS-Server on my OpenWRT Devices.

If i

For example, when i use one as a jumphost, FQDN Hostnames come in handy.
I do not want on all of them to update my /etc/hosts files.
One of them should be the central DNS-Server and the others use it.

There are also other usecases as well. But i guess the Jumphost should be sufficient.

That for example works. the local DNS doesn't know the domain and tries to resolve with the next DNS server.

root@ap:~# nslookup openwrt.org
Server:		127.0.0.1
Address:	127.0.0.1#53
Non-authoritative answer:
Name:	openwrt.org
Address: 139.59.209.225

I want that as well for my *.mydomain.lan to be handled by my central DNS when i nslookup in my lan.

krazeh · January 18, 2023, 11:46am

Remove list server '192.168.100.1' and add option port '0' to the dnsmasq config on your AP. Then restart dnsmasq.

psherman · January 18, 2023, 11:48am

What is the dns server address that the computer is currently using?

Where is the active dhcp server on your network? It is that server that must advertise the correct dns server.

frollic · January 18, 2023, 11:51am

or populate /etc/resolv.conf, but the setting doesn't survive a reboot.

cavebeat · January 18, 2023, 11:55am

Laptop is using 192.168.100.1, see below/above. The DNS for my laptop is successfully set by my DHCP Server.

The router.mydomain.lan/192.168.100.1 is my DHCP Server. I do not expect any issues with the DHCP Server.

Anyhow, the AP and the WIFI-BRIDGE have a static IP in the interface. So no DHCP involved with them.

cavebeat · January 18, 2023, 12:01pm

PORT Config is the Listen Port for incoming querys to the local DNS Server.

From the Docs:

That's not the way to go.

root@ap:~# nslookup openwrt.org
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; communications error to ::1#53: connection refused
;; no servers could be reached

frollic · January 18, 2023, 12:02pm

dnsmasq shouldn't be running on an AP, so that's logical.

(if that's where the nslookup was run)

cavebeat · January 18, 2023, 12:07pm

You mean, the DHCP Server has to be disable on AP and WIFI-Bridge. That is the case, on both.

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ignore '1'

option ignore '1' is set. so the DHCP server is disabled on both.

krazeh · January 18, 2023, 12:08pm

Try /etc/init.d/network restart. What is the content of /etc/resolv.conf after?

frollic · January 18, 2023, 12:09pm

correct, but you probably don't need the DNS either, so why have "half" of the daemon running ?
assuming it is, since it doesn't appear to be.

what does netstat say about port 53 ?

and dnsmasq isn't required for upstream DNS, can't see the use case here, populate resolv.conf.

cavebeat · January 18, 2023, 12:09pm

Removing all DNS-Entries breaks nslookup in general.

root@ap:~# nslookup openwrt.org
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find openwrt.org: REFUSED

cavebeat · January 18, 2023, 12:13pm

root@ap:~# netstat -tulpn | grep dns
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      10463/dnsmasq
tcp        0      0 192.168.100.2:53        0.0.0.0:*               LISTEN      10463/dnsmasq
udp        0      0 127.0.0.1:53            0.0.0.0:*                           10463/dnsmasq
udp        0      0 192.168.100.2:53        0.0.0.0:*                           10463/dnsmasq

Disclaimer, IPv6 Results are not pasted.

krazeh · January 18, 2023, 12:15pm

Disable dnsmasq, ensure nothing is running on port 53. Restart the network on the device (or just the whole device) and then see what's in /etc/resolv.conf.

cavebeat · January 18, 2023, 12:16pm

root@ap:~# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver ::1

frollic · January 18, 2023, 12:16pm

still don't understand why you're messing with the a DNS on a device that doesn't need one, and wouldn't have clients utilizing it.

frollic · January 18, 2023, 12:17pm

add another entry poiting to the LAN DNS 192.168.100.1 (was it?)

cavebeat · January 18, 2023, 12:20pm

we had that already, heh.

krazeh · January 18, 2023, 12:24pm

If it were disabled then it wouldn't still be listening on port 53 would it?