I just upgraded to 25.12.0 and immediately after DNS stopped working. I can get to IP addresses like 8.8.8.8 but I cannot resolve DNS host names.
What does the log show (logread -e dns)?
logread -e DNS
Wed Mar 18 05:34:18 2026 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Mar 18 05:34:36 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Mar 18 05:34:36 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Use lowercase dns to get all the dnsmasq messages. It might be in a crash loop.
1 Like
Here is logread -e dns
Wed Mar 18 05:34:18 2026 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Wed Mar 18 05:34:18 2026 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: started, version 2.91 cache disabled
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Mar 18 05:34:18 2026 daemon.warn dnsmasq[1]: warning: no upstream servers configured
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Mar 18 05:34:18 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 names
Wed Mar 18 05:34:24 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Mar 18 05:34:24 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 names
Wed Mar 18 05:34:24 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c.2436 - 0 names
Wed Mar 18 05:34:24 2026 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 0 names
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: started, version 2.91 cache disabled
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Mar 18 05:34:28 2026 daemon.warn dnsmasq[1]: warning: no upstream servers configured
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.100.100 -- 192.168.100.119, lease time 12h
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 6 names
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 0 names
Wed Mar 18 05:34:28 2026 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: started, version 2.91 cache disabled
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Mar 18 05:34:35 2026 daemon.warn dnsmasq[1]: warning: no upstream servers configured
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.100.100 -- 192.168.100.119, lease time 12h
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.2.100 -- 192.168.2.249, lease time 12h
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 8 names
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 0 names
Wed Mar 18 05:34:35 2026 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Wed Mar 18 05:35:11 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Mar 18 05:35:11 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 8 names
Wed Mar 18 05:35:11 2026 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 0 names
Wed Mar 18 05:35:11 2026 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
You do not have any upstream servers configured
On the WAN interface Advanced Settings, Disable Use DNS server advertised by peer and enter 1.0.0.1 and 9.9.9.9 as DNS server
I went to WAN interface and it was already set to DNS servers but I changed it anyways. It made no difference, I get the same behavior. Something happened during the upgrade. I made no changes other than upgrading the FW and immediately after rebooting I had the DNS problems. Attached is latest logread -e dns
logread -e dns
Wed Mar 18 05:41:06 2026 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Wed Mar 18 05:41:06 2026 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: started, version 2.91 cache disabled
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Mar 18 05:41:06 2026 daemon.warn dnsmasq[1]: warning: no upstream servers configured
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Mar 18 05:41:06 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 names
Wed Mar 18 05:41:13 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Mar 18 05:41:13 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 names
Wed Mar 18 05:41:13 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c.2435 - 4 names
Wed Mar 18 05:41:13 2026 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 0 names
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: started, version 2.91 cache disabled
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: DNS service limited to local subnets
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Wed Mar 18 05:41:16 2026 daemon.warn dnsmasq[1]: warning: no upstream servers configured
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.100.100 -- 192.168.100.119, lease time 12h
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: using only locally-known addresses for test
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: using only locally-known addresses for local
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 6 names
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 0 names
Wed Mar 18 05:41:16 2026 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Wed Mar 18 05:41:21 2026 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 34:60:f9:de:b8:27
Wed Mar 18 05:41:21 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.222 34:60:f9:de:b8:27
Wed Mar 18 05:41:21 2026 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Please share:
uci export dhcp
uci export network
cat /tmp/resolv.conf.d/resolv.conf.auto
DHCP
uci export dhcp
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option port '54'
option cachesize '0'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '15,lan'
list dns 'fd05:eaf1:8ae5::1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option piofolder '/tmp/odhcpd-piofolder'
config dhcp 'GuestWifi'
option interface 'GuestWifi'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'NPRmaaster'
option interface 'NPRmaaster'
option start '100'
option limit '20'
option leasetime '12h'
Network
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd05:eaf1:8ae5::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '192.168.1.1'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option peerdns '0'
list dns '1.0.0.1'
list dns '9.9.9.9'
option multipath 'off'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
option peerdns '0'
list dns '2001:4860:4860::8888'
list dns '2001:4860:4860::8844'
config interface 'GuestWifi'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
list dns '191.168.2.1'
list dns '8.8.8.8'
config interface 'NPRmaaster'
option proto 'static'
option device 'lan2'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
list dns '192.168.100.1'
DNS
cat /tmp/resolv.conf.d/resolv.conf.auto
# Interface GuestWifi
nameserver 191.168.2.1
nameserver 8.8.8.8
# Interface NPRmaaster
nameserver 192.168.100.1
# Interface lan
nameserver 192.168.1.1
# Interface wan
nameserver 1.0.0.1
nameserver 9.9.9.9
# Interface wan6
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
Remove all the 192.168... dns entries from the /etc/config/network interfaces, including the typo 191.168.2.1. You don't really need dns entries on any interfaces except wan and wan6.
Remove this, or set it to 0.
2 Likes
Is AGH installed? That would be an important detail to share.
If it’s no longer installed, change the port back to 53.
3 Likes
Adguard was removed a couple of months back as it causing problems. The steps you gave me resolved the DNS problem. At first I missed one item and I dont know if that was the key to the puzzle but as soon as I set "option no resolve" to 0 the problem appears to be resolved. I only had time today to test the LAN clients but I am pretty certain the solution should apply to all.
Thank you for your help, I really appreciate it.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! 
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.