DOH per interface/client

I am looking to either set a different DOH address for each client or a different DOH address for multiple interfaces then connect the clients to the interfaces

so far I have https DNS proxy installed, can I use client IP for listen address or does that has to be interface IP

if I use a client IP would DHCP need to be enabled?

or is there an alternative where I can use a client IP

the whole goal of this is smart devices that do not allow manual DNS settings with no DOH options, so I can identify more devices on my NEXTDNS

this is how far I got with https dns proxy:

config https-dns-proxy
        option listen_addr '192.168.8.8'
        option listen_port '53'
        option user 'nobody'
        option group 'nogroup'
        option bootstrap_dns '45.##.##.###,45.##.##.###'
        option resolver_url 'https://dns.nextdns.io/c#####/TV-RE305'

that does not work as 192.168.8.8 does not exist and https dns proxy will not start

Sun May  3 12:21:27 2026 daemon.info https-dns-proxy[21428]: [F] 1777810887.783585 dns_server.c:32 Error binding on 192.168.8.8:53 UDP: Address not available (126)

but that’s the sort of thing I want, to be able to provide a name like “TV-RE305“

currently everything goes to NEXTDNS as the router WAN IP, as this is a normal network with NAT

the device I have install the nextdns app have there hostname, and I want to get the same functionality on device that can’t have DOH or the nextdns app

It should work with any IP assigned to the router (this is a general software question).

?

You cannot bind software to an IP that is not assigned on the router.

Perhaps I don't understand the goal. How does this relate to attempting to start software bound to invalid IPs?

Edit:

(I recognize the username, welcome back.)

because it says address not found in the system log like I mendioned below

192.168.8.8 is a client IP, but its assigned though the main router

NEXTDNS will display all queries as unidentified devices unless there using DOH or the nextdns app for that operation system, the devices that are going though the main router are unidentified, but I changed SSIDs so all my smart device come to openwrt, and if I can get each device be over DOH and have a custom name, then I can tell where all DNS queries are coming from

so are only interface IPs allowed for the listen address?

but not an external device IP?

so I think this will make it easier to understand

NextDNS receives DNS queries from 195.XXX.XXX.XXX (my WAN address), DOH or the nextdns app allows you to specify a hostname to indentify the devices.

But most smart devices have no DOH option, so I would like to force it with openwrt

Perhaps someone else can assist or you can better clarify. I'm not following your statements. To answer your questions:

Correct, not to an "external IP". And (again) it's not clear why you expect to execute and bind software to an invalid IP.

That's how computers work. You can also bind to all interfaces. But you cannot bind to some arbitrary IP that's not assigned to the device.

Perhaps you should fully explain what you're attempting to accomplish.

I am wanting to listen to the connect client device, I could have this totally wrong

Didn’t I already do that twice

I want to identify the unidentified devices in NEXTDNS, and that is possible only though DOH but smart devices don’t give you an option and just follow the main router/DHCP server

my alternative idea is to have an SSID for a group of devices like smart plugs, and have an interface for smart plugs

then have an interface for echo devices with a different SSID

but with this was each group will need its own SSID and would only identify the group, but this didn’t even work because of how my subnets are configured, not sure if it was openwrt or the main router

You made that statement twice, but as I noted:

So perhaps I should ask:

• Why are making all these changes?
• Are you trying to setup something?
• Are you having issues?
• Can you explain how changing SSIDs relates?
• Can you explain how configuring software to "external device IPs" relates to your goals?

Let's understand one idea first.

So there's another router involved?

OK.

Then you run DoH proxy (if I understand you correctly).

You won't be able to make devices that don't use DoH magically use it through network trickery.

I am trying to setup DOH for all client devices with a different DOH endpoint “For "John's Firefox", you would use ``https://dns.nextdns.io/c####/John's%20Firefox`` as your DNS-over-HTTPS endpoint.“

this is the nextdns setup

where c#### is my nextdns configuration endpoint and John’s Firefox is the client device

if I can only assign DOH to an interface then I would need many interfaces, so would need an SSID for each interface

I think I do have something wrong here, I am wanting to redirect DNS traffic to the DOH for each client device separately

I think that setup might be easier though, but not fully get to my goal

yes, my ISP provided router(Linksys MX5500) running everything, this(Openwrt) is an AP dedicated to smart devices

except I kind of can, If I use Openwrt DHCP, then all the DNS traffic goes though lan which goes to the DOH proxy

I am wanting a different DOH proxy endpoint address for each connected client

so it looks like each client will have to have its own SSID and interface, which will get messy so I will have to group by type

but even this way has issues because subnets, 255.255.0.0 is the main router, but each interface in openwrt needs to be 255.255.255.0 to make this work, then the interface acts as the gateway

I think I need a relay bridge between all the interfaces if I do it that was

3 or 4 interfaces, 3 or 4 SSIDs

I got https dns proxy to start with port 5053, now the lan traffic is going though to the correct proxy endpoint, but it all seems to overlap with I add more interfaces

I can’t even get each interface to have its own DOH proxy, its all going though lan

And what is the goal/purpose of this again?

Create one for the IP of each interface.

config https-dns-proxy
option listen_addr '192.168.1.254'
option listen_port '5053'
option user 'nobody'
option group 'nogroup'
option bootstrap_dns '#'
option resolver_url 'https://dns.nextdns.io/c####/LAN-RE305'

config https-dns-proxy
option listen_addr '192.168.88.1'
option listen_port '5053'
option user 'nobody'
option group 'nogroup'
option bootstrap_dns #'
option resolver_url 'https://dns.nextdns.io/c####/TV-RE305'

I have one for each interface IP

192.168.1.254 is the lan interface

192.168.88.1 is the TV interface, linked to the TV SSID

but queries made on the TV SSID are going to LAN-RE305 not TV-RE305

do I need :5053 or just :53?

what I need is a different DOH proxy endpoint for every interface or ideally every connected device

or I could just give up, as my ideas never seem to work

but it would be nice to know where more DNS queries are coming from in NextDNS

I got the DNS traffic to go to both, but not one independently

This is still confusing. You got what DNS traffic to go to both of what?

It's not clear why you need to do this to accomplish "seeing traffic" or "identity unidentified devices".

It's the same device, correct?

Where is NEXTDNS running?

It would really help of you describe your desires without using terms or what you used or attempted.

For example, I assume you wish to use DoH?

Then expound what you used and issue you experienced with DoH that you decided to run an instance on each interface, etc.

In other words, start explaining from the beginning.

I got DNS traffic from the TV SSID to go to LAN-RE305 and TV-RE305, which would be the TV interface and the lan interface, maybe its the bridge but without that, there seems to be no internet connection

Its cloud based, so without DOH everything shows as the same IP because of NAT at the main router

I have tried to, my smart devices are logged in NextDNS as 195.XXX.XXX.XXX, where my DOH devices like my PC have there hostname, that is what I am looking to do with openwrt

image152×643 6.02 KB

well I have said it like 500 times, and sent you my config for https dns proxy

that is correct, I would like a instance of http dns proxy on every interface, and going to the same address but with a different name added, LuCi shows username as “c#####/LAN-RE305“ thats the part that need to chnage per interface LAN replaced with the interface name or whatever I decide

So I can identify what group of devices are making what queries

And again, it's not clear why this is necessary to accomplish your goal. I'll reread the entire thread. Out of respect, no need to reiterate what you've explained multiple times.

(Perhaps others were able to follow and provide more clarity.)

NextDNS is a cloud based service, so all devices communicate over the WAN IP address (195.XXX.XXX.XXX), but if devices use DOH or the NextDNS app, the hostname or any defined name can be passed(https://dns.nextdns.io/c#####/John's%20Firefox)

I already have app or DOH on most of my devices, and currently have smart device just with the WAN IP address, but am looking for a way to define a DOH proxy to either the independent interface, and have many interfaces or to the device independently

I don’t think its going to be possible to get each device independently

so I am going to have to group types to an interface

there is no identification of device in NextDNS without DOH or the NextDNS app, that is my goal

the main router is passing on the queries, but only as its WAN address

there has been no others

it there a way to have a listen interface?

or add the DOH url directly to the interface

not one person knows what I need

I give up, I may come back to this in the future

would this be the correct DHCP relay to pass to the main router(192.168.1.1)

my openwrt is 192.168.1.254

This doesn't work in the manner you described. The devices you mentioned are in the same subnet. There's no need to "relay" in the same broadcast domain.

It's only been a few hours (and it's not clear if your devices are configured properly).

Openwrt does not show IP address without DHCP being enabled, so I need to relay to the main router so Openwrt can assign the same address as what static assigned in the main router

or am I totally over complicating this, again

The RE305 will probably get unplugged again or converted back into a guest network

thank you for trying

You'll need to be specific: OpenWrt doesn't show the IP address where?

(This is likely due to the fact you're altering the DNS behavior with these configuration changes.)

Actually, you lost me again.

(Again, still not clear why you're needing to "relay" in the same network - and yes, you've already explained the main router at 192.168.1.1 you're relaying to.)