I think I get it now
assign multiple IPs to lan for each dnsmasq instance to listen on
the client will then point to that IP
thats half worked out, no idea what the config for that would look like
if I am even correct
You'll definitely need to explain it better if this is causing an issue. Your WAN IP is the only public address you have. It's your only way to send traffic to the Internet.
Then maybe you're not using the term "listening address" correctly. I'm not sure how to better clarify. Perhaps someone else can use better descriptions.
My method uses the same dnsmasq [DHCP] instance to assign different proxy instances (delineated by different LAN IPs 
). The other user suggested making a dnsmasq instance for each in addition to the other proxies. The latter method won't require assigning more IPs to LAN, but may take more resources of the OpenWrt, and more fine-grained configuration of each proxy.
You'll need to ask the other user about that method, as you have 1 LAN, and I'm not sure how that'll work without additional network/wireless configuration.
What you're doing is quite novel, don't expect an exact step-by-step guide.
Thats exactly what I am trying to say
So the client would communicate directly with HDP?
the client DNS would tagged to be for example 192.169.10.10, would HDP listen on that address?
if so this is simpler than I thought
To clarify this statement:
- You'll add mutiple LAN IPs to the OpenWrt
- You'll make multiple DoH proxy, each listening on those separate LAN addresses (in this example IP_B)
- You'll use OpenWrt's DHCP to make a tag for the MAC of Unidentified_A to use DHCP Option No. 6 (DNS Server) as IP_B
- You now have your Unidentified Device using the correct DoH proxy/URL
- NEXTDNS sees the correct hostname
so was my example correct
ip 192.168.10.10/26 is added to lan
https dns proxy listens on 192.168.10.10:5053 or :53
client points at 192.168.10.10
the tagging can come later, I just want to test it actually works at the moment
Not 100% sure if that’s what you were saying, but in my quick testing it seems to have worked
DNS is only 53, hence needing to setup a separate instance per IP, as to port 53 again for another DoH instance.
Client is assigned 192.168.10.10 as it's DNS server.
(By the way, 192.168.10.x should be invalid..It should be 192.168.1.x. It might work, but for invalid reasons.)
That is "tagging". So just to test now, simply change the main DoH instance you have working and make sure the online console shows the correct response. Then proceed.
Then you can add an additional IP and proxy and test as follows:
nslookup example.com <IP_B>
Then do the DHCP/tagging for each client.
so how did port 5053 work, I know DNS is 53
so for the permeant setup does it need to be 53?
what, that is not my netmask 192.168.1.1/16 is my netmask
maybe it was originally, its not now
I meant the DHCP side, where the address is sent to the client
also just to make sure I can correct “dhcp.tag1.dhcp_option="6,8.8.8.8,8.8.4.4" “would be 192.168.10.10 well probally 192.168.10.1-20 for every device
and tag1 would become tag2, tag3
would [-1] also have to change, that’s the instance number isn’t it, so that would be no
so
uci set dhcp.tag1="tag"
uci set dhcp.tag1.dhcp_option="6,192.168.10.10"
uci add dhcp host
uci set dhcp.@host[-1].name="2.1-Smart-Plug"
uci set dhcp.@host[-1].mac="###"
uci set dhcp.@host[-1].ip="192.168.2.1"
uci set dhcp.@host[-1].tag="tag1"
uci commit dhcp
service dnsmasq restart
that would I do the same thing but replace tag1 with tag2, does anything else need to change
uci set dhcp.tag2="tag"
uci set dhcp.tag2.dhcp_option="6,192.168.10.11"
uci add dhcp host
uci set dhcp.@host[-1].name="2.2-Smart-Plug"
uci set dhcp.@host[-1].mac="###"
uci set dhcp.@host[-1].ip="192.168.2.2"
uci set dhcp.@host[-1].tag="tag2"
uci commit dhcp
service dnsmasq restart
would that be correct
is DHCP priority a thing, do devices connected to openwrt prefer the openwrt DHCP?
otherwise one time they could get the correct settings, and other they could use the main router
if thats the case I will disable the main router DHCP
I assume your unidentified devices use standard DNS. Where did 5053 work?
Wow, OK...then cool.
Yes, this is correct.
No!
You can only run 1 DHCP server in a subnet/broadcast domain.
when testing with an old iPhone I set its DNS to 192.168.10.10 then HDP listening on 192.168.10.10 port 5053
I am sure you can run more, but they will mess with each other
I have run 2 before but limited the IP range
would I have to specify DHCP option gateway, or should everything work as openwrt as the DHCP gateway, the smart tv did not like not having 192.168.1.1 last time for some reason, it has a meltdown, and kept crashing
strange problem
nothing is going to NextDNS when listen on port 53, and also seem to have no access to the internet
but listen on port 5053 everything for unrelated IP address
I am currently using 192.168.10.1 and 192.168.10.10
Error binding on 192.168.10.1:53 UDP: Address in use (125)
Error binding on 192.168.10.10:53 UDP: Address in use (125)
system reboot?
lan has no DNS connection either opkg fails
and dnsmasq is listening on all the IPs before even defined in HDP
so do I need to stop dnsmasq listening on the 192.168.10.X ip range
I made a new interface for the HDP address’ and told dnsmasq to exclude it, and it seems to be working, except openwrt domains are going though it as well
Semantics, but yes - they require custom configuration most DHCP servers in consumer devices don't expose/allow, since your main device is not OpenWrt, it was outside the scope of the discussion. If you have not made such configurations, it's indeed invalid to run 2 DHCP servers.
Odd.
Odd - you [should have just] only created the IP for the since DoH instance. Is the main instance listening on a single IP, or an interface (or all)?
It's not clear how you cannot listen on a newly assigned IP.
(This was all covered in our initial discussion on listening addresses. So, perhaps indeed you were using the term improperly and are still seeking clarity.)
Did you make any changes?
This was never setup correctly?
Not sure what this means. Your terminology sometimes causes confusion.
Just to be clear, you started using the phrase HDP instead of DoH.
because it got assigned to dnsmasq
I have a dedicated interface for these IPs now
openwrt.org etc
HDP means http dns proxy doesn’t it, the other person never did actually say though
Image was here, I accidently left my public IP, I will get that released but it probally doesn’t matter, its only going to get assigned to another customer with the same ISP
its going to them all again
and the roku TV is not even configured yet, so lan is going to them all
Sound like intended behavior?
That didn't clarify anything.
OK, just wanted to be sure because you changed terminology.
I think you're saying you messed up on your screenshot. I just want to make sure I follow what you're saying.
TBH, I'm not even sure why you populated those fields.
(It's difficult to follow when you show other unrelated configs, etc. in the middle of discussion. Apologies if I'm lost again. I also understand that you probably have some misconceptions about networking and configuration, so there's also a barrier in that regard - in attempts to understand the steps you undertake, and why - e.g., why you added configs that we never discussed, then inquire as if we'd understand them.)
Also, is this discussion of any help? - Https-dns-proxy with differnet Instances
how, devices without a tag were being sent to all the tag IPs and the main router, as https ddns proxy had updated dnsmasq
I don’t believe I need it to be updated, I only need to forward to 192.168.1.1 for unconfigured devices
the pings or whatever they are openwrt.org 3.openwrt.pool.ntp.org
the requests from the openwrt device itself
yes, I did fix it though, its showing the fact that the devices without a tag where going to all
I didn’t , it was auto filled by https dns proxy, I set to do not update dnsmasq now
anyway I believe its working, thank you