DOH per interface/client

Installing and Using OpenWrt
101

yes, sorry I should have said it was openwrt

it worked before the sysupgrade, and nothing has been changed

# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        list listen_address '192.168.1.253'
        list server '192.168.1.1'
        list server '1.1.1.1'

config dhcp 'lan'
        option interface 'lan'
        option start '1'
        option limit '150'
        option leasetime '1h'
        option dhcpv4 'server'
        option force '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option leasefile '/tmp/odhcpd.leases'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
        option piodir '/tmp/odhcpd-piodir'
        option hostsdir '/tmp/hosts'

after that is my DHCP tags for my devices, so I will not show that as I will have to remove the MAC address for each and the persons name who’s device it is

102

Did you add these?

Shouldn't be necessary (this has to do with having 2 DHCP servers in the same network, which we discussed is invalid).

103

I originally had just 192.168.1.1, and added 1.1.1.1 for troubleshooting

I though it was like pi-hole rapid assignment, I will turn it back off

104

Remove this also. You have a LAN DNS setting.

105

I already have, I guess that is was not needed when you mentioned it

I still get

ping: bad address 'openwrt.org'
106

Does this mean DNS resolution is working again - and that you can update package lists and install DoH?

Nevermind, I see your edit.

Can we see the DoH config?

107 

cat /etc/config/https-dns-proxy

config main 'config'
option dnsmasq_config_update '-'
option force_dns '0'
option notrack_dns '1'
list force_dns_port '53'
list force_dns_port '853'
option procd_trigger_wan6 '0'
option heartbeat_domain 'heartbeat.melmac.ca'
option heartbeat_sleep_timeout '10'
option heartbeat_wait_timeout '10'
option user 'nobody'
option group 'nogroup'
option listen_addr '192.168.1.254'
option verbosity '4'

config https-dns-proxy
option listen_addr '192.168.10.1'
option listen_port '53'
option user 'nobody'
option group 'nogroup'
option bootstrap_dns '45.##.##.###,45.##.##.###'
option resolver_url 'https://dns.nextdns.io/c####/Dehumidifier-2.1

and the rest of the devices continue like that

this shouldn’t be active though as the package is not installed

108

:neutral_face: If you have not done so already, please proceed to do so.

109

so packages

luci-app-https-dns-proxy

do I need the other

https-dns-proxy
110

Dependencies are added automatically.

111

is it a problem that I already added it?

sorry I should have waited

112

did I get the app name incorrect, it wasn’t added after a sysupgrade

I don’t even think there was a reboot, so I did in manually, from LuCi

I would never power reset during a firmware upgrade

113

so openwrt DNS resolution is not working, but at least everything else is

clients are working perfectly

thank you so much

114

just a side note, I am getting a lot of

XHR request timed out

since upgrading to version 25

115

I installed it and compared your configs, I noticed this is missing from the DHCP config you posted - you'll need to add these manually, as we'll later need to disable a section that automatically updates it:

        list server '127.0.0.1#5053'
        list server '127.0.0.1#5054'

I'm able to successfully setup DoH as we discussed.

  • Install the software
  • Set the following:

Screenshot 2026-05-05 101134

  • Leave the instances listening to 172.0.0.1 for the OpenWrt itself
  • Create the instances (I used Google in this example):
config https-dns-proxy
        option resolver_url 'https://dns.google/dns-query'
        option bootstrap_dns '8.8.8.8,8.8.4.4'
        option listen_addr '192.168.xxx.xxx'
        option listen_port '53'

And so forth as you already described:

  • Setup the DHCP tags (as you already have)

Did you upgrade any individual packages after upgrading to version 25?

116

I am unable to upgrade anything, still have no DNS on lan

I already did set to not update dnsmasq configs

Everything with the DOH is working perfectly now

I noticed the “XHR request timed out” happens more on the https dns proxy page. it happen more when I defined a lot of placeholders, 254 to be exact, so I cut it down to only the ones I need, which has helped, but it is still happening

I think I was overloading as at one point I think my load average was over 16, I believe this is a duel core cpu, so the safe limit is no higher than 2

I added these and still have do DNS resolution

does my listen address need to 127.0.0.1 as well as 192.168.1.253?

117

Did you remove the orginal DoH entries?

118

I wasn’t 100% sure what was created by DOH

so I moved my config, hoping for a default to be generated, nothing happened

so I moved the config back, and dhcp and dns are gone from LuCi

even though the working config is back, and my printer is having connection trouble, so I don’t think DHCP is working

119

would the backup migrate to a Raspberry Pi 3

as these performance problems are killing the network

i don’t really care that much about the APs I had setup, just this DHCP setup

120

You might want to fix the issues - as they're in your configuration.

But yes, the backup will transfer.