DOH per interface/client

I think I was trying to do too much with the RE305 and it couldn’t keep up

anyway, what exactly do I need to remove from /etc/config/dhcp?

I have

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        list listen_address '192.168.1.253'
        list server '127.0.0.1#5053'
        list server '127.0.0.1#5054'

config dhcp 'lan'
        option interface 'lan'
        option start '1'
        option limit '150'
        option leasetime '1h'
        option dhcpv4 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option leasefile '/tmp/odhcpd.leases'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
        option piodir '/tmp/odhcpd-piodir'
        option hostsdir '/tmp/hosts'

then all the tags

Edit again: DNS works, I don’t get how

I don't have this in my config.

What I did:

• Created an interface (e.g., service_net) with IP range 192.168.xx.1/24
• Added IPs (e.g. 192.168.xx.53/24)
• Configured DNS not to listen on this interface
  
  

  Screenshot 2026-05-05 150347652×103 8.66 KB
• I then used the IP in my DoH config:

config https-dns-proxy
        option bootstrap_dns '8.8.8.8,8.8.4.4'
        option resolver_url 'https://dns.google/dns-query'
        option listen_addr '192.168.xxx.53'
        option listen_port '53'

• (In your case, you'd create more IPs and NEXTDNS instances for each device)
• Setup tagging on LAN devices to set DHCP Option No. 6 to 192.168.xxx.53
• The 127.0.0.1 configs will ensure the OpenWrt keep DNS connection via the default DoH configs for Google and Cloudflare

(I hope that covers everything.)

Probably because you fixed the list server sections.

so you did what I originally did when I couldn’t get dnsmasq to work

so where did you bridge/connect service_net, because I had issue where DHCP wouldn’t work if it was bridge to br-lan

except it didn’t work when I did that

It only would on the Raspberry Pi 3, same config

anyway thank you, the Raspberry Pi 3 has massively improved the responsiveness and stoped the LuCi errors

I didn't connect or bridge. In my case, I added service_net to the LAN firewall zone. This zone allows inter-interface traffic forwarding by default. Bridging 2 networks with different IP ranges won't work, as they need to route.

Compare the configurations for differences if you're interested.

Responsiveness may be the hardware, the LuCI is likely a software issue. Some of your descriptions of successfully installing but no reboot occurred seemed odd.

You're still using the upstream device for routing?

If so, does it allow you to add static routes?

If not, this might not be a viable option.

thats the issue I had because I had to bridge DNS interface for the address’ to come up

I worked it out, I added listen address 127.0.0.1 to dnsmasq section of /etc/config/dhcp

The CPU could not keep up, the spike in CPU usage was enough to take the whole device down

The Raspberry Pi 3 is quad core, so does not have this issue

I am using the main router for everything except DHCP and DNS

The Linksys system gives very little configuration options

Its very locked down, no command line, your can’t even change the wireless channel in the default mode, you have to add “#casupport” to change wireless channel

But still sometimes you are able to set static routes. Did you found anything in this regard?

It got restarted today when I had to change the WAN Ethernet cable to the main router

Our ISP asked for it to be done

All device got there DHCP back, expect no internet access

Changing the DNS setting on a client did not help

It wasn’t until I set a static IP I got internet

192.168.1.253 gateway?

Because the main 192.168.1.1 seems to be what temporarily fixed this

also

image869×177 16.3 KB

How would this even help?

I don't know, because your Internet issues and the inquiry about static routes are seemingly 2 different discussions.

If your device is setup as discussed, you only have 1 gateway - your ISP device.

that’s was related to the possible use of static routes, I don’t get how that could be used?

the openwrt DHCP assigns itself as the gateway

the DHCP gateway is 192.168.1.253, should I pass the actual gateway to clients?

No, a discussion with your ISP to change cables was not related. Also, it's difficult to follow you without sentences and punctuation.

I discussed making a route to service_net_IP_range via <OpenWrt_LAN_IP>. This is because your ISP device is still routing and the OpenWrt should be setup as a dumb AP. Hence to reach another subnet, routing is required. Your devices point to the ISP device as thier router (gateway).

Ummm, ok. You have 2 routers on the same subnet...I understand the issue you experienced now.

You have a few options, but I just want to ask first:

Is there anything preventing you from using the OpenWrt as your ISP border router?

only one ethernet port, the fact the current is a wireless mesh

it actually runs a version of Openwrt but its retail release

Linux: Linux version 4.4.60 (root@ip-10-0-0-233) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r35193) ) #1 SMP PREEMPT Wed Jul 17 09:58:09 PDT 2024

If I had a device that had two ports, I could put both mesh nodes in bridge mode, would also stop ISP connections over TR-069, but its not going to happen yet and might never

The ISP Fibre box / ONT / CPE stored the MAC address of the connected device, we have the contact the ISP if the device is changed

would dhcp options “3,192.168.1.1“ help?

Or use configure your new interface with that same MAC.

Yes, that was going to be my first option. Make sure all devices obtain a new lease after saving and applying.

...but trhen you need the static route in the ISP device to reach service_net.

I did that, I also turned on Force temporary, as the main router DHCP is running just to take over for the no internet problem, I will tunrn the main oruter DHCP off again later

also is there a thing where if openwrt boots before the main router, there would be an issue?

so as I am not using “service_net“, I am using all the IPs on lan

I do think something got confused when the main router was offline

Not sure if this openwrt setup is to blame, but network responsiveness seems slower

Like DNS queries are taking longer

I thought that there would probably be a small increase in query time but didn’t think it would be noticeable

Maybe it’s something else but only seems to have happened since using openwrt and replacing the WAN Ethernet cable to the main router

As this is a long thread, not easy to follow, you might consider opening a new one, just focusing “DNS queries are taking longer”. And explaining, whats the difference in DNS now. I.e. using DoH instead of DNS-UDP is slower, of course.

DNS-related config present, would help.

• and changing devices
• setting up DoH
• altering DNS and DHCP

(Recall?)

Since your ISP instructed you to do this, have you asked them?

(I think it's fair to make a separate thread for your separate issues.)

They nobody know about the DOH setup

I don’t like multiple threads, I never have done

But my iPhone was using DOH though the NextDNS app before and was mostly normal

DOH though Openwrt just seems slower than though NextDNS app

that’s hard to include, there is the DHCP side and the https dns proxy side, HDP listens on port 53 at a address assigned to a client by DHCP

I can’t really show the DHCP as it contains MAC addresses, and I can’t really show the HDP as it contains people’s names in my family

I would have to filter a lot, and most has been discussed above, with the clients cut out