there is some weird issue / bug,
on main router (10.0.1.1) where i run DNS, i have following settings
cat /etc/dnsmasq.conf
address=/abcd1.duckdns.org/10.0.1.104
When I set DNS on dumb routers to 10.0.1.1, the clients connected to dumb routers cant access
abcd1.duckdns.org anymore.
any idea why?
thanks!
No, not without additional info.
@frollic
its strange, i just figured out all my ios devices works fine, but the android is an issue.
I cant even ping that domain name; ping app crashed, and homeasssistant cant reach that url at all 
so no idea.
Start by disabling DoH in browser(s), if you need browser access, and DoT on OS level.
Both DoH and DoT makes the devices bypass your local DNS.
dont get it at all.
why it should help? local dns is apparently ok as Iphone devices works fine.
No one said there was anything wrong with your DNS....
@frollic i dont get the reasoning.
at the moment android is using (by default) i assume local DNS - which should be correct as ios devices works correctly, correct?
hwats the point to disable DoH / DoT - ie to disable DoH DoT - means it will bypass local DNS or use local DNS.... confused.
thanks
hm
i have
android
ios
It works on ios and doesn't on android. Right now nooone knows what DNS is used by android and which by ios devices.
There is no way to find that out on app level?
At the moment as we don't know which devices bypass ie android or ios. its not possible to say if my configuration is OK or wrong ... i need the go via elimination ...
looking into the configuration main router 10.0.1.1 has on wan following settings
and on LAN - the DNS addresses are no specified.
Dumb routers - are connected to main router via LAN ports.
It's easy to figure out who is using your DNS, by looking at the queries.
Those are irrelevant, since the DHCP DNSes can be something completely different, and DoH/DoT devices won't use them anyway.
looking at the queries where? these are mobile devices android/ios... i don't think there is DNSlookup or dig etc...
this one i don't get it, then whats the point to set DNS on endpoint client?
your local DNS server, on the router, or tcpdump.
depends on the client, doesn't it ?
With DoH/T, at least one plain query have to be made, to get the IP of the DoT/H host to be used further on (unless an IP was used, instead of host name/FQDN).
so i have to run tcpump on main router...
could you please advice what exactly in tcpdump? I mean i can download/run it but not clear for what do i have to look in dump.
i thought once client request DNS address from main router ie 10.0.1.1 it will use that DNS for all the requests... maybe i was wrong.
you're looking for the MACs or IPs of the clients making the request.
@frolic
while executed tcpdump command and opened homeassistant app and using ios client
root@OpenWrt-main-router:~# tcpdump -nn -i br-lan src host 10.0.1.144 and port 53 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
15:26:34.033062 IP 10.0.1.144.52370 > 10.0.1.1.53: 16313+ A? abcd1.duckdns.org. (36)
15:26:34.634313 IP 10.0.1.144.54567 > 10.0.1.1.53: 21152+ Type65? firebaselogging-pa.googleapis.com. (51)
15:26:34.634931 IP 10.0.1.144.50691 > 10.0.1.1.53: 59512+ A? firebaselogging-pa.googleapis.com. (51)
when i did the same using android
root@OpenWrt-main-router:~# tcpdump -nn -i br-lan src host 10.0.1.141 and port 53 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
15:28:47.484741 IP 10.0.1.141.49504 > 10.0.1.1.53: 48019+ A? www.google.com. (32)
any idea here?
Was this the only request from the Android device?
yeah
even when i open the browser... nothing else is in the tcpdump
Ok, so you need to do, what you were told to yesterday already...