Easy? dns question

im on 2305rc2
I want to bypass the dns i've setup on my wan for just one pc. It has specific mac and fixed ip v4. I've tryed setting up firefox 's dns over https: nothings works. Then i've tryed to vi /etc/config/dhcp and add:


config tag 'tag1'
option dhcp_option '6,,'

config host
option name 'lumo'
option mac 'xyz-my-mac-xyz'
option ip ''
option tag 'tag1'


nothing works. I still end up with wan DNS.
Any suggestion?
Thanks regards

not sure the examples from https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#client_classifying_and_individual_options can be entered in the cfg file.


What i've followed should be exactly the same reported in " Client classifying and individual options" of your example.
Btw doesnt work
Whats different from editing the /etc/config/dhcp file and entering the "uci" commands?

This requires to reconnect the client to apply the changes and fails if the client is using IPv6 DNS by default, or when DNS hijacking is enabled on OpenWrt including https-dns-proxy default setup.

I'm not sure of this syntax's validity using hyphens.

As I don't think the Wiki uses them, and I see no such example on the forums.

So to be clear:

option mac 'xy:zm:ym:ac:xy:ab'

Ok thanks.
Btw the dns is still managed by what i've specified in the wan section.
Is there some sort of "cache"? Or should I do something else after I give /etc/init.d/dnsmasq restart ??
Note that I connect to router through an AP configured as "dumb-ap". The above config has been deployed only on the router, is this correct?

Oh, it's totally valid... if you're using Windows.

If you're using a sane operating system, then not so much.


1 Like

Hi, anyone can help with this?
Thanks in advance

with what?
the regular which also happens to be a clairvoyant, is taking a white month from IT.

if the client's getting the DNSes you've configured, then the error's with the client, or the rest of your setup/network.


Thanks, but I expected the client to get the DNS i've configured for the specific mac.
I had vi /etc/config/dhcp as follows:

config tag 'tag1'                                         
        option dhcp_option '6,,'
config host                           
        option name 'dns'            
        option mac 'xx:xx:xx:xx:xx:xx'
        option tag 'tag1'  

The mac is a laptop mac, running pop-os. I've tryed already to clean the client DNS cache with

sudo resolvectl flush-caches

and to clean firefox cache by emptying at


so I have no clue why I am still redirected to what i configured as WAN dns.
I connect through an AP (dumb AP config) but has the router IP as DNS configured so, for what i can understand, the configuration should rely on what is setup on the router.
The router have DNS setup on the WAN only, no DNS setup on LAN.
No clue... :-/

get and use are two different things, which one is it ?

if you're attempting this configuration on the AP, it's not going to work.

1 Like

I expect the client to use the dns specified above as 'tag1'. And everything is configured router side.

you're not answering the question, reread Easy? dns question - #11 by frollic

have you disabled DoH / DoT in the browser ?
does your OS and applications perhaps use it too, or hardcoded DNSes ?

the AP should be left out of this discussion, if you've configured it correct.

1 Like

Ultimately the client decides what DNS to use. The IPs advertised in DHCP option 6 are only suggestions.

I would use tcpdump on the router to monitor a DHCP reply to see if the per-client option setting is actually working.
tcpdump -i br-lan -vvv port 67


I expect the client to USE the dns specified as tag1. I want the client to resolve via as in the example.
I have disabled DoH in the browser, and did a browser "refresh" from 'about:support'
The OS have nothing hardcoded for DNS to my knowledge. It's a pop-os linux and I never messed with DNS.

Check on the client:

grep -e ^hosts: /etc/nsswitch.conf
resolvectl --no-pager status
cat /etc/resolv.conf
1 Like

as @slh already said, there's no guarantee, unless you force it to.
his suggestion to see if the DNSes are actually served by the DHCP, is an excellent way of trouble shooting the issue.

1 Like
resolvectl --no-pager status
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp0s25)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp3s0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server:
       DNS Servers:
        DNS Domain: lan

Link 4 (wwan0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
grep -e ^hosts: /etc/nsswitch.conf
hosts:          files mdns4_minimal [NOTFOUND=return] dns
1 Like
tcpdump -i br-lan -vvv port 67
-ash: tcpdump: not found

options edns0 trust-ad
search lan

1 Like