Hairpining - doesnt work

well i described step by step what i did/was executed... so i am wondering where is that broken part... for sure i could ... but as was mentioned that website linked here doesn't contain any description/high level overview...

It's an open source project, feel free to chip in.

As long as you cannot provide the packet captures to verify what is wrong, we cannot point any fingers.

1 Like

What makes you think that you are dealing with DOT or DOH? I have a dnsmasq resolution to a local server and it works even on Android, no matter what OS I do use. I am getting a local DNS resolution. Can you install CLI application on android and verify the Domain name resolution from your local network? Verify the same on linux and windows clients as well.

From within your network execute:


When the replying adress is local network address, the domain resolution is set up correctly.

He's already been told to disabled DoT and DoH, just to be safe, but it still doesn't work.

The error's someplace else.

@kukulo i dont understand it ... on some devices it does work on other it doesnt.

same here on my windows computer, if its connected via wifi - all works. once i connect it to the router via ethernet - it doesnt work

i assume same happening on that android device; ie that android is not able to do that translation, question is why?

maybe the issue is connected with ipv6 address? i have no clue why that computer is getting ipv6 address also ...

edit2: yes, i completely disabled ipv6 on that computer, in adapters settings and now i can ping these hosts.
So ipv6 is causing the issue; is it possible completely disable ipv6 in my openwrt? No point to have it as i dont use it and its doing just mess...

seems that issue with ipv6 was only causing the problem on the PC. maybe android is also using ipv6 somewhere?

at the moment when i type ping public.domain on android it says
uknown host
and app crashed.

whats the point of that command? the android cant see host/ip so there never be any traffic generated on that port...

is there a way how to debug why android cant see that dns translation? bc it can ping local IP,
but when i try to ping domain name which should translate to that local ip it says unknow host...

Do you have the control over the application source / android endpoint? If not, your chances to disable the DNS check of the android are lower. The application might use various DNS servers. To catch them you will need to use network sniffer.

yes i do, application is Homeassistant for android.
and also yes its my phone.

they said app is using default DNS server.
to catch what/how?


You can use the openvpn or shadowsocks together with the domain homeassistant.local. The openvpn or shadowsocks will provide encrypted tunnel from outside to your lan. Being inside you just use the local address of your home assistant. When using shadowsocks, use your router's lan address as a dns resolver in the shadowsocks android app. Both shadowsocks and openvpn you can set up on your openwrt router. You will need then port forwards from your isp router.

No need to struggle with external domain and dns hijacking.

not sure , i have setup wherere i run services localy with public hostnames (because of certificates for https). So basicaly i need to get translated those public local hostnames to local ip inside my network ... and it doesnt work on that Android device only :confused:

Can you use just the homeassistant.local address on your app?

The way I explained is to tunnel into your lan when outside and then just use the local lan address. This way you do not need for the android use of public domain. Are you able to connect with the local address from the android app?

no... its complicate everything .... i need to point to public url ... i cant all the time i leave home turning on vpn etc...

isnt Reverse proxy fix here?

still I clearly dont get it at all why stupid android is not able to handle that dns translation as all my devices on my network do....

seems no fix and multiple users having same issue