Hi there, I am having an issue with OpenWRT Version 24.10.0 where after every reboot, the router incorrectly sets a DHCP Option in my LAN interface settings, causing all devices to be given an incorrect DNS server, I am completely unaware of what has been causing this issue and everything I've tried to fix it hasn't worked. Manually changing this setting back to it's default state completely fixes all issues.
Incorrect setting (Gets changed everytime the router restarts)
Removing the DHCP Option entry "6,192.168.1.1/24" and reconnecting a client to the network gives it the correct DNS server. With this setting set incorrectly clients will be given "24.168.1.1" as DNS server and will not work.
With 192.168.1.1/24 should the client guess which IP the DNS is on ?
This is what I thought as well, apparently not, it seems if providing a subnet it gives a set address to clients. I'm also not 100% sure if this is the correct place to define DNS settings for a LAN (There's many other places for DNS related settings...) But setting it to the routers IP address is the only setting that actually works
I'm not running a script, this has been the setting used on my network for as long as I can remember, and removing all entries from there prevents everything from working, so I'm unsure of what to do
DNS is the router, 192.168.1.1 is the gateway and the DNS, I have a setup where it forwards requests from my LAN up to Quad9. If Interfaces > LAN > DHCP Server > Advanced Settings isn't the correct place to specify DNS for LAN, then could someone please help me figure out where the correct place to do it is (Removing all entries from DHCP Options causes nothing to work) I apologize for my lack of skills in making issues, I don't normally report issues I find haha.
Perhaps there's something else amiss with your setup, so please connect to your router using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Or simply use 6,9.9.9.9 in the field you previously misconfigured, but it'll bypass your local DNS completely.
If it's a problem, or not, is for you to decide.
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdf4:1d30:7ca4::/48'
option packet_steering '1'
option steering_flows '128'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list ipaddr '192.168.1.1/24'
list dns '9.9.9.9'
config device
option type '8021q'
option ifname 'wan'
option vid '10'
option name 'wan.10'
config interface 'wan'
option device 'wan.10'
option proto 'dhcp'
option vid '10'
option peerdns '0'
list dns '127.0.0.1'
config interface 'wan6'
option device 'wan.10'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
option norelease '1'
list dns '::1'
root@OpenWRT:~# cat /etc/config/dhcp
config dnsmasq
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option expandhosts '1'
option cachesize '10000'
option authoritative '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option logqueries '1'
option confdir '/tmp/dnsmasq.d'
option domain 'lan'
option domainneeded '1'
option doh_backup_noresolv '-1'
option noresolv '1'
option nonegcache '1'
list server '127.0.0.1#53'
option port '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,192.168.1.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWRT:~# cat /etc/config/firewall
config defaults
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTPS'
option src 'wan'
option src_dport '443'
option dest_ip '192.168.1.210'
option dest_port '443'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTP'
option src 'wan'
option src_dport '80'
option dest_ip '192.168.1.210'
option dest_port '80'
I'd also just like to mention that I just tested it again and adding a DNS entry in Interfaces > LAN "Use custom DNS servers" doesn't actually give DNS to the clients, the only way I can get DNS servers to my clients is in this DHCP Options setting
@Funtimes909, reset to get rid of all the "bugs" you've created yourself.
Add the 6,9.9.9.9 to the DHCP config, and/or 9.9.9.9 on the wan interface, and you're good to go.
I forgot to mention, the reason you see localhost for a few DNS related options is because I use SmartDNS for upstream DNS, routing DNS through there works fine, it's done for DNS over HTTPS and DNSSEC reasons. I kind of think this thread is going nowhere as I think I've been severely misunderstood and haven't done a good enough job providing information
