Hostnames prefixed with customer.oowvps.co

rmandrad · January 8, 2018, 9:55am

Hello everyone and happy new year

for some reason my hosts are now showing their domain suffixed with customer.oowvps.com

in spite of using a DHCP domain definition this is being ignored ?

note that the hosts are not mobile phones !

Thank you

tmomas · January 8, 2018, 11:09am

Which device are you using and which LEDE / OpenWrt firmware image?

rmandrad · January 8, 2018, 11:24am

WRT3200acm; Lede snapshot r5682-b153dbf046

jow · January 8, 2018, 12:23pm

Please provide your /etc/config/dhcp file

rmandrad · January 8, 2018, 12:29pm

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option nonwildcard '1'
        option localservice '1'
        option local '/xxxxx.com/'
        option domain 'xxxx.com'
        option dnssec '1'
        option dhcpleasemax '30'
        option nonegcache '1'
        option dnsforwardmax '200'
        option cachesize '200'
        option allservers '1'
        option noresolv '1'
        option strictorder '1'
        list server '127.0.0.1#5353'
        list server '127.0.0.1#5354'
        list server '127.0.0.1#5355'
        list server '/pool.ntp.org/8.8.8.8'
        list notinterface 'wan'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option dhcpv6 'server'
        option ra 'server'
        option leasetime '6h'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

lleachii · January 8, 2018, 1:23pm

Would those 2 snippled domains happen to be: customer.oowvps.com???

rmandrad · January 8, 2018, 1:24pm

nope .... just masked ... what is not happening is that the dhcp leases are not suffixed with this domain but instead with this customer.oowvps.com

lleachii · January 8, 2018, 1:42pm

This command tells your DNS server to use a different forwarders for a given domain. Why???

Upstream DNS servers (and how DHCP hands them out) are likely listed under: /etc/config/network

It's likely your upstream DNS is poisoning local or NXDOMAIN responses.

rmandrad · January 8, 2018, 1:44pm

these are statement included by dnscrypt .. .at the moment I have three... you are right ...meaning that dnscrypt proxies are poisoned

lleachii · January 8, 2018, 3:37pm

You never mentioned you're running DNSCrypt...

And yes, the proxies could be poisoned. If someone is running a DNSCrypt server on a consumer connection for example, their upstream DNS provider (usually the ISP) could be poisoning nonexistent Global results to point to their domain.

Try running nslookup on the upstream DNS servers (if they have normal lookup available)...and see if their response is in the customer.oowvps.com domain.

ALSO CONFIRM THAT YOU DO NOT SPECIFY DNS SERVERS ON THE WAN INTERFACE - NOR CONFIGURE YOUR DEVICE TO GET DNS SERVERS VIA DHCP!

rmandrad · January 8, 2018, 3:46pm

yes - I am using "list notinterface ‘wan’"
and also the following
config dhcp 'wan’
option interface 'wan’
option ignore ‘1’

in fact they are resolving to google ... somehow I can't change the domain for mobile/android devices

Anyhow - thank you for everyone's help