How DNS works exactly

Installing and Using OpenWrt Network and Wireless Configuration
1

I think we need more clarification on how DNS actually works on [at least default] OpenWRT installation:

  1. How to set timeout and number of attempts for each DNS record added via "Network -> Interfaces -> Edit -> Advanced" menu? Is there actually round-robin between them? Which one exactly is in use at a given moment and how the algorithm deciding it?
  2. When establishing OpenVPN connection, why we need to set custom DNS at the WAN interface and not VPN one in order to route DNS requests from the VPN through desired DNS and prevent DNS-leaking? For me, it is logical to set DNS for the interface we interested in (VPN) and not global one (WAN)
2

Please post output of ubus call system board from your OpenWrt device.

1 Like
3

This is not how DNS works at all.

All DNS servers set on the interfaces end up in one basket which is used by DNSMasq.
DNSmasq queries them all and uses the fastest, this queering for the fastest is done periodically I do not know the details

For some more background see my notes about this:

Most other third party firmwares uses the DNS server from your OpenVPN/WireGuard exclusively to prevent DNS leaks but for OpenWRT you have to use a script or use other means see:

1 Like
4 
{
        "kernel": "6.6.73",
        "hostname": "rpi5",
        "system": "ARMv8 Processor rev 1",
        "model": "Raspberry Pi 5 Model B Rev 1.1",
        "board_name": "raspberrypi,5-model-b",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.0",
                "revision": "r28427-6df0e3d02a",
                "target": "bcm27xx/bcm2712",
                "description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
                "builddate": "1738624177"
        }
}
5

Great documents actually, thank you! Need to comprehend this info now

6

In case your VPN endpoint is a domain name.... and you do not set an initial nameserver (reachable on LAN or WAN does not matter).... how do you want to resolve that name to make your VPN connection and then use a nameserver reachable through that VPN?

7

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.