How to set properly DNS server on OpenWrt device?

he did say adguard/pihole ....

2 Likes

pi-hole add-on was deprecated due to some reason, which I don't remember. https://community.home-assistant.io/t/home-assistant-community-add-on-pi-hole/33817/502
With the prices of Raspberry pi sky rocketing and with no stock available, using it for a single purpose can be described as a waste of computing power.

this is latest price for Rpi 4 4Gb Pkr 40,000, i.e USD $ 197!!

AFAIK you don't have to use a RPi4 for the pihole, I probably have 3 or 4 of the gen 1 ones at home.

Still running mine on free oracle cloud hosts

How to set up that?

yes, if you really old rpi 1 or 2, you can use it as a single-purpose computer.

like on any other Linux.

I'm a little bit confused.

It is my understanding, that dhcp-option 6 tells a client what DNS server to use. If I do not specify dhcp-option 6, there is an implicit dhcp-option 6 with the router's ip for this interface.

If I specify Use custom DNS servers for the wan interface, the specified DNS server appears in /tmp/resolv.conf.d/resolv.conf.auto. If /etc/resolv.conf points to the latter file, the router uses the specified DNS server as upstream DNS server.

But what happens, if I specify Use custom DNS servers for the lan interface? Where does the specified IP appear, where is it used? Can you explain?

Correct

resolv.conf.auto will aggregate all the nameservers from all the interfaces.

resolv.conf by default points to localhost, where dnsmasq listens

Same as before, it will be included in the resolv.conf.lan and resolv.conf.auto, it will be used by dnsmasq as upstream resolver, and by OpenWrt and the clients through dnsmasq.

4 Likes

if your router is powerful enough/has enough space you can install AGH in Openwrt. Theres an opkg version and a manual install. Then u can install ubuntu and docker on the Pi and install Plex Server on it. Instant netflix for the home :stuck_out_tongue:

Verified on a spare router with standard installation of OpenWRT 21.02.3.

Checked, too. /tmp/resolv.conf.d/resolv.conf.auto contains the following lines:

> # Interface lan
> nameserver 1.1.1.1
> # Interface wan
> nameserver 8.8.8.8

But there's no /tmp/resolv.conf.d/resolv.conf.lan. :frowning_face:

Okay, now I see the results of Use custom DNS servers in the specification of an interface.

In the past I used Use custom DNS servers only with the wan interface, if I don't want the DNS servers advertised by the peer.

Maybe I'm a little stupid (at least today), but I can't see any use case, where I specify a Use custom DNS servers other than the wan interface. Do you know such a use case?

Either I remember wrongly or it is not generated anymore.

A nameserver in lan, like pihole.

I just started following this topic as @mercygroundabyss pointed me here. I am also struggling in understanding dnsmasq and resolv.conf configurations for a different reason (AdGuardHome + dnsmasq).

Regarding your question above: I do have a use case, where I do my custom builds to be used as access point only. This build does not have dnsmasq, firewall, etc. I also delete the WAN interface. Therefore I use the lan DNS custom server to allow OpenWrt internet access. The custom lan dns is correctly saved to /etc/resolv.conf which enables internet access to the access points.

No problem, nobody is perfect. :wink:

Okay, but what is the difference specifing it under the wan interface? In both cases the DNS entry appears in resolv.conf.auto.

Okay, because of the missing wan interface you are forced to specify the DNS entry under another interface (in your case the lan interface). That makes sense, to use Use custom DNS servers in an interface other than wan. Thanks for your example.

Why do you need internet access for your AP? Because of the missing dnsmasq on the AP, the AP's clients must get their DHCP information (gateway, DNS server etc.) from your router.

I see no need for internet access for your AP and therefore no need for a resolv.conf. Or did I miss anything?

1 Like

If wan interface goes down it won't be used.

Package installation or upgrade. It doesn't hurt.

1 Like

Package installation and NTP time synchronization.

1 Like

Okay, I got it. Thanks for your examples and have a nice day.

2 Likes

What's the difference between that setting (which I think is what https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider describes) and
Network -> DHCP and DNS -> DNS forwardings (I did it via uci following https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dns_forwarding)?

Setting DNS server in LAN or WAN on Custom DNS will add the DNS servers to:
resolv.conf.auto
This file is queried by DNSMasq for the upstream resolvers to use.

This file can easily be manipulated from outside to add/remove the DNS servers (e.g. when using VPN), DNSMasq will monitor this file and reread on change.

This file is not read if the no-resolv directive is set in DNSMasq.

Now enter the Network -> DHCP and DNS -> DNS forwardings this will add the upstream resolvers in the dnsmasq.conf file as server=x.x.x.x and is always read.

In normal use there probably is not much difference and DNSmasq will query resolv.conf.auto and use the server=x.x.x.x as upstream resolvers.

At least that is my understanding but I am not an experienced OpenWRT users.

1 Like

Thanks!
The thing that confused me is that I didn't see the DNS servers I specified in resolv.conf.auto, but after a grep -r <IP-address-of-dns-server>, I found it in /tmp/etc/dnsmasq.conf.cfg01411c, which I guess is read in somewhere.

The IP addresses I added are OpenNIC servers and I may/might create a script sometime which pings a whole bunch and then enables/prioritizes the ones online and fastest, so having them in resolv.conf.auto seems the better place.

What I did find in resolv.conf.auto was the address of the advertised by peer, which I explicitly didn't want as that would mean my ISP's DNS servers (when deployed as my main router).

Agreed :slight_smile:

That is one reason to add your upstream DNS servers in the WAN as that is the place where you can disable advertised by peer (I also always disable that as I do not want my ISP DNS server)

1 Like