How to set specific DNS on both IPv4 and IPv6 lookups

Can someone help as I am hoping this should be quite straightforward but I am loathe to blindly try editing Luci and screw things up considering how much time and effort I had to put in to get it working. I have tried to read the docs. but I am still not confident.

I have just converted my main router (D-Link DIR-882) over to OpenWrt 23.05.4.

I also have a AX3000T set up as a dumb AP (following the excellent Luci guide!) with ethernet backhaul to the DIR. There are different SSIDs on both for normal and guest connections (so 4 different SSIDs).
The DIR is connected to the ISP modem/router (supposedly in bridge mode) with a PPOE fibre connection.

Previously on the DIR I had specific DNS servers loaded on both IPV4 and 6 and want to use the same again as I want to avoid/bypass my ISP DNS.
9.9.9.9 and 1.1.1.1
2620:FE::FE and 2606:4700:4700::1111

Please let me know what if any config info is required - I can at least ssh into both routers :wink:
This is what I see when I look at properties when connected wirelessly to the DIR on my laptop -
SSID: DIR882
Protocol: Wi-Fi 5 (802.11ac)
Security type: WPA3-Personal
Network band: 5 GHz
Network channel: 36
Link speed (Receive/Transmit): 390/585 (Mbps)
IPv6 address: 2001:fb1:13a:286e::433
2001:fb1:13a:286e:4c:a6ab:b924:901
fdcf:2c6a:4fda::433
fdcf:2c6a:4fda:0:63e4:6c4e:134:3607
Link-local IPv6 address: fe80::ef63:181c:dfb6:82f9%19
IPv6 DNS servers: fdcf:2c6a:4fda::1
IPv4 address: 192.168.1.189
IPv4 DNS servers: 192.168.1.1

Least int$u¡ive is to set those as dbs forwarder servers then uncheck resolv usage in same tabs.

Sorry but is that intuitive or?
Also apologies but where do I find those settings or is there something that tells me how to do that please?

Intrusive, ie dnsmasq on the router queries the alternate dns/ no change on clients

With the default settings the OpenWrt will advertise itself as the lan dns server and forward queries that are not in local cache to upstream dns servers.
So basically what you see on your laptop when connected to the WiFi of DIR or AX3000T is the IPs of the DIR

IPv6 DNS servers: fdcf:2c6a:4fda::1
IPv4 DNS servers: 192.168.1.1

Then the queries will be forwarded to quad9 and cloudflare.
Use dnsleaktest.com to verify which dns you are using.

Thanks yes I realised that but previously before installing OpenWrt I used to see the IPs I mentioned.

Is this what I should be looking at? -
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration

and specifically -
Providing custom DNS with DHCP or Upstream DNS provider - both of which appear near the bottom of the page of that link.
If yes which is likely to be the better option and why?
@brada4 reply to you as well.

Apologies for my confusion but are you saying that installed Openwrt lan DNS server forwards automatically to those 2 specific providers or you mention those as they were the ones I want to use?

I think it's best like you have it now. Because you can resolve internal names too. Let's verify the configuration:

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
 "kernel": "5.15.162",
        "hostname": "DIR882WRT",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "D-Link DIR-882 A1",
        "board_name": "dlink,dir-882-a1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdcf:2c6a:4fda::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '192.168.1.1'

config interface 'wan'
        option device 'wan'
        option proto 'pppoe'
        option username '
        option password '
        option ipv6 'auto'
        option peerdns '0'
        list dns '9.9.9.9'
        list dns '1.1.1.1'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config device
        option type 'bridge'
        option name 'br-guest'
        option bridge_empty '1'

config interface 'guest'
        option proto 'static'
        option device 'br-guest'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'
        list dns '9.9.9.9'

package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '12h'

config host
        option ip '192.168.1.232'
        option leasetime 'infinite'
        option name 'BRWAC50DED85F0D'
        list mac ''

lrwxrwxrwx    1 root     root            16 Jul 16 05:14 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            47 Sep 30 22:09 /tmp/resolv.conf
-rw-r--r--    1 root     root           171 Oct  1 14:07 /tmp/resolv.conf.d/resolv.conf.auto
-rw-r--r--    1 root     root            52 Oct  1 14:07 /tmp/resolv.conf.ppp

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root           171 Oct  1 14:07 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.ppp <==
nameserver .49
nameserver .29

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface guest
nameserver 192.168.1.1
nameserver 9.9.9.9
# Interface lan
nameserver 192.168.1.1
# Interface wan
nameserver 9.9.9.9
nameserver 1.1.1.1
# Interface wan_6

Remove the dns from lan and guest.

Change the ipv6 in wan into manual.

Then you can add custom dns under wan6 interface.

It looks like I can do this in Luci?

I also see that currently under Interfaces-guest-DHCP Server-IPv6 Settings that DHCPv6 Service is disabled and also under Interfaces-wan the same?

If under Interfaces-wan-Advanced I change to Manual does this change or does not affect it as needs to be changed under wan 6 interface?

I am rushing out now for rest of day so will pick up later. Thank you.


And in resolv and hosts "ignore resolv file"
Optionally override your providers dns servers for their domains

/yourprovider.net/10.11.12.13
/.../....
1 Like

In guest interface you may or may not enable ipv6, it depends on you. In wan you leave it as it is.

You need this change to make the wan6 interface active and configurable. Then proceed to assign the preferred DNS under advanced settings. If you keep it "auto" then a new interface called wan_6 is automatically spawned when the pppoe is up and you cannot configure its settings.

Apologies if I am being thick but did as suggested. Removed DNS from Lan so now nothing in lan - Advanced - "Use custom DNS servers"

Ok changed to Manual and the wan_6 interface that had been created disappeared.
However In Wan6 Interface - Advanced - there is nowhere to add DNS settings as it is currently configured so I am presuming I need to change something else?

Also for my understanding there is a line which says "Use DNS servers advertised by peer" which is still ticked - what does "peer" refer to - wan/isp or ?

Yes, untick that to ignore the ISP advertised DNS and add the custom ones.

Thanks.
So "peer" refers to ISP here but generally is that true?

Hopefully last question on this subject ( :slight_smile: ) Do I need to change anything on my separate dumb AP or does that automatically now pickup the revised DNS?

You wrote so much unnecessary text.
Make it simple, install package luci-app-https-dns-proxy and configure it as you wish

It can be the ISP or any other device that offers downstream DNS, e.g some upstream router.

If the dumbAP is using the main OpenWrt router as DNS, then you don't need to change anything.

Thanks for all your patient help. :+1:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.