I wish to "forward" DNS queries to a local domain?

mprowe · June 16, 2025, 6:26am

Hi,
I have two local networks (192.168.0.x and 192.168.8.x) that are able to route between each other at the IP level.
Each network has its own DNS server (dnsmasq 2.90-r4), gateway to an ISP and domain name.

I would like to be able to forward a request (and return the result) from one domain to the name server in the other domain.

I have played with the settings here (http://192.168.0.1/cgi-bin/luci/admin/network/dhcp):

...with no sucess!

Am I even heading in the right direction?

Regards, Martin

frollic · June 16, 2025, 7:16am

are you able to query the 192.168.8.1 DNS from the 192.168.0.1 subnet ?

nslookup blah.local 192.168.8.1 from the 192.168.0.1 subnet/router.

mprowe · June 16, 2025, 7:31am

Errr.... sorta:

mprowe@Gzunder:~> nslookup rut200.local
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find rut200.local: NXDOMAIN

... but I can do:

mprowe@Gzunder:~> nslookup rut200.local 192.168.8.1
Server:         192.168.8.1
Address:        192.168.8.1#53

Name:   rut200.local
Address: 192.168.8.1
Name:   rut200.local
Address: fd36:b417:b5f4::1

mprowe@Gzunder:~>

egc · June 16, 2025, 7:49am

using local as the domain is a bad idea as that is reserved for mDNS.

I use e.g. homeX where X is the number of the third octet of the IP address so 192.168.1.0/24 has domain home1 but you are free to use anything as long it is not reserved or in use.

For local name resolution I have this in my notes hope you can make some sense out of it but in essence:
There need to be a route to the other DNS server
DNSMasq has to listen on the interface the query is coming in
Rebind protection has to be disabled
DNSmasq must also answer non local queries

The first is to make sure  that the DNS server from the other side can actually process your queries.
DNSmasq has to listen on all interfaces , by default this is the case but if you changed that then you have to add the WG interface as listen interface.

The second is that DNSMasq of the other side has to answer non local request.
For this disable Local Service only (DNSMasq: -local-service):
Luci DNS-DHCP > Filter >Local service only : untick/disable, \
or in /etc/config/dhcp:
config dnsmasq

option localservice '0'

The third is that the client side is now using a DNS server with a local RFC1918 address. 
DNSmasq has rebind protection which shield you from using local addresses as that can be used to spoof DNS so on the client side you have to disable Rebind Protection:
Luci DNS-DHCP > Filter > Rebind protection untick/disable
/etc/config/dhcp:
config dnsmasq

option rebind_protection '0'

instead of disabling Rebind  protection you can also whitelist the domain of the other side
Luci DNS-DHCP > Filter >Domain Whitelist  "set name of domain of other side"
/etc/config/dhcp:
config dnsmasq

list rebind_domain 'set name of domain of other side'


The fourth is that you have to instruct DNSMasq which server it has to use to resolve the domain of the other side, this assumes you have set a different domain name for each side e.g. home1 (router is 192.168.1.1) and home2 (router is 192.168.2.1)
On home1 you add: server=/home2/192.168.2.1
For openwrt, /etc/config/dhcp > config dnsmasq:

list server '/home2/192.168.2.1'

On home2 : server=/home1/192.168.1.1
For openwrt, /etc/config/dhcp > config dnsmasq:

list server '/home1/192.168.1.1'

mprowe · June 16, 2025, 8:35am

Yes, as I am beginning to understand! So, while I digest the body of your comments, let me offer a bit of background.
I think that these attempt are sort of being "forced" on me by the wish to Home Assistant / ESPHome in the 192.168.8.x network. I have tried to get HA to use another domain but that is thwarted by HA's dependence on mDNS.

I seem to have a circular problem

egc · June 16, 2025, 8:38am

I see your problem, you can try it with local but not sure if that will work