LAN or WAN interface for DNS (only for the router)

So we have custom DNS options in both LAN and WAN interfaces AND the "DHCP and DNS"(dnsmasq) area on luci.

I want to give a DNS server only for the router to use for itself (for packages etc.) but not to do anything else with it, like letting other devices use it.


/etc/resolve.conf, it's in luci too, in interfaces.

You could make the DNS Server service listens only on the localhost interface.

uci add_list dhcp.@dnsmasq[0].interface="loopback"
uci commit dhcp
/etc/init.d/dnsmasq restart

root@OpenWrt:~# netstat -nlpu | grep dnsmasq
udp        0      0  *                           3579/dnsmasq

Also make sure that the DHCP is advertising a valid and open DNS server, otherwise the lan hosts might have trouble if they keep asking the closed dns port on OpenWrt.


Which interface, LAN or WAN?

Only one of those is used to communicate with internet....

Choose the interface (LAN or WAN) which is used to reach the DNS server.

  • If you run a recursive DNS resolver inside your LAN, and want to use it for OpenWrt: select LAN.
  • Instead, if you want to use a public resolver, select WAN.

In simpler terms, using LUCI what should I do? Can you tell me exactly which setting needs to be changed to allow JUST the router itself to resolve its own DNS from a public dns server?

add DNS IPs in LAN or WAN interface for DNS (only for the router) - #2 by frollic

I'm kinda new in this. I can't really play with files like resolve.conf. I can only use LUCI.

the answer is still in ths thread ... LAN or WAN interface for DNS (only for the router) - #7 by mpa

No that's not the right answer... What he said might be true, but it was irrelevant to my question.

if you want to use a public resolver, select WAN.

The DNS server is automatically added to dnsmasq as an upstream resolver when the respective interface goes up, and removed again when the interface goes down.

He doesn't mention if this wouldn't allow the router to give DNS to other devices.

You're not being helpful frollic.

he adds to my answer
combine his, with mine, and you got what you need...

1 + 1 = 3

his last sentence isn't very helpful though, only confusing, and not really relevant in this case.

First, configure the clients to use a different DNS server. Depending on how they receive their IP configuration, you would do this either with a static configuration on each client, or by making the DHCP server send the DNS server option. Assuming your DHCP server is dnsmasq on OpenWrt, and you want the clients to use as their DNS server:
Network -> Interfaces -> LAN -> Edit -> DHCP Server -> Advanced settings -> DHCP-Options -> option:dns-server,

Optionally, if you want to forbid DNS queries from clients to the router, use OpenWrt's firewall to block them: Network -> Firewall -> Traffic rules -> Add

  • Name: Reject-LAN-DNS-input
  • Protocol: TCP UDP
  • Source zone: LAN
  • Destination zone: device (input)
  • Destination port: 53
  • Action: reject

I agree, and I removed it.