opkg update fails due to dns problem, I can ping google by IP, and if I swap the localhost in resolv.conf with 1.1.1.1, the problem is solved.
Do I need to do some special configs to make local dns server working?
# cat /etc/resolv.conf
search lan
nameserver 127.0.0.1
nameserver ::1
# nslookup www.google.com
Server: 127.0.0.1
Address: 127.0.0.1:53
** server can't find www.google.com: REFUSED
** server can't find www.google.com: REFUSED
Make sure it got an upstream DNS ?
meaning changing the resolv.conf manually? Is this file changed automatically by dhcp?
If your AP is set up as a DHCP client, it would be.
There're LAN side DNS settings in the UI.
Network -> Interfaces -> Edit-> DHCP Server?
I do not see DNS settings there.
or Network -> DHCP and DNS -> General settings?
OK, my theory is this
If openwrt grabs IP via DHCP, then /etc/resolv.conf will be changed to gateway, and local dnsmask service will be bypassed.
If I use static IP, then /etc/resolv.conf will default to localhost:53, which is served by dnsmask, and then I need to tell it where to look, and the config is /etc/config/dhcp, under config dnsmask/ list server 'blahblah'
Is that correct?
No, by default dnsmasq will always be the resolver for the router itself and the entire network the router serves, no matter how your WAN is configured. It's not ever bypassed in any scenario unless configured otherwise.
This gives your router the ability to resolve names for hosts on your network, in addition to names in global DNS. If you haven't changed the name of the router or any of dnsmasq's settings, you can navigate to http://OpenWrt.lan instead of http://192.168.1.1 and get to the same LuCI interface. If this works, it's because of dnsmasq running on the router itself.
Let's check if dnsmasq has upstream DNS configured. In the LuCI menu go to Network→Interfaces then for each of the two WAN interfaces:
Thanks for jumping in. My setup is a little different, I use this one as a dumb AP, but there is an interface with static IP so that I can access luci. If I click advanced settings on that interface, there is no 'Use DNS servers advertised by peer', why is that?
And, I guess if dnsmask handles both dhcp client and dns, that means it never need to change /etc/resolv.conf, and it should always point to 'nameserver 127.0.0.1'?
Ah, I think I see what's wrong. Your AP is not using DHCP at all, because the LAN interface is set to a static IP address. So it doesn't obtain upstream DNS information from your router. Because of that, dnsmasq on your AP doesn't know what upstream DNS to use. Yes, DHCP is used for more than configuring IP addresses!
Try adding your router's IP address as an entry in the "Use custom DNS servers" section of your LAN interface. The "Use DNS servers advertised by peer" is only relevant if the interface uses DHCP. Since your LAN interface is using static IP addresses, this option doesn't exist.
Correct. You shouldn't have to touch /etc/resolve.conf at all. Although since your LAN interface is set to a static IP, dnsmasq would serve only as the AP's DNS resolver.
If you really are running dumb AP you dont use dnsmasq at all and might as well disable it all together and all your clients should only use the dumb AP for wifi and negotiate DHCP or DNS with your main router.
Your resolv.conf file defines what DNS server your dump AP uses to resolve DNS. This is also defined in interfaces > advanced settings > use custom DNS servers
If this is set to localhost and it's dumb then its not going to resolve anything for you. You need to define a working DNS server ie. cloudflare or your router local IP if this is able to resolve.
Thanks, yes I tried 'Use custom DNS servers' and it worked. Now the question is, what is the the difference by this per interface option, and the option under Network-> DHCP and DNS -> General settings -> DNS forwardings ?
The DNS forwardings (which I assume works for all interfaces) rather than the per interface custom DNS option also works for me, but I found it a bit unstable, sometimes takes a long time (10 secs or more) to resolve a name. Any clue why that is the case?