Nslookup behind router fails

ovar0409 · December 15, 2019, 10:30pm

Hi there,

I'm a bit lost, if I do a nslookup from my PC connected to OpenWRT router it returns the following:

nslookup www.yahoo.com
Server:  UnKnown
Address:  fd99:3f33:cf4b::1

*** UnKnown can't find www.yahoo.com: No response from server

If I do the same on the router, it resolves it.

nslookup www.yahoo.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      www.yahoo.com
www.yahoo.com   canonical name = atsv2-fp-shed.wg1.b.yahoo.com
Name:      atsv2-fp-shed.wg1.b.yahoo.com
Address 1: 87.248.98.8
Address 2: 87.248.98.7
www.yahoo.com   canonical name = atsv2-fp-shed.wg1.b.yahoo.com*
Address 3: 2a00:1288:110:1c::3
Address 4: 2a00:1288:110:1c::4

On the WAN and WAN6 interfaces, "Use DNS servers advertised by peer" is selected.
On the Status / Network page, I can see 2 DNs servers provided by my ISP.

Any idea?

Thank you

psherman · December 15, 2019, 11:41pm

How is the PC connected (wifi, ethernet; is there a secondary network/VLAN/guest-network)? Is the PC using DHCP?

Please post the following files:
/etc/config/network
/etc/config/firewall
/etc/config/wireless
/etc/config/dhcp

ovar0409 · December 16, 2019, 5:36pm

It was via ethernet. Interestingly, I just made the same test on my laptop (wifi) and it can resolve. To be honest I don't remember having that problem in the past... No clue.
For info, I just updated to 18.05 last week.

***** network -->
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd99:3f33:cf4b::/48'

config interface 'lan'
        option ifname 'eth0.1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'
        option type 'bridge'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'
        option type 'bridge'
        option reqaddress 'try'
        option reqprefix 'auto'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option blinkrate '2'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'

config switch_port
        option device 'switch0'
        option port '1'
        option led '6'

config switch_port
        option device 'switch0'
        option port '2'
        option led '9'

config switch_port
        option device 'switch0'
        option port '5'
        option led '2'

config interface 'guest'
        option _orig_ifname 'wlan0-1'
        option _orig_bridge 'false'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'

***** dhcp --> 
config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option domain 'varga.be'
        option nonwildcard '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option force '1'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'guest'
        option start '100'
        option interface 'guest'
        option limit '10'
        option leasetime '1h'
        option force '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

config host
...
...
...

***** firewall -->
config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'guest'
        option forward 'REJECT'
        option output 'ACCEPT'
        option network 'guest'
        option input 'REJECT'

config forwarding
        option dest 'wan'
        option src 'guest'

config rule
        option target 'ACCEPT'
        option proto 'tcp udp'
        option dest_port '53'
        option name 'Guest DNS'
        option src 'guest'

config rule
        option target 'ACCEPT'
        option proto 'udp'
        option dest_port '67-68'
        option name 'Guest DHCP'
        option src 'guest'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option dest 'lan'

ovar0409 · December 16, 2019, 5:45pm

Sorry, upgraded from 18.05 to OpenWrt 18.06.5 r7897-9d401013fc ....

lleachii · December 16, 2019, 5:46pm

First, verify who who returned this response. Maybe you configured a DNS server into your Linux client?

When I test on Ubuntu, it also displayed the dnsmasq server at 127.0.0.1.

Yes, if you tested this from the OpenWrt, then it successfully checked using its software- this means that the OpenWrt works.

ovar0409 · December 16, 2019, 10:21pm

I have the impression it is not linked to the router but something on my Windows 10 desktop. If I connect my laptop via the cable nslookup is working fine.

When doing a Wireshark trace on my desktop I can see some dns traffic... But I found also there is a lot of strange queries generated: PTR 0.0.0.0.in-addr.arpa. I will try to search on the internet....

ovar0409 · December 16, 2019, 10:44pm

I found the problem. Ipv6. As soon as I disabled ipv6 on the adapter on my desktop, nslookup was OK.
Now I need to find why my IPv6 Upstream is not connected (will create a new post)

system · December 26, 2019, 10:58pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.