OpenWrt making DNS connections on port 53 by itself!

I have network with IP addresses 192.168.1.x
I have OpenWRT installed on a router with IP address (192.168.1.2)
The DNS server on it is configured to be (192.168.1.1)
Only my computer is existent on this network with IP address (192.168.1.10), no DNS configured.

In The Picture:
When I go in LUCI to Stats->RealTimeGraphs->Connections, I see there are a lot of DNS queries from the OpenWRT router to the (non-existant) DNS server on port 53. They occur every 60 seconds or so. Why is OpenWRT making all these requests by itself ?!!

openwrt_prob1366×1088 155 KB

Maybe the NTP daemon, which tries to sync the time?

Yet:

It's just doing what you configured it to do.
The DNS lookups button is to enable/disable DNS lookups on that luci page, ie reverse lookup the domain name from the ip address.

opkg update
opkg install tcpdump
tcpdump -evni any port 53

Have you read the whole post?
"Only my computer is existent on this network with IP address (192.168.1.10), no DNS configured."
Having a value means that's the server to go to for a DNS resolve when needed, not that it should go around making requests on its own without a purpose that could be known by the user->me, like another computer in the network requested from it a domain lookup, some daemon in OpenWRT wanted to resolve a DNS for some job, and none of that is here as I said in my post. Otherwise that would be suspicious.
Hence my question

I will check this then feedback

Are you worried because one connection per minute are too much? Or are you worried because you do not know the reason for such requests?

Yes.

Clearly not true as you have your router as well. By default you cannot ssh or access luci from the wan interface (192.168.1.2) so what else have you set up?

Have you checked?

I'm confused...is the OP really wondering why the router is attempting to lookup DNS names (when the OP thinks they failed to configure DNS servers anywhere on the network)...?

Anyways, it's doing what it was configured to do. OK folks, the OP stated:

and

So to be 100% clear, we all see the OpenWrt is querying the existent DNS server. You've failed to state a real issue.

The router is a network user of the DNS then (and it seems you configured it). You went to a page that does DNS lookups, you see the OpenWrt making those lookups. And your confused or concerned...where's the real issue???

• If you disable those lookups using the button on that page and wait, they will disappear
• You also need to disable the NTP client (which looks up DNS names)
• You can also remove the DNS server from the Interface's network configuration, which seems like your real issue - as you write as if it wasn't your desire to configure it in the first place

I already mentioned I have the router, it is imperative that my computer + the router is there. The sentence meant to say that besides my router there was nothing but the computer. And all the talk was about the OpenWRT router's queries anyways. so ... yeah we know the router is big and there ...
why is OpenWRT making uncalled for DNS queries? Still no explanation

The issue is simple, I'm surprised some of you don't get it (some do):
The real issue is to know why does OpenWRT make uncalled for DNS queries??? They don't bother me besides not knowing their source.

The router is a network user. but:

• The page that does DNS lookups , the button there was disabled from the get go. Then I enabled it and disabled it and waited, maybe this would stop them, still there were queries. Never disappeared no matter the button.
• Some already mentioned the NTP client, I will feedback. That could be the only explainable thing
• Irrelevant to the point. The point is to know the source of these suspicious queries.

On some pages LuCI queries rDNS for ARP cache entries and local interfaces no matter the DNS lookup setting.

You can file a ticket if you think this is an issue:

I got it; but you said the server (that you created) didn't exist...so I guess you're actually upset about something else.

Feel free to file a ticket.

I'm worried because I do not know the reason for such requests.
The networks I'm working on have a history of being breached, we have to keep things to a minimum and everything under monitoring.
If the cause for these is known for sure then it would be just a nuisance when monitoring. But it seems nobody knows for sure, I'm still inspecting

It doesn't.
A few points we have gleaned or must be implied:

1. The only device connected is your computer but you clearly stated it is connected to the WAN side of your router.
2. You have configured your router to allow access to luci from WAN
3. You have configured your router's WAN interface for a static IP address and a static DNS server on the WAN network your router defines.
4. You have not stated what else you have configured/installed.
5. You have still not turned off timesync.
6. You have not done any tracing or diagnosis of your own.

There are many things you should be doing....

Apparently not.

Switch off timesync:
Luci / system / system / Time Synchronization / untick Enable NTP Client / Save & Apply

Do a tcp dump on your router:

More:

• You can also enable detailed logging on dnsmasq.

• You can change the ip address of your computer to that of your hypothetical DNS server, then run a network analysis tool on the computer.....

When you ask people for help, you normally don't come back with "have you read the whole post" because that indicates an air of condescending attitude that you are being demanding of someone who may be only trying to help you and who may have been short on time and missed a detail. You can respond back in an infinite manner of ways other than asking someone who is trying to help if they can read. Such responses never go over well. There is an ancient saying that "you can catch more flies with honey than you can with vinegar" so it's a good bit of advice when interacting with other people and it will take you far in both the business world and in personal relationships.