I'm running PBR to split network traffic between my ISP and a VPN using wireguard. I have a single device running through wireguard called "box" assigned to a static local IP address so that other devices on the network can reach it at box.lan
. In order to accomplish this, I'm using dnsmasq:
# /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list address '/box.lan/192.168.1.XXX'
This works great, except that box
is using a different dns provider for/from my VPN:
# /etc/config/dhcp
config host
option name 'box'
option mac 'XXXXXXXXXXXXX'
option ip '192.168.1.XXX'
config mac 'test'
option mac 'XXXXXXXXXXXXX'
option networkid 'wireguard'
list dhcp_option '6,DNS_PROVIDED_BY_VPN'
This makes sense: because box
is using another DNS provider and not just pointing to the router, it never hits dnsmasq. Running an nslookup
on other devices confirms this: they're pointed to the router and resolve box.lan
correctly.
The question is what is the best way to have box
itself resolve box.lan
to its own IP? Is there something I can do within OpenWRT to accomplish this? Is it better just to handle it with box
's own /etc/hosts
file? To be clear, everything except this .lan
routing is working correctly in terms of DNS resolution. What I want to do is have box
resolve box.lan
correctly.
Note: box.lan
runs a reverse proxy service for web apps that are only accessible on our LAN (ex. Plex)