PiHole - Forced DNS redirect using OpenWrt will log most of the clients as 'openwrt' instead of the real client name

Noisemaker · May 6, 2024, 8:37am

Hi guys,
when I set up openwrt I set as DNS my PiHole server and, due to some devices ignoring the DNS advice sent by router, I read some articles to setup forced DNS redirection to the PiHole server:

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns
and

Redirection seems working but in PiHole I have a lot of entries with name 'openwrt' as client name instead of the real one, probably due to the request come from the router after redirection.

Is it possible to keep the real client name? Am I doing something wrong in the setup?
Any help is apreciated

trendy · May 6, 2024, 8:47am

You're not doing anything wrong. The logs with OpenWrt are either initiated from OpenWrt or hijacked from OpenWrt. This happens because of the SNAT rule that replaces the source IP of the packet from that of the host into that of the OpenWrt. If you don't do that, the reply will come directly from Pihole source IP, which will be noticed by the DNS client of the sender.
Possible solution is to move Pihole to separate network, where SNAT is no longer needed.

darksky · May 6, 2024, 6:57pm

I have mine setup like this but am getting hostnames resolving fine. Do you have a reverse server setup? Pihole>settings>DNS:

My router which handles DNS is 10.9.8.1 and my subsets are defined in the local network. Not sure if this is helpful for your setup.

LilRedDog · May 6, 2024, 7:10pm

This isn't a Pi-hole forum but there seems to be some confusion where you are seeing OpenWrt as the client name:
You are seeing that in Pi-hole's dashboard near the bottom in the client list box, correct?

Have you enabled conditional forwarding in Pi-hole's settings/DNS.
Read the read-me and if that does not fix your issue you should ask in the Pi-hole forum.

~~Prima facia it looks like your LOCAL NETWORK IN CIDR NOTATION [10.9.0.0/16] is wrong and should be 10.9.8.0/24~~ Sorry, I was looking at @darksky's config.

frollic · May 6, 2024, 8:01pm

The issue are the devices and apps ignoring the DNS IPs you provide, have you got any of those ?

darksky · May 6, 2024, 8:15pm

I haven't seen that. I am advertising pihole's IP as the DNS:

/etc/config/dhcp
...
config dhcp 'lan'
  option interface 'lan'
  option start '100'
  option limit '150'
  option leasetime '12h'
  option dhcpv4 'server'
  list dhcp_option '6,10.0.4.250'
...
(repeated for each interface)

And using a firewall redirect to force it:

/etc/config/firewall
...
config redirect
  option target 'DNAT'
  option name 'Intercept-DNS'
  option src 'lan'
  option src_dport '53'
  option dest_ip '10.0.4.250'
  option dest 'lxc'
  option dest_port '53'
...
(repeated for each interface)

frollic · May 6, 2024, 8:37pm

What part ?

The request, or their origin ?

darksky · May 6, 2024, 11:43pm

I don’t understand what you’re asking

Noisemaker · May 7, 2024, 12:47pm

Sorry if I was not clear enought while explain the issue. In addiction I asked on openwrt forum due to I performed the "force-dns setup" in my openwrt router using the tutorials I linked in the first post.

I try to explain better the issue:
my router: 192.168.1.1
pihole DNS server: 192.168.1.2
In openwt i set the pihole IP as DNS server to broadcast in DHCP.
I used the firewall redirect in openwrt to force some devices, those ignoring the DNS server broadcasted by DHCP, to use PiHole (basically any request on port 53 with IP different from the pihole's one will be redirected to pihole)

On pihole dashboard I see some devices with their real name (probably those ones that using DNS server from DHCP), but most of request are identified as "openwrt.lan".

I though that, due to firewall redirection, the original device name who made the request is overwritten/changed in some way and the final DSN request to pihole appear as generated by the router instead of the device.
So I asked if there's any misconfiguration on my openwrt firewall to change to keep the original device name

frollic · May 7, 2024, 12:56pm

AFAIK the reply you got from @trendy was correct.

LilRedDog · May 7, 2024, 9:57pm

Why would you presume that?
I, specifically, told you why you are seeing this.

So, now, I'm going to, officially, ask you to move to the Pi-hole community; since:
A) this has nothing to do with OpenWrt.
B) You are wasting your time here asking OpenWrt to solve a Pi-hole configuration that is , literally, explained in Settings/DNS portal page.

trendy · May 8, 2024, 2:48pm

These are reverse DNS lookups that Pihole asks OpenWrt to resolve the name of the device which made a query. And since OpenWrt is hijacking the queries that don't go towards Pihole, its name appears as originator of the query, as I explained already, but no one (but @frollic ) seems to notice.

frollic · May 8, 2024, 2:49pm

I did !

trendy · May 8, 2024, 2:54pm

Right! I fixed it!

system · May 18, 2024, 2:55pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.