@stangri you are right, dnsmasq was updated to 2.88 in snapshot.
Installation
You can find the package here:
https://downloads.openwrt.org/snapshots/packages/aarch64_generic/base/dnsmasq-full_2.88-1_aarch64_generic.ipk
This is for arm64 routers. You can adjust the URL for your architecture. You can check what architecture for packages your router is using by running opkg info dnsmasq
.
I also had to install this package:
https://downloads.openwrt.org/snapshots/packages/aarch64_generic/base/libubox20220927_2022-09-27-ea560134-1_aarch64_generic.ipk
Important: Make sure to install it first, because without it DNS resolution stops working.
Configuration
There is a luci IP Set section in Luci -> DHCP and DNS -> IP Sets
where you can add domains that should be added to an ipset.
But creating an IP Set there does not create the nftables set. You will get this error: user.notice dnsmasq: Cannot infer address family from non-existent nftables set 'XXXXXX'
.
So you must first create the IP Set:
Edit /etc/config/firewall
...
config ipset
option name 'test_uci_set'
option enabled '1'
option match 'ip' # net if you want add a cidr subnet
# Optional
list entry '192.168.2.100'
list entry '192.168.2.102'
You can leave out the list
lines if you don't want to add any manual IPs to the set. This will create an empty set.
Then you can reload the rules and verify the set was created:
# Reload firewall rules
fw4 reload
# Show all sets
nft list sets
# Show the IPs in a specific set. Make sure to adjust to the name of your set.
nft list set inet fw4 test_uci_set
Then go back to Luci -> DHCP and DNS -> IP Sets
and create an IP Set with the same name.
Then resolve some of the hosts in that set and run nft list set inet fw4 test_uci_set
to see if it is updated with the relevant info.