Prevent some dns queries from going to the upstream resolver

I have some hosts in my lan, that have their FQDN configured in openwrt (network > hostnames in luci) with their local ip address, so when you resolve said fqdn (for example on my lan, openwrt responds with the configured static hostname, which is said device ip on the lan.

Those hosts should also be reachable from the internet, so the FQDN is also resolvable on the internet. Its a CNAME record. That cname is pointing to an A record that follows my router's ip (using ddns-scripts). So if i try to resolve on the internet, the response is a cname, pointing to that is resolved to my router's public ip.

The problem is sometimes a host in my lan does an AAAA query for and since dnsmask cant resolve that (i have only configured ipv4 address) the dns request is forwarded to the upstream resolver, which responds with the CNAME.

This response is cached so from now on dnsmasq responds with the router's public ip address, instead of the local ip of the host.

So, how can i avoid request for going upstream?

PS: more info: all incoming http and https request to my router (from WAN) go to a nginx proxy that forwards the request to the appropriate host in my land depending on the hostname. The "problem" is that is a unifi controller, so from the internet i only need to access its web interface, but unifi devices comunicate with the controller using a propietary protocol, using different ports, so when a local device tries to reach the unifi controller ( i need said devices to directly communicate with the unifi controller, not the nginx proxy or my router's public ip address, and this mostly works, but when the cname is cached everything breaks.

Set up static leases for both IPv4 and IPv6 or ignore the AAAA queries:

uci add_list dhcp.@dnsmasq[0].address="/"
uci add_list dhcp.@dnsmasq[0].address="/"
uci commit dhcp
/etc/init.d/dnsmasq restart

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.