Prevent some dns queries from going to the upstream resolver

I have some hosts in my lan, that have their FQDN configured in openwrt (network > hostnames in luci) with their local ip address, so when you resolve said fqdn (for example host1.domain.com) on my lan, openwrt responds with the configured static hostname, which is said device ip on the lan.

Those hosts should also be reachable from the internet, so the FQDN is also resolvable on the internet. Its a CNAME record. That cname is pointing to an A record that follows my router's ip (using ddns-scripts). So if i try to resolve host1.domain.com on the internet, the response is a cname, pointing to ddns.domain.com that is resolved to my router's public ip.

The problem is sometimes a host in my lan does an AAAA query for host1.domain.com and since dnsmask cant resolve that (i have only configured ipv4 address) the dns request is forwarded to the upstream resolver, which responds with the CNAME.

This response is cached so from now on dnsmasq responds with the router's public ip address, instead of the local ip of the host.

So, how can i avoid request for host1.domain.com going upstream?

PS: more info: all incoming http and https request to my router (from WAN) go to a nginx proxy that forwards the request to the appropriate host in my land depending on the hostname. The "problem" is that host1.domain.com is a unifi controller, so from the internet i only need to access its web interface, but unifi devices comunicate with the controller using a propietary protocol, using different ports, so when a local device tries to reach the unifi controller (host1.domain.com) i need said devices to directly communicate with the unifi controller, not the nginx proxy or my router's public ip address, and this mostly works, but when the cname is cached everything breaks.

Set up static leases for both IPv4 and IPv6 or ignore the AAAA queries:

uci add_list dhcp.@dnsmasq[0].address="/example.org/192.168.1.2"
uci add_list dhcp.@dnsmasq[0].address="/example.org/"
uci commit dhcp
/etc/init.d/dnsmasq restart
4 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.