Provide dns server to connected clients automatically

is there a way that openwrt uses isp provide dns server by default to all connected clients? (pppoe connection)
for example: if i use tp link firmware, tp link router automatically provides the isp provide dns to all connected clients.
but in openwrt i have to manually set dhcp option to provide dns to clients.
is there a automatic way?

By default, the OpenWrt router will act as a DNS cache, using the DNS provided by the ISP, and acting as a DNS for the local network.


it doesnt.

It doesn't what?

for example:
my isp's dns are
but by default, openwrt provide dns to all the connected devices.

so,when connected devices do not use isp's dns, they cant get access to isp's ftp website/ live tv website

You can define to be the upstream resolver for dnsmasq (
Which should be automatically set, anyway, when having pppoe as wan.
Then no need for dhcp option. And you keep the benefit of dnsmasqs DNS-cache.

brother can you elaborate? please?
actually i dont get how i can do it.
please tell me in details. please

Your default config is indeed using the upstream DNS provided by the ISP. To repeat what @eduperez said,

  1. OpenWrt acquires the upstream DNS IP address from your ISP.
  2. It then configures its local instance of dnsmasq to use that for all queries.
  3. OpenWrt then tells your local clients to use the router's IP,, for DNS.
  4. When a client needs a name lookup, it goes to, which then goes out to the ISP's DNS server.

So, you are indeed using the ISP's server.

But, you ask, why is the router doing this extra step with dnsmasq? Because dnsmasq creates a local cache of all queries, so if you rapidly look up '' 10 times in a row, it only needs to hit the ISP server once, then all subsequent queries are answered out of the router's cache.


ok. but why-

1.if i don not set up lan-> dhcp options-> 6, ( my isp dns), i can not visit the isp's ftp site/ live tv site.
[in this settings all connected device show dns as]

2.but if i set up lan-> dhcp options-> (6,, then all connected device can visit isp ftp and live tv site.
[in this settings all connected device show dns as]

if opnewrt is by default using my isp dns, then why in default configuration i cant visit my isp's website?

( my isp told me.if i want to use their movie server site/ live tv site, i have to set their dns in my tp link default firmware there was a option- use isp dns site, i click on that and everything was ok. But in openwrt firmware, i cant figure out how to set this settings)

Could be that the ISP's dhcp server is not providing that IP address as the real upstream server, which would give the results you describe. You could manually enter IP into the dnsmasq configuration, third red box below and see if helps. Make sure to click the "+" button, then do "Save & Apply" after you enter the IP address.

Also try various settings of the "Domain required" and "Authoritative" to see if that changes anything. If the tv/ftp site name is local, without any "."s in it, then the "Domain required" should be off.


bro thank u so much. i put the isp's dns into dhcp& dns-> dns forwarding and then nothing happened .
then i turned off "Rebind Protection" and it worked.

do u know why turning rebind protection worked for me in my case?

Do that servers your ISP provides by any chance have private IP addresses and you appen to have the "rebind protection" checked?


after turning off rebind protection, it worked.

Ha, that's what I thought.

The domains your ISP uses point to private IP addresses.


OpenWRT asks its upstream DNS server about an IP address for a host.
The resonse points to one of those IP addresses.

OpenWRT assumes: That's not right, private IP addresses are meant to be private and never be a vali response from an upstream DNS server. Discard that response and treat it as "no answer given".

1 Like

thank you so much :blush:

I would suggest that if @golialive's excellent sleuthing alone provides the solution, that you revert any other changes, especially that bit about manually adding the DNS server IP (remove the explicit "DNS Forwardings", if you haven't already). If you can make it work without that, then when the ISP changes its servers (they will!), the new DNS server IP will be picked up automatically and you won't have to figure out what broke (again).


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.