Resolving DNS queries

techiedroid221 · April 23, 2026, 3:09pm

I am unable to complete a ping on my openwrt device in the Diagnostics tab, although my clients connected to it, can resolve domain names. What do I need to modify to get local dns resolving?

frollic · April 23, 2026, 3:11pm

Are you using AGH ?

In that case, AdGuard Home, opkg and ping on router not working - #7 by frollic.

techiedroid221 · April 30, 2026, 5:47pm

I am not running AGH.

frollic · April 30, 2026, 6:15pm

Using ssh run nslookup google.comon the router, post the complete output.

techiedroid221 · May 1, 2026, 4:18pm

`Server: 127.0.0.1
Address: 127.0.0.1:53

** server can't find google.com: REFUSED

** server can't find google.com: REFUSED`

frollic · May 1, 2026, 4:22pm

Have you changed your dnsmasq settings?

techiedroid221 · May 1, 2026, 4:28pm

No, how do I do that? I have a internal dns server that I'd like to point to.

lleachii · May 1, 2026, 6:12pm

Did you make any settings in attempts to use this server?

techiedroid221 · May 1, 2026, 6:37pm

still learning openwrt. I configured the gateway on my lan interface. Other than that, I don't recall setting up any dns settings.

lleachii · May 1, 2026, 6:39pm

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

techiedroid221 · May 1, 2026, 7:09pm

ubus call system board
{
	"kernel": "6.12.74",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 0 (v7l)",
	"model": "Netgear Nighthawk X4S R7800",
	"board_name": "netgear,r7800",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "25.12-SNAPSHOT",
		"firmware_url": "https://downloads.openwrt.org/",
		"revision": "r32806-b2685cef6a",
		"target": "ipq806x/generic",
		"description": "OpenWrt 25.12-SNAPSHOT r32806-b2685cef6a",
		"builddate": "1774688361"
	}
}
root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	list ipaddr '127.0.0.1/8'

config globals 'globals'
	option dhcp_default_duid '<redacted>'
	option ula_prefix '<redacted>'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	list ipaddr '<redacted>'
	option ip6assign '60'
	option multipath 'off'
	option gateway '<redacted>'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option multipath 'off'
	option peerdns '0'
	list dns '<redacted>'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

root@OpenWrt:~# cat /etc/config/wireless 

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/1b500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option band '5g'
	option channel '36'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
	option disabled '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'soc/1b700000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0'
	option band '2g'
	option channel '1'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
	option disabled '1'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid '<redacted>'
	option encryption 'psk2'
	option key '<redacted>'
	option network 'lan'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid '<redacted>'
	option encryption 'psk2'
	option key '<redacted>'
	option network 'lan'

root@OpenWrt:~# cat /etc/config/dhcp 

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'disabled'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/odhcpd.leases'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
	option piodir '/tmp/odhcpd-piodir'
	option hostsdir '/tmp/hosts'

root@OpenWrt:~# cat /etc/config/firewall 

config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'DROP'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include 'bcp38'
	option type 'script'
	option path '/usr/lib/bcp38/run.sh'

lleachii · May 1, 2026, 7:37pm

You may wish to upgrade to 25.12.2.

Remove gateway on LAN. Generally, only your WAN interface has a gateway (i.e., the connection to your ISP).
The ipaddr should be a RFC1918 private IP, no need to redact (by default it's 192.168.1.1)
Did you edit the multipath setting?

I assume this is a valid public DNS server?

techiedroid221 · May 1, 2026, 7:40pm

so this device is more just a WAP. There's no WAN connection. If that makes sense.
It's a internal dns resolver device.

lleachii · May 1, 2026, 7:44pm

I assume this was in response to my gateway comment?

Assuming that your only connection is on LAN:

Delete WAN and WAN6
Add a DNS server setting to LAN
Keep the gateway config on LAN
Verify the gateway IP matches the IP of your upstream router

frollic · May 1, 2026, 7:45pm

If you use static IP, you have to set DNS and GW yourself on br-lan.

Or configure br-lan as DHCP client.

techiedroid221 · May 1, 2026, 7:50pm

Done. openwrt now resolves. I can now also pull updates!
How do I do all package updates at once, instead of individual ones? I see in the software tab -> updates tab -> lots of "Upgrade" buttons, but can I do all of them in one run?

lleachii · May 1, 2026, 7:51pm

Don't!

Upgrade to 25.12.2 instead.

<canned_reply>
Upgrading packages (via the CLI opkg upgrade/apk upgrade commands or the LuCI Upgrade... button) can result in major problems. It is generally highly discouraged, unless you know what you are doing or if there is specific instruction to do so.

techiedroid221 · May 1, 2026, 7:56pm

Sorry for my naivety. so I flash the new firmware to my device? I thought there was an easy path to auto-update to the latest version?

frollic · May 1, 2026, 8:09pm

They never "auto update", but they will tell you when there's a new release out (starting 25.12) and ask you if you want to update.

lleachii · May 1, 2026, 8:45pm