Reverse DNS not working

This is my setup:

Turris Omnia with TurrisOS 5.2.7 / OpenWrt 19 as main router, IP, DNS pointing to
PiHole with IP

The problem is that requests to resolve IPs into hostnames coming from the PiHole receive NXDOMAIN responses for all local devices.

I tried this on the OpenWrt router:


and I get:


** server can't find NXDOMAIN

Normal lookups DO work (IP address is returned, although I don't know what's up with the last "can't find" line and if it's normal):

nslookup sauron.lan


Name:      sauron.lan
Address 1:
*** Can't find sauron.lan: No answer

I expect to receive hostnames based on DHCP static leases.

Here are selections from my configs:


config dnsmasq
        option localise_queries '1'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/'
        option port '0'
        option logqueries '1'
        option domainneeded '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option domain 'lan'
        option local '/lan/'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '72h'
        option force '1'
        list dhcp_option '121,,,,'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option mac 'xx:xx:xx:xx:xx:xx'
        option ip ''
        option name 'sauron'
        option dns '1'

config domain
        option name 'sauron'
        option ip ''



config interface 'loopback'
		option ifname 'lo'
		option proto 'static'
		option ipaddr ''
		option netmask ''

config globals 'globals'

config interface 'lan'
		option type 'bridge'
		option proto 'static'
		option netmask ''
		option ip6assign '60'
		option bridge_empty '1'
		list ifname 'lan0'
		list ifname 'lan1'
		list ifname 'lan2'
		list ifname 'lan3'
		list ifname 'lan4'
		option _turris_mode 'managed'
		option ipaddr ''
		list dns ''
		option ipv6 '0'
		option delegate '0'

config interface 'wan'
		option ifname 'eth2'
		option proto 'pppoe'
		option password 'X'
		option username 'Y'
		option ipv6 '0'

config interface 'guest_turris'
		option enabled '1'
		option proto 'static'
		option netmask ''
		option bridge_empty '1'
		option ipaddr ''
		option type 'bridge'

config interface 'wan6'
		option ifname '@wan'
		option proto 'none'
		option ipv6 '0'

config route
		option interface 'lan'
		option netmask ''
		option gateway ''
		option target ''

config route
		option interface 'lan'
		option netmask ''
		option gateway ''
		option target ''


config resolver 'common'
		list interface ''
		list interface '::0'
		option port '53'
		option keyfile '/etc/root.keys'
		option verbose '0'
		option msg_buffer_size '4096'
		option msg_cache_size '20M'
		option net_ipv6 '1'
		option net_ipv4 '1'
		option prefered_resolver 'kresd'
		option ignore_root_key '0'
		option prefetch 'yes'
		option static_domains '1'
		option dynamic_domains '0'
		option forward_upstream '0'

config resolver 'kresd'
		option rundir '/tmp/kresd'
		option log_stderr '1'
		option log_stdout '1'
		option forks '1'
		option keep_cache '1'

config resolver 'unbound'
		option outgoing_range '60'
		option outgoing_num_tcp '1'
		option incoming_num_tcp '1'
		option msg_cache_slabs '1'
		option num_queries_per_thread '30'
		option rrset_cache_size '100K'
		option rrset_cache_slabs '1'
		option infra_cache_slabs '1'
		option infra_cache_numhosts '200'
		list access_control ' allow'
		list access_control '::0/0 allow'
		option pidfile '/var/run/'
		option root_hints '/etc/unbound/named.cache'
		option target_fetch_policy '2 1 0 0 0'
		option harden_short_bufsize 'yes'
		option harden_large_queries 'yes'
		option qname_minimisation 'yes'
		option harden_below_nxdomain 'yes'
		option key_cache_size '100k'
		option key_cache_slabs '1'
		option neg_cache_size '10k'
		option prefetch_key 'yes'

config resolver 'unbound_remote_control'
		option control_enable 'yes'
		option control_use_cert 'no'
		list control_interface ''





search lan

/etc/hosts localhost

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters	sauron


As you can see from the configs above, I also tried adding entries in LuCi > Hostnames, and in /etc/hosts and "service dnsmasq restart", still no reverse DNS.

Note: although not relevant to the issue, just for full understanding, and are subnets of 2 VPNs that also reside on the PiHole, hence the reason I setup Static Routes in the router.

There is no AAAA record for IPv6.

Regarding your problem, if I understand correctly, you have disabled dnsmasq

and you are using unbound. Does it know how to contact dnsmasq to ask for this address?
In my configuration with dnsmasq only, reverse lookup works fine.

This can be added in /etc/config/dhcp as list dhcp_option '6,' under config dhcp 'lan'


Oh wow, I didn't realise that.

On further documenting, looks like Omnia uses kresd as DNS resolver and only uses dnsmasq for DHCP.

I set the port to 53 under "config dnsmasq" and rDNS now works.

I also found this, but don't think I need to go that complicated route as I actually use the PiHole as DNS resolver anyway. Oddly enough, the "kresd" service appears disabled in Luci > System > Startup, but appears to run as a process:

ps aux | grep kresd
kresd    27366  0.1  0.3  31324  7276 ?        S<   16:43   0:00 /usr/sbin/kresd --noninteractive -c /tmp/kresd.config /tmp/kresd

I'll try to see if there's anything else to disable related to kresd (just to free up resources on the router) and document further on this.

Thank you very much! I kind of suspected this is a specific Turris thing but didn't appear obvious, sorry for the trouble.

You're welcome! Just keep in mind that troubleshooting the turris image is out of the scope of this forum.

1 Like


After killing kresd, I started noticing this in the system log:

/ DHCP add new hostname [netprinter,]
/ Kresd is probably not running no socket found.

So I went the other route as suggested by Turris, and:

  • set dsmasq port to 5353 in /etc/config/dhcp
  • edit /etc/config/resolver, add option include_config '/etc/kresd/custom.conf' under config resolver 'kresd'
  • create /etc/kresd/custom.conf containing:
local lan_rule = policy.add(policy.suffix(policy.STUB(''), policy.todnames({'lan',''})))
table.insert(policy.rules, 1, lan_rule)

local vpn_main_rule = policy.add(policy.suffix(policy.STUB(''), policy.todnames({'lan',''})))
table.insert(policy.rules, 2, vpn_main_rule)

local vpn_restricted_rule = policy.add(policy.suffix(policy.STUB(''), policy.todnames({'lan',''})))
table.insert(policy.rules, 3, vpn_restricted_rule)

to cover LAN + VPNs resolving.

(I hope the syntax is correct, kresd didn't complain)


service dnsmasq restart
service kresd restart

Also added hostnames for VPN IPs (I configured OpenVPN to allocate static IPs to clients) to Luci > Network > Hostnames (which adds config domain entries in /etc/config/dhcp) so they would be resolved too by the router.

Only tested the setup for LAN resolving, so take the VPN setup with a grain of salt.

I was surprised that the first option of running both dnsmasq and kresd on the same port worked, as

netstat -ulnp | grep :53

gave this:

udp 0 0* 8152/kresd
udp 0 0* 3159/dnsmasq
udp 0 0* 3159/dnsmasq

It probably worked because the interfaces are different, and 0:0:0:0 is the last one responding in the precedence order.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.