Right way to change the DNS

I'm new to OpenWRT and I would like to know right way to change the DNS (ipv4 and ipv6), I tried some settings but not all worked

I need to change her on Lan or Wan ?

Thanks

1 Like

What did you try?
You can add them in wan

If you use LuCi, network, interface,wan, advanced setting
unchecked Use DNS servers advertised by peer and add your dns.

or from Cli; as exemple

# Configure DNS provider
uci -q delete network.wan.dns
uci add_list network.wan.dns="9.9.9.9"
uci add_list network.wan.dns="1.1.1.1"
 
 # Disable peer DNS
uci set network.wan.peerdns="0"

 # Save and apply
uci commit network
service network restart

This is THE basic method I would say, the simplest.

3 Likes

For the clients, option 6 from https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dhcp_options.

2 Likes

network > dhcp and dns > forwards > dns forwards

And I put both DNS (IPv4/IPv6) here

1 Like

If you have IPv6 you'll need to disable peerdns in the wan6 section as well so that the DNS advertised by the ISP is not added to the list.

With one instance of dnsmasq there is only one list of default external DNS servers. They are used equally in a round-robin / failover fashion. It doesn't matter where you put a list dns but it makes the most sense to put them in a wan interface configuration block.

3 Likes

I followed steps above network > interface > wan > advanced settings > uncheck "Use DNS servers advertised by peer" and put ipv4 dns (1.1.1.1 , 1.0.0.1), apparently it worked because in OVERVIEW > Network it is showing dns 1 and dns 2 on IPv4 Upstream

Then I did the same steps and went to wan6 then I put the dns (2606:4... 1111, 2606:4... 1001) but nothing appears in OVERVIEW > NETWORK IPv6 Upstream

something missing ?

It should work normally. Please post your network configuration.

1 Like

My wan6 does not have "Use DNS servers advertised by peer": it has "Use custom DNS servers"...

Where did you edit again?

1 Like

Yes but still can't receive DNS Cloudflare on IPv6

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Then let's see the results of this:

1 Like
ubus call system board

root@OpenWrt:~# ubus call system board
{
"kernel": "5.15.150",
"hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "TP-Link Archer C6 v3",
"board_name": "tplink,archer-c6-v3",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "ramips/mt7621",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}

cat /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fde0------::/48'
option packet_steering '1'

config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option ip6assign '60'

config interface 'wan'
option device 'wan'
option proto 'pppoe'
option username '-------'
option password '-------'
option ipv6 'auto'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'

config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'

cat /etc/config/dhcp

config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option dns_service '0'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

cat /etc/config/firewall

config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'

config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'

config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'

Are any of those IPv6 servers?

No, all ipv4

Well, that is unusual.

Go here and see if it detects an IPv6 address.

Yes

Your IPv6 address on the public Internet appears to be ...

Since you have IPv6, we are including a tab that shows how well you can reach other IPv6 sites.

Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access.

====

My ISP ONU is a ZTE F612, maybe some conf that's causing this problem ?

There is a config problem but I do not see it in the configs.

The IPv6 DNS syntax look correct, to me.

Maybe the problem is with my ISP ?

I have access to my ONU in case you need to see any conf

Somebody else will look over your configs.

I have no reason to blame the ISP; its DNS server showed up but it is not being used (according to DNSLeak).

Maybe try changing network settings to...

config interface 'wan'
option device 'wan'
option proto 'pppoe'
option username '-------'
option password '-------'
option ipv6 '1' <----- change here
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'

config interface 'wan6'
option device '@wan' <----- change here
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'

As seen in https://openwrt.org/docs/guide-user/network/ipv6/configuration#native_ipv6_connection

3 Likes