Router can't ping or connect to other public domains, but LAN can


I'm using router with OpenWrt 22.03.2 with a Rasberrypi using Adguard as DHCP and DNS with unbound. So far I don't have any other issues within my LAN I can ping and navigate on internet and between local LAN with my pi and other selfhosted apps.

But I was going to install a package on the router but suddenly couldn't connect to the openwrt servers. I used the diagnostics to ping, traceroute to different domains but I got a negative answer.

So i got into the SSH into the router and used ping to any site like and this is the response:
ping: bad address ''

Router is on
DNS (adguard) is on

DHCP on router is turn off.

My network config file

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fdd0:378d:6f27::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'
        list ports 'eth4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask ''
        option ipaddr ''

config interface 'wan'
        option device 'eth0'
        option proto 'pppoe'
        option username 'redacted'
        option password 'redacted'
        option ipv6 '0'
        option peerdns '0'
        option delegate '0'
        option mtu '1492'

My resolve conf

search lan
nameserver ::1

and my dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option limit '50'
        option leasetime '8h'
        option start '200'
        list dhcp_option '6,,'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

is something wrong probably but is always DNS right?

what happens if you ping from the router?

1 Like

I got response from the router

PING ( 56 data bytes
64 bytes from seq=0 ttl=60 time=8.895 ms
64 bytes from seq=1 ttl=60 time=4.760 ms
64 bytes from seq=2 ttl=60 time=5.533 ms

So it is a dns issue.

You have specified that the router should not use the wan advertised dns servers, but you haven’t specified the dns to be used anywhere.

You can specify DNS in your PPPoE (wan) interface, or you can do it in the dnsmasq configuration. That will be the system DNS, but doesn't have to be the one you use for your normal use. It is often good to have a reliable upstream DNS defined in the router -- a downstream one (that you control) can become a single-point-of-failure.... you can use it, but if it goes down, you will not have DNS resolution anywhere on your network.


I see, that makes sense.

If I check on the GUI the interface option I have unchecked the "use dns advertised by peer" but I can use other ones like google, cloudflare, opendns, etc. in the upstream correct?

you are right that I should have a reliable upstream DNS defined in the router. This fixes my problem

I have another question, not sure if you can help me out, if I active the use of dns advertised by peer o I use the ones from the ISP this will cause a dns leak? since I'm using unbound/adguard to have my own dns resolve? or is okay?

Disabling your upstream DNS by unticking the 'Use dns advertised by peer' means you really should define your /routers/ DNS. Your dhcp will still hand out your AdGuard DNS via option 6.

Also you will need a defined dns so you get NTP updates.

It is one of the things I warn about in my thread about installing AGH on your router. I also include a separate WAN DNS script specifically for setting the router DNS to an external provider.

You shouldn't have a dns leak if you clients properly use your AGH dns and also use DNS interception to enforce that. Your router however doesn't need that protection as it will only been needed for updates and NTP.


Hey Mercy!

Thank you very much, now I understand a little better. I will review the recommendations you make and the script too.

I haven't enforced DNS on my local network clients yet, it's something I have to learn to do. Because yeah I don't have sneaky devices jumping over their dns instead the ones I want.

Thanks a lot!

1 Like

anytime. Just be aware that my thread is aimed at people running AGH on their router so some of it will not be applicable to your setup which is running on a separate device. However it is worth a read to understand how it all works together and to help you get a better understanding of how everything slots together.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.