I'm using router with OpenWrt 22.03.2 with a Rasberrypi using Adguard as DHCP and DNS with unbound. So far I don't have any other issues within my LAN I can ping and navigate on internet and between local LAN with my pi and other selfhosted apps.
But I was going to install a package on the router but suddenly couldn't connect to the openwrt servers. I used the diagnostics to ping, traceroute to different domains but I got a negative answer.
So i got into the SSH into the router and used ping to any site like google.com and this is the response:
ping: bad address 'google.com'
Router is on 10.105.10.1
DNS (adguard) is on 10.105.10.2
DHCP on router is turn off.
My network config file
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fdd0:378d:6f27::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.105.10.1'
config interface 'wan'
option device 'eth0'
option proto 'pppoe'
option username 'redacted'
option password 'redacted'
option ipv6 '0'
option peerdns '0'
option delegate '0'
option mtu '1492'
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=60 time=8.895 ms
64 bytes from 8.8.8.8: seq=1 ttl=60 time=4.760 ms
64 bytes from 8.8.8.8: seq=2 ttl=60 time=5.533 ms
You have specified that the router should not use the wan advertised dns servers, but you haven’t specified the dns to be used anywhere.
You can specify DNS in your PPPoE (wan) interface, or you can do it in the dnsmasq configuration. That will be the system DNS, but doesn't have to be the one you use for your normal use. It is often good to have a reliable upstream DNS defined in the router -- a downstream one (that you control) can become a single-point-of-failure.... you can use it, but if it goes down, you will not have DNS resolution anywhere on your network.
If I check on the GUI the interface option I have unchecked the "use dns advertised by peer" but I can use other ones like google, cloudflare, opendns, etc. in the upstream correct?
you are right that I should have a reliable upstream DNS defined in the router. This fixes my problem
I have another question, not sure if you can help me out, if I active the use of dns advertised by peer o I use the ones from the ISP this will cause a dns leak? since I'm using unbound/adguard to have my own dns resolve? or is okay?
Disabling your upstream DNS by unticking the 'Use dns advertised by peer' means you really should define your /routers/ DNS. Your dhcp will still hand out your AdGuard DNS via option 6.
Also you will need a defined dns so you get NTP updates.
It is one of the things I warn about in my thread about installing AGH on your router. I also include a separate WAN DNS script specifically for setting the router DNS to an external provider.
You shouldn't have a dns leak if you clients properly use your AGH dns and also use DNS interception to enforce that. Your router however doesn't need that protection as it will only been needed for updates and NTP.
Thank you very much, now I understand a little better. I will review the recommendations you make and the script too.
I haven't enforced DNS on my local network clients yet, it's something I have to learn to do. Because yeah I don't have sneaky devices jumping over their dns instead the ones I want.
anytime. Just be aware that my thread is aimed at people running AGH on their router so some of it will not be applicable to your setup which is running on a separate device. However it is worth a read to understand how it all works together and to help you get a better understanding of how everything slots together.