Router wont resolve hostnames to IP addresses, only in its shell script commands... why?

wireless · December 28, 2021, 9:44pm

Hi experts,
writing some shell scripts (on the router itself) which use curl to activate actions on my hosts, I noted that just in this case their names is not resolved and I'm forced to use ip address. Even if I ping these hostnames, openWrt says
ping: bad address "mydomain.com"
Please note thats hostnames refer to a domain I have bought and I use only internally on my lan: all dns requests to it and its subdomains are redirected to my reverse proxy that manages them. this the line in the /etc/config/dhcp

config dnsmasq
       [removed line]
        list address '/mydomain.com/172.16.1.100'

Is not a problem, I'm using ip but I'm courious why and mainly if it is a sign of a bigger problem (I prefer name instead of ip and port... too )
Ideas?

psherman · December 28, 2021, 10:33pm

Just a guess, but I think your OpenWrt router is actually using another DNS resolver, not itself.

what do you get when you issue the following command:
nslookup mydomain.com

wireless · December 29, 2021, 3:35pm

uhm, thanks for the suggested thanks.
The result is:

nslookup mydomain.com
Server:         192.168.1.254
Address:        192.168.1.254#53

Name:      mydomain.com
Address 1: cloudflare...
Address 2: cloudflare...
Address 3: cloudflare...
Address 4: cloudflare...

So, the server ip is that of my wan interface...what does it mean? My devices have the router as dns resolver... and the router itself works with dns-over-https. The cloudflare IP address are there because I managed the domain via cloudflare so I can have free wildcard cert via dns challange.

This is the full /etc/config/dhcp dnsmasq section:

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option confdir '/tmp/dnsmasq.d'
        option noresolv '1'
        option doh_backup_noresolv '-1'
        list server '127.0.0.1#5054'
        list server '127.0.0.1#5053'
        list server '127.0.0.1#5052'
        list doh_backup_server '127.0.0.1#5054'
        list doh_backup_server '127.0.0.1#5053'
        list address '/mydomain.com/172.16.1.100'

psherman · December 29, 2021, 5:57pm

Did you do this from your computer or from the router itself (via an ssh session)? What is the IP address of your OpenWrt router's LAN?

It looks like your DNS queries are still happening over port 53 rather than DoH.

wireless · December 29, 2021, 6:40pm

Hi, thanks for continuing support.
The nslookup came from the router, via ssh. Its ip is 172.16.1.1.
If I try the same command from a debian linux machine directly connected to the router itself, I obtain that the server is 172.16.1.1#53 and it resolve the hostname to ip, giv8ng me the right answer (cannot post it now, I'm on mobile).

psherman · December 29, 2021, 7:08pm

Thanks for confirming.

Fundamentally this confirms that the router is using an upstream resolver rather than using its own resolver. The default configuration of dnsmasq will do what you want, but something happened -- probably related to the DoH setup -- that has caused the device to look upstream for what you hope to be local resolutions.

That said, I am not the right person to help with the dnsmasq configuration with DoH. Hopefully someone else can step in to assist here.