Router won't use local DNS server

chb · November 30, 2020, 12:04am

root@openwrt:/var/log# nslookup google.com
;; connection timed out; no servers could be reached

But specifying the local DNS server:

root@openwrt:/var/log# nslookup google.com 192.168.1.119
Server:         192.168.1.119
Address:        192.168.1.119#53

Name:      google.com
Address 1: 172.217.13.78
Address 2: 2607:f8b0:4004:809::200e

This same local DNS server is configured on the WAN interface (along with a backup):

root@openwrt:/var/log# uci show network.wan.dns
network.wan.dns='192.168.1.119' '1.1.1.1'

As well as in /etc/resolv.conf:

root@openwrt:/var/log# cat /etc/resolv.conf
192.168.1.119

dnsmasq config:

root@openwrt:/var/log# uci -N show dhcp.@dnsmasq[0]
dhcp.cfg01411c=dnsmasq
dhcp.cfg01411c.domainneeded='1'
dhcp.cfg01411c.localise_queries='1'
dhcp.cfg01411c.rebind_protection='1'
dhcp.cfg01411c.rebind_localhost='1'
dhcp.cfg01411c.local='/lan/'
dhcp.cfg01411c.expandhosts='1'
dhcp.cfg01411c.authoritative='1'
dhcp.cfg01411c.leasefile='/tmp/dhcp.leases'
dhcp.cfg01411c.localservice='1'
dhcp.cfg01411c.port='0'
dhcp.cfg01411c.logqueries='1'
dhcp.cfg01411c.filterwin2k='1'
dhcp.cfg01411c.resolvfile='/etc/resolv.conf'
dhcp.cfg01411c.allservers='0'

Would be grateful for any insight into how I've misconfigured the system.

farr4744 · November 30, 2020, 1:05am

Checkout this page on the wiki: https://openwrt.org/docs/guide-user/base-system/dhcp_configuration

Note the two sections directly below including what I've copied and pasted below. Of course you would substitute your preferred DNS in lieu of what is in the example:

Send custom DNS servers with DHCP.

# Configure dnsmasq
uci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,8.8.8.8,8.8.4.4"
 
# Configure odhcpd
uci -q delete dhcp.lan.dns
uci add_list dhcp.lan.dns="2001:4860:4860::8888"
uci add_list dhcp.lan.dns="2001:4860:4860::8844"
 
# Save and apply
uci commit dhcp
/etc/init.d/dnsmasq restart
/etc/init.d/odhcpd restart

trendy · November 30, 2020, 10:31am

These instructions are for advertising GoogleDNS to the lan hosts as nameserver.

@chb you have enabled rebind protection which will discard answers from nameservers with private IPs. Disable it and it will work.

vgaetera · November 30, 2020, 10:56am

Rebind protection allows replies from private IPs, but discards replies pointing to private IPs.

VincentR · November 30, 2020, 11:04am

Your resolv.conf is badly formatted. It should use the nameserver directive in front of the DNS server IP. Typically, there is also a search directive for the local domain in there.

If you wrote it manually, just change it.
This resolv.conf is typically generated using the DHCP information received when connecting to the network. If you want the correct DNS server populated automatically, make sure the DHCP server sends the correct information to its clients (one of which is your OpenWRT router).

chb · December 1, 2020, 1:53am

Many thanks for the replies, sincerely. It's a forum like this that has made using OpenWRT a great experience.

@VincentR has an eagle eye: the missing nameserver directive was indeed the problem.

system · December 11, 2020, 1:53am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.