So my Pi5 is in the normal LAN with the ethernet jack and in the IOT VLAN via WiFi on both with static IPs and leases.. now I am wondering:
could having the same hostname for both VLANs be a problem? (The device is in both VLANs at the same time, as a coordinator for the IOT stuff and accespoint to the IOT stuff from LAN.. and a few other things)
^Also wondering cause the active DHCP Leases page only shows one of the interfaces being connected, although both work
I heard rumors you can nowadays configure it also via Luci but not sure...
In general, you need a dedicated dnsmasq instance for each vlan, each with its own domain.
Then you need an instance only listening on loopback.
Now each client asked the vlan instance dnsmasq, and each forwards to the loopback instance, and the loopback instance forwards to all vlan domains...
Huh I think I get what you trying to tell me.. do you maybe have some guidance on how I would set that up?
(This is my first time working with OpenWRT)
EDIT:
So I found in the GUI where I can create multiple instances, but I'm kinda lost on how I bind an instance to a VLAN
1 Like
Should be sound like bind interface or listen on.... I have no experience with using Luci...
You should be able to select it on the instance config
alright.. so I think I got everything but I am a bit confused on the instance on the loopback interface.. what do I need that for and how would I setup the proper forwarding?
The instance on loopback has no DHCP config only DNS resolver function.
The forwarding looks like /vlan.domain.TLD/server address/
And for each vlan domain you set the routers vlan interface address, where the vlan dnsmasq instance is running
thanks for the help so far!
Do you maybe have a sample config file I could build off of? Cause I don't really want to just try stuff out and blow up my network in the process...
@MrGcGamer please reply next time directly to my post if you want me to read it. A user is not automaticly notified just because the user has participated in a thread. just for your information...
and as you see with a user mention as @MrGcGamer or @_bernd you can wave for attention, too. 
Back to topic. Pardon me, but I have not that much time to remove all the bloat. I would guess most of my paths are there because of non conflicting paths; but when they are specified it has to be a reason. My configs don't set defaults, by default. Should at least...
EDIT: Attention! I write to a local disk, because its an ssd. If you are using a flash rom based device you will wear(?) out the flash quiet easily. Better to write to a path in the tmpfs.
# /etc/config/dhcp
config dnsmasq 'loopback_dns'
option domain 'home.arpa'
option local '/home.arpa/'
option addnmount '/usr/local/var/run'
option leasefile '/dev/null'
option resolvfile '/usr/local/var/run/resolv.conf.d/resolv.conf.auto'
list interface 'loopback'
list rebind_protection '0'
list rebind_domain '/home.arpa/'
option add_local_domain '1'
option add_local_fqdn '0'
option fqdn '1'
option localservice '0'
option cachesize '10000'
option dnsforwardmax '10000'
option logqueries '0'
config cname
option cname 'ntp.home.arpa.'
option target 'cpe.home.arpa.'
config srvhost
option srv '_ntp._udp.home.arpa.'
option target 'ntp.home.arpa.'
option port '123'
# ...
config dnsmasq 'vlan16_dns'
option domain 'net.mgmt.home.arpa'
option local '/net.mgmt.home.arpa/'
option addnmount '/usr/local/var/run'
option leasefile '/usr/local/var/run/dhcp.leases.vlan16'
list interface 'vlan16'
list notinterface 'loopback'
list server '192.168.0.1'
list rebind_protection '0'
list rebind_domain '/home.arpa/'
option add_local_domain '0'
option add_local_fqdn '0'
option fqdn '1'
option localservice '0'
option cachesize '10000'
option dnsforwardmax '10000'
option logqueries '0'
config dhcp 'vlan16'
option interface 'vlan16'
option instance 'vlan16_dns'
option dhcpv4 'server'
option start '32'
option limit '215'
list dhcp_option 'option:dns-server, 192.168.16.1'
list dhcp_option 'option:domain-name, net.mgmt.home.arpa.'
list dhcp_option 'option:ntp-server, 192.168.0.1'
list dhcp_option '100,UTC' # PCode
list dhcp_option '101,UTC' # TCode
list dhcp_option 'option:domain-search, net.mgmt.home.arpa.'
option dhcpv6 'server'
list dhcp_option 'option6:dns-server, [fde6:a09a:b373:10::1]'
list dhcp_option 'option6:domain-search, net.mgmt.home.arpa.'
list dhcp_option 'option6:ntp-server, ntp.home.arpa.'
option leasetime '12h'
option logdhcp '1'
option ra 'server'
option ra_slaac '1'
option ra_useleasetime '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1
# ...
config dnsmasq 'vlan65_dns'
option domain 'user.clients.home.arpa'
option local '/user.clients.home.arpa/'
option addnmount '/usr/local/var/run'
option leasefile '/usr/local/var/run/dhcp.leases.vlan65'
list interface 'vlan65'
list notinterface 'loopback'
list server '192.168.0.1'
list rebind_protection '0'
list rebind_domain '/home.arpa/'
option add_local_domain '0'
option add_local_fqdn '0'
option fqdn '1'
option localservice '0'
option cachesize '10000'
option dnsforwardmax '10000'
option logqueries '0'
config dhcp 'vlan65'
option interface 'vlan65'
option instance 'vlan65_dns'
option dhcpv4 'server'
option start '32'
option limit '215'
list dhcp_option 'option:dns-server, 192.168.65.1'
list dhcp_option 'option:domain-name, user.clients.home.arpa.'
list dhcp_option 'option:ntp-server, 192.168.0.1'
list dhcp_option 'option:posix-timezone,CET1CEST2,M3.5.0,M10.5.0/3'
list dhcp_option 'option:tzdb-timezone,Europe/Berlin'
list dhcp_option 'option:domain-search, user.clients.home.arpa.'
option dhcpv6 'server'
list dhcp_option 'option6:dns-server, [fde6:a09a:b373:41::1]'
list dhcp_option 'option6:domain-search, user.clients.home.arpa.'
list dhcp_option 'option6:ntp-server, ntp.home.arpa.'
option leasetime '12h'
option logdhcp '1'
option ra 'server'
option ra_slaac '1'
option ra_useleasetime '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1'
# ...
# /etc/dnsmasq.conf
server=/home.arpa/192.168.0.1
server=/home.arpa/fde6:a09a:b373::1
server=/net.mgmt.home.arpa/192.168.16.1
server=/net.mgmt.home.arpa/fde6:a09a:b373:10::1
# ...
server=/user.clients.home.arpa/192.168.65.1
server=/user.clients.home.arpa/fde6:a09a:b373:41::1
# ...
And I have on /etc/hosts a record for each interface (IPv4 and IPv6) of the router and a fqdn mapping it.
If I remember correctly that are all moving parts...
I confirmed it's still working!
bernd@hiten ~ $ dig hiten.user.clients.home.arpa
; <<>> DiG 9.20.15 <<>> hiten.user.clients.home.arpa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65144
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;hiten.user.clients.home.arpa. IN A
;; ANSWER SECTION:
hiten.user.clients.home.arpa. 0 IN A 192.168.65.185
;; Query time: 0 msec
;; SERVER: 192.168.64.1#53(192.168.64.1) (UDP)
;; WHEN: Fri Nov 21 23:27:08 CET 2025
;; MSG SIZE rcvd: 73
bernd@hiten ~ $ dig hiten.user.clients.home.arpa AAAA +short
2003:e4:XXXX:XX41::4106
fde6:a09a:b373:41::4106
bernd@hiten ~ $ dig hiten.admin.clients.home.arpa A +short
192.168.64.173
bernd@hiten ~ $ dig hiten.admin.clients.home.arpa AAAA +short
2003:e4:XXXX:XX40::7ca2
fde6:a09a:b373:40::7ca2
# Bonus points! eno1 is my prefered local interface...
bernd@hiten ~ $ dig hiten +search
; <<>> DiG 9.20.15 <<>> hiten +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46231
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;hiten.admin.clients.home.arpa. IN A
;; ANSWER SECTION:
hiten.admin.clients.home.arpa. 0 IN A 192.168.64.173
;; Query time: 1 msec
;; SERVER: 192.168.64.1#53(192.168.64.1) (UDP)
;; WHEN: Fri Nov 21 23:31:12 CET 2025
;; MSG SIZE rcvd: 74
1 Like
thanks!
what is option addnmount for?
nvm.. found some docs.. I guess I don't need it(?)
IIRC It had to do with ujail..
is it normal that in luci under Network > DHCP and DNS all my DHCP leases show up under the first instance and not under the right one?
Also all the static leases appear under all instances and not just the assigned one? (and yes they are assigned to specific instances)
(also feel free to reply in german if you want to ...unless there is some forum rule I didn't see against it)
Could be wrong but I don’t think so, if you had a device connected to both the lan and the vlan, maybe something, but even then would dnsmasq make sure it’s blahblah.lan vs blahblah.vlan !?!?
as far as I understood it:
I need multiple dnsmasq instances to be able to have multiple domains like blahblah.lan vs blahblah.vlan
Also in my /etc/config/dhcp I got this section:
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option piofolder '/tmp/odhcpd-piofolder
..is that supposed to be there? (I rolled back to one dnsmasq instance atm)
Does that mean odhcp doesn't do anything on my router and everything is handled my dnsmasq or what is that for?
Ah.
I have deinstalled odhcpd and installed dnsmasq-full.
interesting.. what are the reasons for that?
Is there somewhere I can read up on why I would use one over the other?
Odhcpd is not able to set for instance generic dhcpv6 options. And I'd like to have DHCP, dhcpv6 and for now also radv (router advertisement) with one daemon.
I'm also not quiet sure how I would setup multiple instances with odhcpd...
I think it's easier with just one daemon which handles all the client address assignments and DNS.
RADV could be done with something else, like bird2, but dnsmasq has also this feature.
Resource like I can only point to the software documentation and over the years I follow the attempts of others and come up with this setup which should cover it with minimal effort as I see it.
alright so this is how I would setup my /etc/config/dhcp
# /etc/config/dhcp
config dnsmasq 'loopback_dns'
option domain 'local'
option local '/local/'
option leasefile '/dev/null'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
list interface 'loopback'
list rebind_protection '0'
list rebind_domain '/local/'
option add_local_domain '1'
option add_local_fqdn '0'
option fqdn '1'
option localservice '0'
option cachesize '1000'
config dnsmasq 'iot_dns'
option domain 'iot'
option local '/iot/'
option leasefile '/tmp/dhcp.leases.iot'
list interface 'IOT'
list notinterface 'loopback'
list server '192.168.1.1'
list rebind_protection '0'
list rebind_domain '/local/'
option add_local_domain '0'
option add_local_fqdn '0'
option fqdn '1'
option localservice '0'
option cachesize '1000'
config dhcp 'iot'
option interface 'IOT'
option instance 'iot_dns'
option dhcpv4 'server'
option start '100'
option limit '150'
list dhcp_option '6,192.168.33.2'
list dhcp_option 'option:domain-name, iot.'
option dhcpv6 'server'
list dhcp_option 'option6:domain-search, iot.'
option leasetime '12h'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1
config dnsmasq 'lan_dns'
option domain 'lan'
option local '/lan/'
option leasefile '/tmp/dhcp.leases.lan'
list interface 'lan'
list notinterface 'loopback'
list server '192.168.1.1'
list rebind_protection '0'
list rebind_domain '/local/'
option add_local_domain '0'
option add_local_fqdn '0'
option fqdn '1'
option localservice '0'
option cachesize '1000'
config dhcp 'lan'
option interface 'lan'
option instance 'lan_dns'
option dhcpv4 'server'
option start '100'
option limit '150'
list dhcp_option '6,192.168.1.2'
list dhcp_option 'option:domain-name, lan.'
list dhcp_option 'option:domain-search, lan.'
option dhcpv6 'server'
list dhcp_option 'option6:domain-search, lan.'
option leasetime '12h'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1'
does this look somewhat right to you?
Also: what are the configs in you /etc/dnsmasq.conf for?
Reverse DNS and pointing (back) to each (sub) domain nameserver.