I have a setup running OpenWrt 22.03.3 where I have multiple interfaces such as LAN, guest, wireguard VPN for remote access etc.
Can I set different DNS servers for those interfaces?
The reason is I want to redirect DNS for the LAN and guest interface to a Pi-Hole container running in docker on the OpenWrt system. But DNS on other interfaces, such as the Wireguard interface, I would like to still use ISP DNS for resolving the peer's hostname.
If the Pi-Hole container for some reason is down I would still like the Wireguard interface to be able to resolve the peer so i can remotely manage and troubleshoot the system.
Yes, but OpenWrt uses the DNS servers assigned to the outbound (i.e. usually Internet/WAN) connection.
Use DHCP Option No. 6 to assign the PiHole DNS IP to the clients on that network. There are threads on how to make that DHCP config.
Thanks for the reply. I saw in the AdGuard Home tutorial you can set specific DNS forwarders for specific domain names. https://openwrt.org/docs/guide-user/services/dns/adguard-home#bypassing_encrypted_dns_for_ntp
Can I set e.g
/mywireguardpeer.example.com/22.214.171.124 so the wireguard peer domain name is always resolved with cloudflare? Is this what this setting is used for?
Do you want to:
- Use different DNS servers for different clients; or
- To use a different DNS server depending on what domain/host is being resolved?
Honestly, I know such a setting is possible; but I've never used it myself (and I cannot find a relevant thread thru search).
@trendy @Borromini @pavelgl @psherman - perhaps one of them can confirm.
Option #2. If the domain mywireguardpeer.example.com is resolved it uses a specific DNS server for only that domain name. All other DNS queries are resolved using the Pi-Hole, Adguard or similar.
This is just to ensure that even if the Pi-Hole instance is down, the router can still resolve the hostname of the wireguard peer, and letting me SSH into the (remote) router for troubleshooting.
I don't have physical access and the router is behind CGNAT, so the wireguard connection has to be started FROM the router (to another OpenWrt router in a site-to-site config).
Yes, all DNS requests to resolve
mywireguardpeer.example.com will be sent to 126.96.36.199
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.