Setting Custom DNS not working

Hi, I am struggling with something very basic.

I have a DNS server in my local network (PiHole) at 192.168.1.10.

While I have already been successful on assining this DNS to DHCP clients (LuCI -> Interfaces -> LAN -> DHCP Server -> Advanced Settings -> DHCP Options -> "6,192.168.1.10"), I cannot make it work in an SSH session to OpenWRT.

I've already changed all possible settings:

  • Network -> Interfaces -> LAN -> Advanced Settings -> Use custom DNS servers -> 192.168.1.10
  • Network -> Interfaces -> WAN -> Advanced Settings -> Use custom DNS servers -> 192.168.1.10
  • Network -> DHCP and DNS -> DNS forwardings -> 192.168.1.10

And I cannot get the OpenWRT SSH to use my DNS server (LAN interface). See below, with all the above configuration OpenWRT is still not able to resolve a local name "ap3.home". However my DNS is working fine as the example below shows when I force nslookup to use my server:

root@ap1-router:~# nslookup ap3.home
Server:         127.0.0.1
Address:        127.0.0.1:53

** server can't find ap3.home: NXDOMAIN

** server can't find ap3.home: NXDOMAIN

root@ap1-router:~# nslookup ap3.home 192.168.1.10
Server:         192.168.1.10
Address:        192.168.1.10:53

Name:   ap3.home
Address: 192.168.1.3

Non-authoritative answer:

root@ap1-router:~#

What I am missing here to make OpenWRT to use my custom DNS server on the LAN interface?

I am running OpenWRT SNAPSHOT r17495-66db87fc78 from 10/SEP/2021.

Any comment or suggestion would be greatly appreciated, thanks!

uci show dhcp; head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
2 Likes

Thanks. Here you go. I redacted the DHCP reservations for privacy reasons (dhcp.@host[*]):

root@ap1-router:~# uci show dhcp; head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.@dnsmasq[0].local='/home/'
dhcp.@dnsmasq[0].domain='home'
dhcp.@dnsmasq[0].server='192.168.1.10'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].boguspriv='0'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv4='server'
dhcp.lan.force='1'
dhcp.lan.dhcp_option='6,192.168.1.10'
dhcp.lan.start='50'
dhcp.lan.limit='253'
dhcp.lan.ra_flags='none'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.wan.ra_flags='none'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
(... removed dhcp.@host[*] entries ...)
==> /etc/resolv.conf <==
search home
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search home
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface lan
nameserver 192.168.1.10
search home
# Interface wan
nameserver 192.168.1.10
root@ap1-router:~#

this must be changed to something else

from dnsmasq docs:

Also permitted is a -S flag which gives a domain but no IP address; this tells dnsmasq that a
domain is local and it may answer queries from /etc/hosts or DHCP but should never forward
queries on that domain to any upstream servers. --local is a synonym for --server to make
configuration files clearer in this case.

LuCI also tells you

Local domain specification. Names matching this domain are never forwarded and are resolved
from DHCP or hosts files only

Thank you, but unfortunately it did not solve the problem.,, There might be something else...

root@ap1-router:~# uci show dhcp.@dnsmasq[0]
dhcp.cfg01411c=dnsmasq
dhcp.cfg01411c.domainneeded='1'
dhcp.cfg01411c.localise_queries='1'
dhcp.cfg01411c.expandhosts='1'
dhcp.cfg01411c.authoritative='1'
dhcp.cfg01411c.readethers='1'
dhcp.cfg01411c.leasefile='/tmp/dhcp.leases'
dhcp.cfg01411c.resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.cfg01411c.localservice='1'
dhcp.cfg01411c.ednspacket_max='1232'
dhcp.cfg01411c.domain='home'
dhcp.cfg01411c.server='192.168.1.10'
dhcp.cfg01411c.rebind_protection='1'
dhcp.cfg01411c.boguspriv='0'
dhcp.cfg01411c.rebind_localhost='1'
dhcp.cfg01411c.local='/lan/'
root@ap1-router:~# nslookup ap3.home
Server:         127.0.0.1
Address:        127.0.0.1:53


Non-authoritative answer:

root@ap1-router:~# nslookup ap3.home 192.168.1.10
Server:         192.168.1.10
Address:        192.168.1.10:53

Name:   ap3.home
Address: 192.168.1.3

Non-authoritative answer:

root@ap1-router:~# ping ap3.home
ping: bad address 'ap3.home'
root@ap1-router:~#

Solved! Besides changing

"dhcp.@dnsmasq[0].local" back to "lan", I just disabled rebind protection and now it is working! :grinning:

uci del dhcp.cfg01411c.rebind_localhost
uci set dhcp.cfg01411c.rebind_protection='0'
root@ap1-router:~# ping ap3.home
PING ap3.home (192.168.1.3): 56 data bytes
64 bytes from 192.168.1.3: seq=0 ttl=64 time=7.828 ms
64 bytes from 192.168.1.3: seq=1 ttl=64 time=0.834 ms
64 bytes from 192.168.1.3: seq=2 ttl=64 time=1.301 ms
^C

you may add "home" to rebind whitelist instead of disable rebind :+1:

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.