Setup DNS IP Sets

ZetNet · February 8, 2025, 1:54pm

I would like to allow access to some host via dns names for one device. I am able to do it with Firewall IP Sets where I have to give the name, but I am unable to used it with the IP Sets from DNS.

I created a Firewall - IP Set
IOT_IPSet ipv4 dest_ip TESTIP none

I created a DNS IP Set
IOT_IPSet testdomain none ip

and use that in a traffic rule.

I can access domains on the TESTIP but I cannot access the testdomain.

What do I miss to make that work? Any help would be greatly appreciated

I'm using OpenWrt 24.10.0

frollic · February 8, 2025, 2:05pm

Use dns to only resolve those host names, return 0.0.0.0 for the rest.

dave14305 · February 9, 2025, 9:51pm

dnsmasq-full must be installed for the nftset feature to work
The DNS IP set family needs to be “IPv4+6“ in order to populate the Firewall IP set in table inet fw4

ZetNet · February 10, 2025, 6:43am

Thanks dave14303 for your answer.

I have dnsmasq-full installed and the DNS IP set family is set to IPv4+6. Howerver I don't understand on how to make that work.

Here are screenshots from my config

And it works when I use an Firewall IP set with an IP

Do I have to set something in the DHCP and DNS General tab?