Hi,
I'm trying to lookup se10-wg.socks5.mullvad.net which works fine from my PC but not from my router.
root@OpenWrt:~# nslookup se10-wg.socks5.mullvad.net
Server: 127.0.0.1
Address: 127.0.0.1#53
*** Can't find se10-wg.socks5.mullvad.net: No answer
*** Can't find se10-wg.socks5.mullvad.net: No answer
(user@pc)$ nslookup se10-wg.socks5.mullvad.net
Server: 10.64.0.1
Address: 10.64.0.1#53
Non-authoritative answer:
Name: se10-wg.socks5.mullvad.net
Address: 10.124.0.65
10.64.0.1
is the dns server I have configured my router to provide my PC with.
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option confdir '/tmp/dnsmasq.d'
list server '10.64.0.1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
list dhcp_option '6,10.64.0.1'
option leasetime '12h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'test'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'test'
option ra 'server'
option dhcpv6 'server'
option ra_management '1'
list dhcp_option '6,10.64.0.1'
Any clue why it doesn't work on the router? I'm guessing I'm missing some config?
Let me know if you need to see some other config file.
Thanks
Try to disable peer DNS:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider
Check the output from OpenWrt:
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*; \
nslookup se10-wg.socks5.mullvad.net 8.8.8.8; \
nslookup se10-wg.socks5.mullvad.net 10.64.0.1; \
nslookup se10-wg.socks5.mullvad.net
2 Likes
Disabling peer DNS did not resolve the issue by itself (unless I made a mistake while testing).
root@OpenWrt:~# head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface wan
head: /tmp/resolv.*/*: No such file or directory
root@OpenWrt:~# nslookup se10-wg.socks5.mullvad.net 8.8.8.8; \
> nslookup se10-wg.socks5.mullvad.net 10.64.0.1; \
> nslookup se10-wg.socks5.mullvad.net
Server: 8.8.8.8
Address: 8.8.8.8#53
Name: se10-wg.socks5.mullvad.net
Address 1: 10.124.0.65
*** Can't find se10-wg.socks5.mullvad.net: No answer
Server: 10.64.0.1
Address: 10.64.0.1#53
Name: se10-wg.socks5.mullvad.net
Address 1: 10.124.0.65
*** Can't find se10-wg.socks5.mullvad.net: No answer
Server: 127.0.0.1
Address: 127.0.0.1#53
*** Can't find se10-wg.socks5.mullvad.net: No answer
*** Can't find se10-wg.socks5.mullvad.net: No answer
If I update /etc/resolv.conf
as such:
root@OpenWrt:~# head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
==> /etc/resolv.conf <==
search lan
nameserver 10.64.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 10.64.0.1
==> /tmp/resolv.conf.auto <==
# Interface wan
head: /tmp/resolv.*/*: No such file or directory
Then I get the same result as the nslookup se10-wg.socks5.mullvad.net 10.64.0.1
root@OpenWrt:~# nslookup se10-wg.socks5.mullvad.net
Server: 10.64.0.1
Address: 10.64.0.1#53
Name: se10-wg.socks5.mullvad.net
Address 1: 10.124.0.65
*** Can't find se10-wg.socks5.mullvad.net: No answer
Still on my PC I get slightly "better" results:
user@pc $ nslookup se10-wg.socks5.mullvad.net 10.64.0.1
Server: 10.64.0.1
Address: 10.64.0.1#53
Non-authoritative answer:
Name: se10-wg.socks5.mullvad.net
Address: 10.124.0.65
trendy
January 4, 2021, 8:52pm
5
I think it is the rebind protection, the IP resolved is private.
2 Likes
# nslookup se10-wg.socks5.mullvad.net
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: se10-wg.socks5.mullvad.net
Address 1: 10.124.0.65
*** Can't find se10-wg.socks5.mullvad.net: No answer
Seem to work a lot better.
It seem to fix an issue I had earlier with adblock force local dns breaking the nslookup on my PC. Now if I force local dns lookup it looks as expected.
Not sure about *** Can't find se10-wg.socks5.mullvad.net: No answer
though. Is it supposed to look like that?
1 Like
Yep, this line is for AAAA records, i.e. IPv6 if any.
1 Like
system
Closed
January 14, 2021, 9:44pm
9
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.