[SOLVED] I can lookup se10-wg.socks5.mullvad.net from my PC but not from router

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,

I'm trying to lookup se10-wg.socks5.mullvad.net which works fine from my PC but not from my router.

root@OpenWrt:~# nslookup se10-wg.socks5.mullvad.net
Server:         127.0.0.1
Address:        127.0.0.1#53

*** Can't find se10-wg.socks5.mullvad.net: No answer
*** Can't find se10-wg.socks5.mullvad.net: No answer

(user@pc)$ nslookup se10-wg.socks5.mullvad.net
Server:         10.64.0.1
Address:        10.64.0.1#53

Non-authoritative answer:
Name:   se10-wg.socks5.mullvad.net
Address: 10.124.0.65

10.64.0.1 is the dns server I have configured my router to provide my PC with.

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option confdir '/tmp/dnsmasq.d'
        list server '10.64.0.1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'
        list dhcp_option '6,10.64.0.1'
        option leasetime '12h'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'test'
        option start '100'
        option leasetime '12h'
        option limit '150'
        option interface 'test'
        option ra 'server'
        option dhcpv6 'server'
        option ra_management '1'
        list dhcp_option '6,10.64.0.1'

Any clue why it doesn't work on the router? I'm guessing I'm missing some config?
Let me know if you need to see some other config file.

Thanks

2

Try to disable peer DNS:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

Check the output from OpenWrt:

head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*; \
nslookup se10-wg.socks5.mullvad.net 8.8.8.8; \
nslookup se10-wg.socks5.mullvad.net 10.64.0.1; \
nslookup se10-wg.socks5.mullvad.net
2 Likes
3

Disabling peer DNS did not resolve the issue by itself (unless I made a mistake while testing).

root@OpenWrt:~# head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
head: /tmp/resolv.*/*: No such file or directory

root@OpenWrt:~# nslookup se10-wg.socks5.mullvad.net 8.8.8.8; \
> nslookup se10-wg.socks5.mullvad.net 10.64.0.1; \
> nslookup se10-wg.socks5.mullvad.net
Server:         8.8.8.8
Address:        8.8.8.8#53

Name:      se10-wg.socks5.mullvad.net
Address 1: 10.124.0.65
*** Can't find se10-wg.socks5.mullvad.net: No answer
Server:         10.64.0.1
Address:        10.64.0.1#53

Name:      se10-wg.socks5.mullvad.net
Address 1: 10.124.0.65
*** Can't find se10-wg.socks5.mullvad.net: No answer
Server:         127.0.0.1
Address:        127.0.0.1#53

*** Can't find se10-wg.socks5.mullvad.net: No answer
*** Can't find se10-wg.socks5.mullvad.net: No answer

If I update /etc/resolv.conf as such:

root@OpenWrt:~# head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
==> /etc/resolv.conf <==
search lan
nameserver 10.64.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 10.64.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
head: /tmp/resolv.*/*: No such file or directory

Then I get the same result as the nslookup se10-wg.socks5.mullvad.net 10.64.0.1

root@OpenWrt:~# nslookup se10-wg.socks5.mullvad.net
Server:         10.64.0.1
Address:        10.64.0.1#53

Name:      se10-wg.socks5.mullvad.net
Address 1: 10.124.0.65
*** Can't find se10-wg.socks5.mullvad.net: No answer

Still on my PC I get slightly "better" results:

user@pc $ nslookup se10-wg.socks5.mullvad.net 10.64.0.1
Server:         10.64.0.1
Address:        10.64.0.1#53

Non-authoritative answer:
Name:   se10-wg.socks5.mullvad.net
Address: 10.124.0.65
5

I think it is the rebind protection, the IP resolved is private.

2 Likes
6 
# nslookup se10-wg.socks5.mullvad.net
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      se10-wg.socks5.mullvad.net
Address 1: 10.124.0.65
*** Can't find se10-wg.socks5.mullvad.net: No answer

Seem to work a lot better.
It seem to fix an issue I had earlier with adblock force local dns breaking the nslookup on my PC. Now if I force local dns lookup it looks as expected.
Not sure about *** Can't find se10-wg.socks5.mullvad.net: No answer though. Is it supposed to look like that?

1 Like
7

Yep, this line is for AAAA records, i.e. IPv6 if any.

1 Like
8

Alright, thanks!

Then it's working.

2 Likes
9

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.