SOLVED Particular DNS subdomain not working - recursion not allowed


I just started using LEDE yesterday and it's been working great. It's solved some showstopper bugs with the Linksys firmware for my WRT3200ACM, so I'm incredibly grateful to you all for creating this.

I am having one issue though, and I'm not sure what I'm doing wrong.

I use a VPN to connect to work, and with the previous firmware or different routers, things are working OK, but LEDE's dnsmasq setup just doesn't want to work in this particular case.

Due to a "quirk" of our VPN, we don't get DNS server addresses handed out via the DHCP server on the VPN network. So, I've set up some DNS that can answer the queries, which was working OK up until now.

If I try to "dig @" I get a failure. Trying it against or other public DNS works.

So far, I've tried adding a / or / but again that dig fails.

The authoritative nameservers for "" are and and they do not allow recursion as per a security guide recommendation.

This seems to break dnsmasq, and I'm not sure how to get around it.

I hope I've given enough information - does anyone have any ideas on how to fix this?

Thank you so much


Solved. Add "" to the rebind whitelist.

Jeez, of course as soon as I type all that out I figure it out.