[SOLVED] Prevent iot devices from quering dnsmasq

I have a firewall zone 'cams' for iot devices like camera's

I have neutered the permissions that zone but still dnsmasq is answering them it seems.

Thu Mar 3 16:46:27 2022 daemon.info dnsmasq[20131]: 7274 query[A] pub-cfg.secu100.net from

I see many such syslog entries.

For the cams zone I have

And for firewall rules I have

What should I add to make dnsmasq stop responding to devices in the cams zone?

changing the dest in the firewall rule from any zone to this device also did not do the trick.

Thu Mar 3 17:05:08 2022 daemon.info dnsmasq[20131]: 8199 cached secu100.net is

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; \
netstat -lnp

wow trendy, do you remember how many times I ran into mysterious issues before?
I think I finally have found the source of all the issues.
It's because I used a single NIC for all things LAN and also used that same NIC for all the VLANS.

I just added a 3rd NIC (I did not even have to restart OpenWrt, the NIC was hot added) and changed the cams interface to use that NIC.

and guess what I found in the logs

Thu Mar  3 23:07:12 2022 kern.warn kernel: [21393.895583] REJECT cams in: IN=eth2 OUT= MAC=4a:f6:6b:f5:54:09:00:12:41:5e:b9:c9:08:00 SRC= DST= LEN=65 TOS=0x00 PREC=0x00 TTL=64 ID=7414 DF PROTO=UDP SPT=42861 DPT=53 LEN=45

SWEEEEEEEEET!!! Better late then never but finally there is progress YESSSS

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.