Trouble with dns

nickvandub · October 11, 2024, 3:15pm

hi community how are you? i hope well. i come back to the forum looking for some help. i'm having trouble with my local dns with 2 files,"/tmp/resolv.conf.d/resolv.conf.auto" and "/etc/resolv.conf" i edited them configuring my two local dns on wan and lan,in my wireguard conenction y have a differet one. once i save the changes...2 or 3 hours later it changes them selves making my wireguard dns acts as a local dns and all the dns querys goes to the wireguard dns.is there a way to lock those files to avoid editing themselves?

brada4 · October 11, 2024, 3:19pm

resolv.conf-s are generated from other config. You can set whatever upstreams you want in "forwarder" section of dnsmasq (and disable resolv.conf usage)

nickvandub · October 11, 2024, 3:25pm

i have configured that,in forwader at dhcp section....but for example when i make a nslookup on the interface section....all querys goes trough the wieguard dns i configured.i tried disabling it...but same result.

brada4 · October 11, 2024, 3:55pm

What is that?

nickvandub · October 11, 2024, 4:10pm

is a tool in diagnostics section at the interfaces that test dns resolution.

egc · October 11, 2024, 4:50pm

All dns servers placed in the interfaces are thrown into one basket which dnsmasq uses.

DNSMasq periodically query which is the fastest and uses that.
If all are about equally fast you will see all of those used after a while.
If you use wireguard with default route via the wireguard interface the wg dns server might be the fastest.

For some background reading see my notes

nickvandub · October 11, 2024, 9:58pm

is there a way to avoid that query to see what dns is faster? i need my router to use my local dns servers instead "the faster one" thanks a lot.

Cthulhu88 · October 11, 2024, 10:46pm

Could you post the contents of your /etc/config/dhcp and /etc/resolv.conf?

nickvandub · October 12, 2024, 12:41am

of course....

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option port '0'
	option localuse '0'
	list server '192.168.0.193'
	list server '192.168.0.176'
	option min_cache_ttl '0'
	option max_cache_ttl '0'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option strictorder '1'

/etc/resolv.conf

Interface WG_server

nameserver 94.140.14.14

Interface lan

nameserver 192.168.0.193
nameserver 192.168.0.176

Interface wan

nameserver 192.168.0.193
nameserver 192.168.0.176

Cthulhu88 · October 12, 2024, 1:28am

Change option localuse '0' to option localuse '1'. This will make dnsmasq generate a /etc/resolv.conf with just 127.0.0.1 and ::1.
Add option noresolv '1'. This will prevent dnsmasq from reading upstream servers from resolv.conf.
Delete option port '0'.
/etc/init.d/dnsmasq restart

This will have dnsmasq operate as a DNS forwarder to your LAN servers.

As for the wireguard connection, I guess you can set up a second dnsmasq instance that binds to the wireguard interface.

nickvandub · October 12, 2024, 1:45am

okey,but all that wil make my router ti act as a dns server, or at least i read something like that on other posts....will replace both dns servers and any query will be responded by the router.

Cthulhu88 · October 12, 2024, 3:06am

If you want to make use of dnsmasq DNS features, you need to run a DNS forwarder there, otherwise option port '0' just disables DNS handling altogether and leaves dnsmasq as a DHCPv4 server only.

If I understand correctly what you're trying to achieve, you want to first query the LAN servers, and then if they fail, query the wireguard server?
If so, the changes I've mentioned will do that for you, you just need to define the 'server' list in the correct order and leave option strictorder '1' around.

egc · October 12, 2024, 6:48am

I have found working with 'strict order' not very reliable but YMMV.

In the past we used strict order to do the opposite to deal with a DNS leak when running a VPN but after v 2.85 this was not reliable any more due to a different mechanism which sped up forwarder querying.
When asked Simon K about he confirmed as much.

But as said YMMV

Edit: my take on it

nickvandub · October 12, 2024, 2:12pm

that's exactly what i want to do. but as i have read, putting 'localuse '1' and 'port 53' will turn mi router into a dns so all querys will be responded by the router. infact 1 month ago i had configured like you are saying and the router respond that querys and my local dns's didn't worked because all querys were responded by the router also having forwarders configured pointing t my local dns's. very wired. but thanks a lot.

nickvandub · October 14, 2024, 4:09pm

i found a way to resolve this, configured my local dns to serve on my wireguard connection. that resolve mi issue. thanks to all.

system · October 24, 2024, 4:09pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.