So guys i installed openwrt on archer c20 and its running quite good. i have a private dns server adguard home (192.168.1.144) running on raspberry pi so i wanted to use my dns server for my all hosts in the network, so i went into the lan interface(192.168.1.1) and put my private dns server (192.168.1.144) in use custom dns server section in advance settings and it worked but in my adguard home server query log i can only see the ip of my lan interface which is 192.168.1.1 sending queries. so when ever any host is my lan is will use
my dns server its individual ip should come out in query log in adguard server but 192.168.1.1 is acting like a host for all my hosts in lan for adguard server. Also in with nslookup command its showing that openwrt.lan is my dns server so how can i replace that with my priavte dns server. so i want to have control on each host to access or block things with my dns server but thats not possible until i can see individual ips there of each host in my dns server. i am attaching some pic for you all thanks in advance....
use DHCP options in your dhcp server on your openwrt device
https://www.rfc-editor.org/rfc/rfc1497
" Domain Name Server Field (Tag: 6, Data: N address bytes) Specifies the IP addresses of N/4 domain name servers RFC- 1034]."
Your router hands out its own IP address as DNSMasq server by default.
You can using option 6 to hand out the adguard home (192.168.1.144) IP address to all your clients:
list dhcp_option '6,192.168.1.144'
To clarify add in /etc/config/dhcp under config dhcp_lan
config dhcp 'lan'
< other options etc.>
list dhcp_option '6,192.168.1.144'
or disable the DHCP on the C20, and enable it in AGH.
added " list dhcp_option '6,192.168.1.144' in the config is it correct ?
should i reboot now ?
looks good, but it should be enough to restart the dnsmasq service.
don't forget, your clients need to be made aware of the config change.
pull the network cable(s), or quickly go in and out of flight mode for wifi devices.
you'll probably need to implement https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns down the road, too.
whats the goal of dns hijacking? in easy words?
it makes sure your clients actually use your DNS, not whatever is default in the OS, or app.
even if the client use vpn it will force to use my dns?
it could be forced to, assuming the vpn runs on the router, and not the client.
you can probably do it even if it runs on the client, but then you probably need to change the vpn settings.
ok thank very much for your support .
can i add a second dns using same dhcp_ options for backup?
you can, but there's no guarantee the clients will use only the 1st one as primary.
no if my pi goes down for some reason ? so it will use second one
yes, but they won't know when it's back, so they'll stick to the 2nd DNS for a while.
Thanks to all for the support its done
now can i remove the ip of dns server from custom dns in advance settings in lan interface?
if you are referring to the ones I'm thinking about, then yes, they have no effect on the clients.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.