I will start by explaining my setup:
it consists of a double NAT setup where the ISP router is connected to the internet and the openwrt router is connected to the ISP's router LAN. It is intended to be this way.
there is also a windows machine with custom DNS on the network card configuration.
None of the routers IP addresses are added to the list.
the problem seems to be that the windows machine will retry any DNS lookup for the ISP Router when on it's lan but not on the openwrt router's lan.
I would prefer the fix to be done via the luci interface if possible.
Sounds like either a topology issue or something with windows.
Can you show us the topology and what hosts are and are not resolvable in the different scenarios
And let’s see your openwrt config.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
all of these files where always edited by the luci interface
ubus call system board
{
"kernel": "5.15.162",
"hostname": "********",
"system": "MediaTek MT7620A ver:2 eco:6",
"model": "TP-Link Archer C2 v1",
"board_name": "tplink,archer-c2-v1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.4",
"revision": "r24012-d8dd03c46f",
"target": "ramips/mt7620",
"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '********'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
list ports 'wg0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.8.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'br-wan'
option proto 'dhcp'
option ip6assign '64'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '0'
config switch
option name 'switch1'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch1'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch1'
option vlan '2'
option ports '0 6t'
config device
option type 'bridge'
option name 'br-wan'
list ports 'eth0.2'
list ports 'usb0'
config interface 'wg0'
option proto 'wireguard'
option private_key '********'
option listen_port '****'
list addresses '192.168.9.0/24'
option force_link '1'
config wireguard_wg0
option description '********'
option public_key '********'
option private_key '********'
option preshared_key '********'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '********'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option channel 'auto'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
option country '**'
option disabled '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid '********'
option encryption 'sae-mixed'
option key '********'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/10180000.wmac'
option channel 'auto'
option band '2g'
option htmode 'HT40'
option cell_density '0'
option country '**'
option noscan '1'
option disabled '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid '********'
option encryption 'sae-mixed'
option key '********'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wg0'
option interface 'wg0'
/etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wg0'
config zone
option name 'wan'
option input 'DROP'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'wg0'
option src 'wan'
option src_dport '****'
option dest_ip '192.168.8.1'
option dest_port '****'
Lots of comments, but none of them can answer the problem listed in the title because you didn't provide the topology and test scenarios for the successful/unsuccessful windows local hostname lookups...
that said...
Wireguard is a routed protocol and must not be bridged. Remove it from br-lan
:
This is unusual.... why do you have a wan bridge?
This is an invalid address... it can be 192.168.9.1/24
, but the 0
address is not a valid host address in a /24 network:
You usually don't need to redact the allowed IPs... are they RFC1918 IPs (or 0.0.0.0/0)?
I recommend against using sae-mixed encryption. Use WPA2 or WPA3 (sae) but not mixed -- this tends to cause problems with many client devices.
Remove this and replace it with a basic traffic rule:
regarding the wan bridge it's simple I just needed to use usb tethering to connect a bunch of computers to the internet.
"You usually don't need to redact the allowed IPs" if it's not there thats luci fault all of the redacted stuff is done using "*******", on luci it says it is in a VLAN.
I just copied the 2.4GHz settings to the 5GHz settings i can't give up on WPA2 due to an old device and the "problematic channels" are not available in my region (It's a radar area).
Regarding wireguard I can't mess with it right now because because i have no way to test changes due to the ISP router not allowing me to change the port fowarding due to a bug in the system also i can't bind port fowarding rules by mac address on the ISP router, this is why I have my own network.
Regarding the issue at hand with the DNS stuff it's not much of a windows issue but something that the ISP router does that the Openwrt doesn't and I wish it did, the stock firmware also did resolve local hostnames even when the DNS servers on windows where changed.
You must have redacted this line:
What do you mean that LuCI has that redacted??
Give us specifics. I'm not sure what you're talking about here.
Luci simply did not create that line and it hasn't been there since i started i think it's related to the weird hardware architecture, but it is added to the lan interface so it should be using those settings.
The issue:
on windows I have both the wifi and ethernet cards under the IPv4 settings set to use the following DNS list:
208.67.222.222
208.67.222.220
208.67.222.218
8.8.8.8
8.8.4.4
1.1.1.1
1.0.0.1
ISP LAN:
IP Addresses: 192.168.1.0/24
domain suffix: *.home
OpenWrt LAN:
hostname: thenetwork
IP Addresses: 192.168.8.0/24
domain suffix: *.lan
on the ISP LAN there is a NAS that we will call "theserver" that was used to detect hostname resolution.
while connected to the ISP Router I can successfully ping all other hosts and their names are resolved, but while connected to the openwrt LAN I cannot ping any host that includes the openwrt router hostname "Ping request could not find host thenetwork. Please check the name and try again.
", if I undo the DNS config on windows It works for all openwrt hosts but not ISP LAN hosts, but unfortunately I need the DNS config
however if while connected to the openwrt lan I run on windows:
nslookup thenetwork 192.168.8.1
it resolves the hostname and the same goes for
nslookup theserver.home 192.168.1.1
The intended behaviour would be to be able to access any host on any LAN by it's hostname without using the default DNS.
and I can't use the ISP routers domain suffix because it' is not resolved by the the router unless via nslookup this is not much of a problem because i can just manually add them on the hostnames tab in Luci.
Where is the NAS connected? Is it connected to the OpenWrt router now or is it still connected to the upstream/ISP router?
To be clear, all of these servers are public and external to your network. Therefore, you will not have any ability to resolve local hostnames. And specifically, you cannot resolve hostnames that are on the local two routers via traditional means since those routers are not included in the list.
But that said, it is likely that the previous hostname resolution was not actually related to the router, but rather mdns.
mdns does not (by default) route across subnets. So if you have devices connected to the upstream router and other devices connected to the OpenWrt router, you will run into this issue. You may be able to use the avahi mdns reflector/repeater to bridge mdns between the two subnets.
But this brings up the question -- what is the purpose of the OpenWrt router in your network? Why do you have devices connected to the upstream router and to OpenWrt?
the purpose of the OpenWrt router is VPN, support for older devices me trying to move multiple servers and other stuff behind it also RnD for home network improvements.
the server is on the ISP network i don't care about resolving to it from the openWrt I just want to resolve the hosts on OpenWrt LAN from OpenWrt LAN
"To be clear, all of these servers are public and external to your network. Therefore, you will not have any ability to resolve local hostnames." not a problem for the ISP router I understand windows is weird but this is a feature I need to work maybe is related to WINS because even if I add the OpenWrt router IP it will only resolve if on top which is exactly what i don't want.
You will be able to access the server by IP address, but not by DNS or mdns in this context. And this would be true of any cascaded router arrangement + DNS specified manually in Windows.
If you move the server behind the OpenWrt router, mdns will work as expected. That is to say that within the OpenWrt lan, you should be able to use mdns. You may also be able to use the .lan
domain (at least that's the default; you can change it). However, you cannot use the OpenWrt's DNS if Windows is being told to use other DNS servers since those records are only on OpenWrt, not on the public DNS servers.
You could, instead, setup OpenWrt's upstream DNS resolvers and then have Windows use OpenWrt. The effect is the same in the end.