Hi everyone, I have the following problem:
Same error!
I found the article that addresses the problem I am currently having! Have you found a solution to the problem?
What exactly are you doing with Wireguard, odhcpd and DNS?
It's not clear what you're having an issue with - nor is it clear why odhcpd, DNS and Wireguard combined presents a problem.
I followed the instructions on openwrt.org for dnsmasq successfully then I tried odhcpd + unbound + wireguard but got the same error and couldn't find a way to fix it. I hope you can help!
What error are you talking about?
When I turn on wireguard on my device and try to access google website it says no response from dns!
I tried dnsmasq without unbound and didn't get that error. I also tried dnsmasq with unbound in parallel and didn't get that error!
But when I tried odhcpd running with wireguard, there was an error of no response from dns. Then I tried odhcpd + unbound + wireguard and the error still appeared!
WireGuard has no relation to DNS resolution other than that it needs a working DNS for correct time and resolution of the WireGuard server, so it seems your DNS is not working
Disable WireGuard and SSH into the router and from the command line do:
ping 8.8.8.8
nslookup openwrt.org
nslookup openwrt.org 8.8.8.8
I tried pinging from the wireguard connected device and the response is successful but when I ping google.com there is no hostname?
Connected successfully but no internet!
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export unbound; \
uci export dhcp; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
"kernel": "5.15.167",
"hostname": "OpenWrt",
"system": "QEMU Virtual CPU version 2.5+",
"model": "QEMU Standard PC (i440FX + PIIX, 1996)",
"board_name": "qemu-standard-pc-i440fx-piix-1996",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fcd00",
"target": "x86/64",
"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1'
option proto 'pppoe'
option ipv6 'auto'
option peerdns '0'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
option sourcefilter '0'
config interface 'ISP'
option proto 'static'
option device 'eth1'
option ipaddr '192.168.1.100'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
config interface 'Home'
option proto 'wireguard'
option private_key 'oNhaCOSkgKs+6DDrSWfyqab0nmzEqvx/75i0SBXMeko='
option listen_port '13231'
list addresses 'fd10:39e8:485::1/64'
list addresses '192.168.3.1/24'
config wireguard_Home
option description 'peer1'
option public_key 'C+7fsuzwODikQoCrBPFTNeeik2L6wJaISdQDjZ4q/F8='
option private_key '0KNMgI4UhS/iVEIDJI6f6/0hmA2pmUXTvH5CWswUZnA='
option preshared_key 'd0FIgDdMMmnC1TuQtH1QAU+/QUBUcTJ2BhT6TohmXuY='
list allowed_ips 'fd10:39e8:485::2/128'
list allowed_ips '192.168.3.2/32'
package unbound
config unbound 'ub_main'
option add_extra_dns '0'
option add_local_fqdn '3'
option add_wan_fqdn '1'
option dhcp_link 'odhcpd'
option dhcp4_slaac6 '1'
option dns64 '0'
option dns64_prefix '64:ff9b::/96'
option domain 'lan'
option domain_type 'static'
option edns_size '1232'
option extended_stats '0'
option hide_binddata '1'
option interface_auto '1'
option listen_port '53'
option localservice '1'
option manual_conf '0'
option num_threads '1'
option protocol 'default'
option query_minimize '0'
option query_min_strict '0'
option rate_limit '0'
option rebind_localhost '0'
option rebind_protection '1'
option recursion 'default'
option resource 'default'
option root_age '9'
option ttl_min '120'
option ttl_neg_max '1000'
option unbound_control '1'
option validator '0'
option validator_ntp '1'
option verbosity '1'
list iface_trig 'lan'
list iface_trig 'wan'
list iface_wan 'wan'
config zone 'auth_icann'
option enabled '0'
option fallback '1'
option url_dir 'https://www.internic.net/domain/'
option zone_type 'auth_zone'
list server 'lax.xfr.dns.icann.org'
list server 'iad.xfr.dns.icann.org'
list zone_name '.'
list zone_name 'arpa.'
list zone_name 'in-addr.arpa.'
list zone_name 'ip6.arpa.'
config zone 'fwd_isp'
option enabled '0'
option fallback '1'
option resolv_conf '1'
option zone_type 'forward_zone'
list zone_name 'isp-bill.example.com.'
list zone_name 'isp-mail.example.net.'
config zone 'fwd_google'
option enabled '0'
option fallback '1'
option tls_index 'dns.google'
option tls_upstream '1'
option zone_type 'forward_zone'
list server '8.8.4.4'
list server '8.8.8.8'
list server '2001:4860:4860::8844'
list server '2001:4860:4860::8888'
list zone_name '.'
config zone 'fwd_cloudflare'
option enabled '0'
option fallback '1'
option tls_index 'cloudflare-dns.com'
option tls_upstream '1'
option zone_type 'forward_zone'
list server '1.1.1.1'
list server '1.0.0.1'
list server '2606:4700:4700::1111'
list server '2606:4700:4700::1001'
list zone_name '.'
package dhcp
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list domain 'lan'
config odhcpd 'odhcpd'
option maindhcp '1'
option leasefile '/var/lib/odhcpd/dhcp.leases'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'Home'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'ISP'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '13231'
option proto 'udp'
option target 'ACCEPT'
config nat
option name 'Nat6'
option family 'ipv6'
list proto 'all'
option src 'wan'
option src_ip 'fd10:39e8:485::/64'
option target 'MASQUERADE'I don't know if it's a bug or a feature! 
Not all commands were pasted in the post above, but let me summarize first a few things.
You posted the WG private and preshared keys, so you'd better replace them, along with the public.
The unbound has this config,
list iface_trig 'wan'
list iface_wan 'wan'
but you have changed the name to ISP
So you're settling up Unbound to be a DNS server using the Wireguard tunnel?
Can you describe what you intended to accomplish - not the error and result. Your issue is unclear because you haven't described what you desire to accomplish.
Yes! dnsmasq running with unbound or not can still be accessed from the device connected to wireguard!
Why ISP? That port only acts as a connection to the isp modem while bridging!
As the configuration above I sent! What more do you need to know exactly? When I turn on wireguard then access any website I get a response that there is no response from dns. After refreshing many times I get a response that you have changed the ip?