Local DNS resolve via dnsmasq fails in 386.9 for LAN clients

Phantomski

Regular Contributor
Hi,

encountering really odd DNS issue after dirty-installing 386.9 fw (upgrade from 386.7-2).

On the previous versions of firmware, I was using /jffs/configs/dnsmasq.conf.add for local network name resolution in the form of address=/[server.domain]/[ip]. The domain itself is .home, so shouldn't create any conflicts.

This worked well until fw 386.7-2, but stopped working on 386.9, but strangely only for ethernet devices (WiFi clients work ok), despite same DHCP settings. If I set their config to static instead of DHCP and set DNS manually to my router's IP, the result is the same.

WiFi clients:
Code:
❯ nslookup router.home
Server:    192.168.1.1
Address:    192.168.1.1#53
Name:    router.home
Address: 192.168.1.1

Ethernet Clients:
Code:
❯ nslookup router.home 192.168.1.1
Server:    192.168.1.1
Address:    192.168.1.1#53
Name:    router.home
Address: 192.168.1.1
** server can't find router.home: NXDOMAIN

I have tried restarting the router, restarting the clients, various settings for DNS Director and enabling/disabling it, restarting dnsmasq, nothing helps.

Current relevant settings:
  • LAN / LAN IP / RT-AC88U's Domain Name: home
  • LAN / DHCP Server / DNS and WINS Server Setting: DNS Server 1 and 2 blank, Advertise router's IP in addition to user-specified DNS: Yes
  • DNS Director: OFF
  • Tools / Other Settings: Wan: Use local caching DNS server as system resolver (default: No): Yes (using because it made local queries much quicker)
  • WAN / Internet Connection / WAN DNS Setting: Forward local domain queries to upstream DNS: No, Enable DNS Rebind protection: No
  • Using DNSSEC, DoT (Quad9), Diversion
Something changed I'm not aware of? Or was I using it wrong all along and it finally broke?
 

Phantomski

Regular Contributor
I have tried to follow the Wiki again just to make sure something haven't changed since I've set it up and I've tried modifying
LAN / DHCP Server / DNS and WINS Server Setting:
DNS Server 1: [router IP]
DNS Server 2: blank
Advertise router's IP in addition to user-specified DNS: No

after dnsmasq restart still no joy.

If I check /etc/dnsmasq.conf, everything seems to be correct there, as far as I understand anyway. All the script generated sections are there, as well as /jffs/configs/dnsmasq.conf.add contents.
 

Yota

Very Senior Member
Just wanted to confirm, are your ethernet clients using the OpenVPN on the router?

386.9 changes the Exclusive behavior of DNS in OVPN, and forwards all DNS traffic directly to the OVPN server, so there is no longer local domain name resolution.

Because I also have some custom resolvers in my dnsmasq.add, they work fine, whether it is wifi or wired, but in exclusive DNS of VPN, they don't work.
 
Last edited:

Phantomski

Regular Contributor
Just wanted to confirm, are your ethernet clients using the OpenVPN on the router?
Nope, not on any kind of VPN.
 

Phantomski

Regular Contributor
Right. It seems that the problem is IPv6 related. I have IPv6 disabled on my router. Thus dnsmasq reponds (slightly incorrectly) to AAAA queries with NXDOMAIN instead of NOERROR or NODATA-IPv6 (because A query is resolved correctly). Unfortunately this "duality" is not working well with some clients, like Alpine based containers. If either query comes back with NXDOMAIN, they're both treated as NXDOMAIN.

Now, few options:
- Can dnsmasq behaviour be modified?
- IPv6 (I'd rather not...yet)
- different DNS server
- some other way of treating local domains (don't really want to revert to hosts file)
 
Last edited:

drinkingbird

Very Senior Member
I have tried to follow the Wiki again just to make sure something haven't changed since I've set it up and I've tried modifying
LAN / DHCP Server / DNS and WINS Server Setting:
DNS Server 1: [router IP]
DNS Server 2: blank
Advertise router's IP in addition to user-specified DNS: No

after dnsmasq restart still no joy.

If I check /etc/dnsmasq.conf, everything seems to be correct there, as far as I understand anyway. All the script generated sections are there, as well as /jffs/configs/dnsmasq.conf.add contents.

You can actually leave both DNS servers blank and select to advertise router's IP. Guess it is the same thing in the long run.

You may be having NVRAM issues, people have posted that after upgrading certain models they have to factory reset and reconfigure from scratch otherwise they're out of NVRAM.
 

drinkingbird

Very Senior Member
Right. It seems that the problem is IPv6 related. I have IPv6 disabled on my router. Thus dnsmasq reponds (slightly incorrectly) to AAAA queries with NXDOMAIN instead of NOERROR (because A query is resolved correctly). Unfortunately this "duality" is not working well with some clients, like Alpine based containers. If either query comes back with NXDOMAIN, they're both treated as NXDOMAIN.

Now, few options:
- Can dnsmasq behaviour be modified?
- IPv6 (I'd rather not...yet)
- different DNS server
- some other way of trating local domains (don't really want to revert to hosts file)

That seems odd, on mine with IPv6 disabled any query for an AAAA record to the router responds with "No IPv6 address (AAAA) records available for xxxx". But I'm not using dnsmasq.conf for any static entries. Maybe something in the formatting there. I do get the same response for static DHCP clients which is essentially the same as what you're doing just stored in NVRAM.

Note I'm still on 386.7_2 though.
 

Phantomski

Regular Contributor
At the moment, the only temporary solution I could find is to manually add the secondary address record into /jffs/configs/dnsmasq.conf.add for IPv6 that points to localhost ( :: ). It's obviously not ideal, but because IPv6 is disabled on the affected clients, they don't try connecting to it, they just need resolved IP for both A and AAAA queries with something.

Bash:
address=/router.home/192.168.1.1
address=/router.home/::

Right now, I haven't find anything better in the dnsmasq man. Since v2.86 the behaviour has changed and dnsmasq doesn't return NODATA-IPv6, but sends the AAAA query upstream instead. Since there's no upstream for the local domain entries, NXDOMAIN is returned. I have tried filter-AAAA option as well, but that didn't help.

Potentially there could be a way how to force particular interfaces in dnsmasq to be IPv4 only, but that would require more upstream config changes (or I don't know where can I change it myself).
 
Last edited:

Phantomski

Regular Contributor
Note I'm still on 386.7_2 though.
Yep, I think there lies the problem. 386.5 reverted dnsmasq to v2.85 and stayed there up to 386.7-2 (judging from the changelog). 386.9 went to v2.88. This small but important change happened in v2.86
 

Phantomski

Regular Contributor
I know, that’s what I’ve tried first. It’s in the .conf anyway, presumably from DHCP config (local domain setting in GUI).

But, no change. Still comes back with NXDOMAIN.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top