Solved Router DHCP and DNS not responding to changes

[PTS]

[SOLUTION]
Just gonna save anyone who gets here some time.

In this particular case, and for whatever reason (unknown), changing settings in the gui/via SSH and then soft and even hard rebooting had no effect. The solution was a full power cycle for changed settings were applied.
---------------------------------------------------------------------------------------------------------------------------

Relevant info - due to the nature of the layout and pre-existing networking in my rented apartment, I have two routers, both flashed with Merlin and up to date:

Router 1: AX56U, Wireless router mode
Router 2: AC68U, AP mode

I've had R2 for a while, it is what all my wireless devices connected to (and still connect to). R1 was purchased due to where the modem for the apartment is located and the remaining space in the cabinet - my AC68U just couldn't fit.

Config is R1 `192.168.1.1` -> switch -> all main rooms. R2 `192.168.1.3` with R1 as the gateway. Almost all wireless devices connect to R2.

A few years ago I configured piHole `192.168.1.101` on a raspberry pi zero w, and adguard `192.168.1.200` on a Synology NAS to be DNS servers for R1. These were set as DNS 1 and 2 respectively in LAN -> DHCP Servers. Both devices and R2 are set to 'No Redirection' in the DNS Director. Mostly pihole would respond quickest, but ~20% would be served by adguard. WAN DNS was set to auto from the ISP.

Recently I've added more demanding services to the NAS, so to lighten the load a little I set up adguard on my Home Assistant Odroid N2+ `192.168.1.105` and updated Lan -> DHCP Server -> DNS Server 1 on R1 accordingly, with nothing in DNS Server 2. When after a while I saw it wasn't responding to any queries or seeing any clients, I set it as the DNS server for my PC, and it was pinged. I set the PC back to auto DNS from the router, I turned off the rPi with pihole on it, and DNS started to get routed back to my NAS adguard instance (1.200). Stopping adguard on the NAS then stopped all DNS from working.

Currently the raspberry pi is back on, however `192.168.1.101` isn't anywhere in an R1 field except where I've assigned it that IP in DHCP. DNS is only set to `192.168.1.105`. However `nslookup` of a site always returns pihole as the server:

Server:  pi.hole
Address:  192.168.1.101

Non-authoritative answer:
Name:    google.com
Addresses:  2404:6800:400a:80a::200e
          172.217.25.174

Thinking it might be stuck in nvram, I ran

nvram show | grep dhcp_dns

which returns

dhcp_dns1_x=192.168.1.105
dhcp_dns2_x=

unless I specify nslookup google.com 192.168.1.105 in which case it returns

Server:  HomeAssistant
Address:  192.168.1.105

Non-authoritative answer:
Name:    google.com
Addresses:  2404:6800:4004:801::200e
          172.217.26.238

If I do

nvram show | grep dns

to see all DNS settings, the other relevant parts are

lan_dns=
lan_dns1_x=
lan_dns2_x=
wan0_dns=202.224.32.1 202.224.32.2
wan0_dns1_x=94.140.14.14
wan0_dns2_x=94.140.15.15
wan0_dns_r=202.224.32.1 202.224.32.2
wan0_dnsenable_x=1
wan0_xdns=
wan1_dns=
wan1_dns1_x=
wan1_dns2_x=
wan1_dnsenable_x=1
wan_dns=202.224.32.1 202.224.32.2
wan_dns1_x=94.140.14.14
wan_dns2_x=94.140.15.15
wan_dnsenable_x=1

I had played around with Dual Wan a while back but had disabled it again pretty much immediately, so I'm surprised to see that a) there's WAN, WAN0 and WAN1 and b) although the WAN DNS is set in the GUI to auto from the IP, it's displaying the built-in adguard option which as far as I remember I've never selected.

I wonder what resolv is showing, so # cat /etc/resolv.conf:

nameserver 202.224.32.1
nameserver 202.224.32.2

which are my ISP's DNS servers.

From there I wonder if it's a DHCP issue where the client lease needs to be renewed. Using my Android phone, I 'forgot' the network, removed the DHCP allocation in the router, restarted the router, restarted my phone, and it was given exactly the same IP it was previously assigned, even though there's nothing on the phone or router tying it to that. Did the same with my laptop, and got the same result, and nslookup still shows pihole (1.101) as the server.

Remember how I'm connecting to R2 via wifi? Well I connect to R1 via wifi thinking maybe something's somehow gotten cached and / or stuck in R2. Nope, nslookup still shows the DNS server as pihole.

At this point I have no idea where I'm going wrong, nor can I remember what else I did to set pihole and the NAS adguard instance as my DNS servers and have since forgotten. Any help would be greatly appreciated.

 

[dave14305]

Is there any chance DHCP is also active in pi-hole? I glossed over a lot of the post, but seems like a possibility.

 

[PTS]

Is there any chance DHCP is also active in pi-hole? I glossed over a lot of the post, but seems like a possibility.

the bit I forgot to mention... no. DHCP is still handled by the router, neither pihole nor adguard have DHCP enabled.

 

[bennor]

Because you have done so many changes in the settings along with running one or more services that could impact DNS, and because you are having trouble with things not working as you expect them to. Maybe it's time to just do a hard factory reset and reconfigure without importing a router.cfg file.

Other then that perhaps post readable screenshots of your DNS settings both WAN, LAN, DNS Director, Route, and Pi-Hole settings so others can take a look to see if anything is possibly misconfigured.

 

[PTS]

Because you have done so many changes in the settings along with running one or more services that could impact DNS, and because you are having trouble with things not working as you expect them to. Maybe it's time to just do a hard factory reset and reconfigure without importing a router.cfg file.

It's a fair point and something I was hoping to avoid, but it would make sense if nothing else can be done.

Screenshots incoming (5 is max allowed):

DHCP Server

DNS Director

Route

WAN DNS

PiHole DHCP

 

[dave14305]

Just for sanity check, login to the router over ssh and run:

grep dhcp-option /etc/dnsmasq.conf

 

[ColinTaylor]

1. Turn off DNS Director to see if that's the problem.
2. Do an ipconfig /all on your PC (I'm assuming it's Windows) and check what it has as DHCP and DNS server addresses.

 

[PTS]

Just for sanity check, login to the router over ssh and run:

grep dhcp-option /etc/dnsmasq.conf

Sanity check is always good.

dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,6,192.168.1.105
dhcp-option=lan,252,"\n"
dhcp-option=br1,3,192.168.101.1
dhcp-option=br2,3,192.168.102.1
dhcp-option=tag:80:F3:EF:34:67:80,6,1.1.1.1
dhcp-option=tag:48:B4:23:3B:41:53,6,8.8.8.8

1. Turn off DNS Director to see if that's the problem.
2. Do an ipconfig /all on your PC (I'm assuming it's Windows) and check what it has as DHCP and DNS server addresses.

1. Turned it off, restarted router, no change
2. I reset the network adapters so it was forced to get a new lease before doing this:

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
   Physical Address. . . . . . . . . : blah
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : blah
   IPv4 Address. . . . . . . . . . . : 192.168.1.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 24 February 2024 12:53:28
   Lease Expires . . . . . . . . . . : 25 February 2024 12:53:27
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : blah
   DHCPv6 Client DUID. . . . . . . . : blah
   DNS Servers . . . . . . . . . . . : 192.168.1.101
                                       192.168.1.200
   NetBIOS over Tcpip. . . . . . . . : Enabled

I have no idea why the router is still handing out the old DNS servers / why the laptop would still have them listed as DNS. Below are screenshots for my WiFi and Ethernet adapters to show I've not set them there.

 

[dave14305]

That is very odd. How about:

grep -E "1\.101|1\.200" /etc/dnsmasq.conf /jffs/configs/dnsmasq.conf* /jffs/scripts/dnsmasq.postconf

I would install Wireshark on the PC and capture DHCP traffic to see if any unexpected MAC addresses are sending DHCP replies during a release/renew.

Since the PC got a .11 address, can we assume it’s a reservation on the LAN DHCP page? Your range starts at 201, so just want to understand.

 

[PTS]

Since the PC got a .11 address, can we assume it’s a reservation on the LAN DHCP page? Your range starts at 201, so just want to understand.

Got it in one

Grep response:

/etc/dnsmasq.conf:dhcp-option=lan,6,192.168.1.105
/etc/dnsmasq.conf:dhcp-host=B8:27:EB:BE:5B:BD,set:B8:27:EB:BE:5B:BD,rPiZero,192.168.1.101
/etc/dnsmasq.conf:dhcp-host=02:42:C0:A8:01:C8,set:02:42:C0:A8:01:C8,Adguard,192.168.1.200
grep: /jffs/configs/dnsmasq.conf*: No such file or directory
grep: /jffs/scripts/dnsmasq.postconf: No such file or directory

I'll be able to take a look at Wireshark shortly, but wanted to get this back to you now.

 

[PTS]

I would install Wireshark on the PC and capture DHCP traffic to see if any unexpected MAC addresses are sending DHCP replies during a release/renew.

Just got around to this. I only know basics, but it looks normal / expected to me, mac addresses are for the router and my laptop:

Is there anywhere else/anything else I should be looking at in Wireshark?

 

[ColinTaylor]

Is there anywhere else/anything else I should be looking at in Wireshark?

Look at DHCP option 6 returned by the ACK. If it's not there look at DHCP option 55 in the REQUEST.

 

[PTS]

A

Look at DHCP option 6 returned by the ACK. If it's not there look at DHCP option 55 in the REQUEST.

Ah yes, there it is...

I'm not seeing anything else except traffic between router and laptop here though, so it seems to validate the idea that the router is still giving out the 101 and 200 DNS for some reason.

 

[dave14305]

I'm not seeing anything else except traffic between router and laptop here though, so it seems to validate the idea that the router is still giving out the 101 and 200 DNS for some reason.

Interesting. Please post your full /etc/dnsmasq.conf.

 

[PTS]

Interesting. Please post your full /etc/dnsmasq.conf.

This is it but I've removed the client names/hostnames except for what we've already spoken about. No need for the world to know everything I have DHCP reservations for on my LAN.

pid-file=/var/run/dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
interface=pptp*
no-dhcp-interface=pptp*
no-resolv
servers-file=/tmp/resolv.dnsmasq
no-poll
no-negcache
cache-size=1500
min-port=4096
dns-forward-max=1500
bogus-priv
domain-needed
dhcp-range=lan,192.168.1.201,192.168.1.254,255.255.255.0,86400s
dhcp-option=lan,3,192.168.1.1
dhcp-option=lan,6,192.168.1.105
dhcp-option=lan,252,"\n"
dhcp-authoritative
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1
dhcp-host=B8:27:EB:BE:5B:BD,set:B8:27:EB:BE:5B:BD,rPiZero,192.168.1.101
dhcp-host=50:14:79:13:7E:33,set:50:14:79:13:7E:33,192.168.1.60
dhcp-host=50:14:79:18:FD:09,set:50:14:79:18:FD:09,192.168.1.61
dhcp-host=34:97:F6:5F:42:38,set:34:97:F6:5F:42:38,RT68u,192.168.1.3
dhcp-host=02:42:C0:A8:01:C8,set:02:42:C0:A8:01:C8,Adguard,192.168.1.200
dhcp-host=04:4E:AF:2C:8C:EC,set:04:4E:AF:2C:8C:EC,192.168.1.103
dhcp-host=2C:54:91:0F:75:50,set:2C:54:91:0F:75:50,192.168.1.51
dhcp-host=80:FA:5B:7C:69:B2,set:80:FA:5B:7C:69:B2,[laptop]192.168.1.11
dhcp-host=DA:DE:58:CC:79:23,set:DA:DE:58:CC:79:23,192.168.1.31
dhcp-host=AA:0B:78:51:4C:E4,set:AA:0B:78:51:4C:E4,192.168.1.30
dhcp-host=02:42:C0:A8:01:C7,set:02:42:C0:A8:01:C7,192.168.1.199
dhcp-option=tag:80:F3:EF:34:67:80,6,1.1.1.1
dhcp-host=80:F3:EF:34:67:80,set:80:F3:EF:34:67:80,192.168.1.52
dhcp-host=08:12:A5:B5:3A:B4,set:08:12:A5:B5:3A:B4,192.168.1.42
dhcp-host=94:3A:91:E8:9A:73,set:94:3A:91:E8:9A:73,192.168.1.41
dhcp-host=64:76:BA:97:62:1A,set:64:76:BA:97:62:1A,192.168.1.12
dhcp-host=64:CC:22:09:20:A6,set:64:CC:22:09:20:A6,192.168.1.104
dhcp-host=F8:D0:27:18:64:B0,set:F8:D0:27:18:64:B0,Printer,192.168.1.110
dhcp-host=C8:4A:A0:54:2D:BF,set:C8:4A:A0:54:2D:BF,192.168.1.50
dhcp-host=1A:5A:7A:43:28:B2,set:1A:5A:7A:43:28:B2,192.168.1.33
dhcp-host=DE:D6:CC:46:82:B0,set:DE:D6:CC:46:82:B0,192.168.1.34
dhcp-host=7C:B5:66:DE:B3:77,set:7C:B5:66:DE:B3:77,192.168.1.19
dhcp-host=B0:BE:83:7F:C5:5F,set:B0:BE:83:7F:C5:5F,192.168.1.15
dhcp-host=D0:73:D5:13:DE:C4,set:D0:73:D5:13:DE:C4,192.168.1.120
dhcp-host=3C:61:05:2A:F2:8C,set:3C:61:05:2A:F2:8C,192.168.1.130
dhcp-host=3C:61:05:28:C6:DC,set:3C:61:05:28:C6:DC,192.168.1.131
dhcp-host=3C:61:05:2A:FA:44,set:3C:61:05:2A:FA:44,192.168.1.132
dhcp-host=3C:61:05:28:C9:6C,set:3C:61:05:28:C9:6C,192.168.1.133
dhcp-host=D0:73:D5:13:AF:4B,set:D0:73:D5:13:AF:4B,192.168.1.142
dhcp-host=D0:73:D5:13:C0:E2,set:D0:73:D5:13:C0:E2,192.168.1.140
dhcp-host=D0:73:D5:13:E5:F2,set:D0:73:D5:13:E5:F2,192.168.1.141
dhcp-host=D0:73:D5:13:D1:A5,set:D0:73:D5:13:D1:A5,192.168.1.143
dhcp-host=00:1E:06:42:D0:0F,set:00:1E:06:42:D0:0F,HomeAssistant,192.168.1.105
dhcp-host=3E:87:D0:96:2D:7C,set:3E:87:D0:96:2D:7C,192.168.1.21
dhcp-host=B0:CE:18:AE:1B:1E,set:B0:CE:18:AE:1B:1E,192.168.1.144
dhcp-host=B0:CE:18:AE:2B:D6,set:B0:CE:18:AE:2B:D6,192.168.1.145
dhcp-host=B0:CE:18:AE:2A:F7,set:B0:CE:18:AE:2A:F7,192.168.1.146
dhcp-host=B0:CE:18:AE:28:F5,set:B0:CE:18:AE:28:F5,192.168.1.147
dhcp-host=B0:CE:18:AE:29:31,set:B0:CE:18:AE:29:31,192.168.1.148
dhcp-host=B0:CE:18:AE:1B:EC,set:B0:CE:18:AE:1B:EC,192.168.1.149
dhcp-host=58:B6:23:4D:97:EB,set:58:B6:23:4D:97:EB,192.168.1.150
dhcp-host=B0:CE:18:AE:1D:BC,set:B0:CE:18:AE:1D:BC,192.168.1.151
dhcp-host=B0:CE:18:AE:22:25,set:B0:CE:18:AE:22:25,192.168.1.152
dhcp-host=08:84:9D:52:38:42,set:08:84:9D:52:38:42,192.168.1.36
dhcp-option=tag:48:B4:23:3B:41:53,6,8.8.8.8
dhcp-host=48:B4:23:3B:41:53,set:48:B4:23:3B:41:53,192.168.1.40
dhcp-host=08:B6:1F:7F:79:58,set:08:B6:1F:7F:79:58,192.168.1.134
dhcp-host=EC:0B:AE:99:18:73,set:EC:0B:AE:99:18:73,192.168.1.106
dhcp-host=08:B6:1F:7E:C2:FC,set:08:B6:1F:7E:C2:FC,192.168.1.135
dhcp-host=64:B7:08:88:8A:38,set:64:B7:08:88:8A:38,192.168.1.136
dhcp-host=5A:71:E2:64:7A:89,set:5A:71:E2:64:7A:89,192.168.1.20
address=/use-application-dns.net/
address=/_dns.resolver.arpa/
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
edns-packet-max=1232

 

[ColinTaylor]

I can only think that your router is running another DHCP server. Can you confirm the output of this command:

# netstat -nlp | grep ":67 "
udp        0      0 0.0.0.0:67              0.0.0.0:*                           21016/dnsmasq

 

[PTS]

I can only think that your router is running another DHCP server. Can you confirm the output of this command:

# netstat -nlp | grep ":67 "
udp        0      0 0.0.0.0:67              0.0.0.0:*                           21016/dnsmasq

My output is

udp        0      0 0.0.0.0:67              0.0.0.0:*                           2406/dnsmasq

 

[ColinTaylor]

OK that looks fine. Just to be 110% sure, how about this:

# /usr/bin/find / -name dnsmasq
/usr/sbin/dnsmasq

 

[PTS]

OK that looks fine. Just to be 110% sure, how about this:

# /usr/bin/find / -name dnsmasq
/usr/sbin/dnsmasq

Yes, it returns /usr/sbin/dnsmasq

 

[ColinTaylor]

I'm running out of ideas. Can we confirm the router's MAC address and dnsmasq process:

ps w | grep [d]nsmasq
ifconfig br0