[ RESULT ]
ping to external domains does NOT work.
Gone through the wiki pages. Can't pint point a way to address this issue where /etc/resolv.conf also reflects the proper DNS servers so domains can also be resolved from the CLI. (192.168.0.13 is the IP of the router where these settings reside.)
"dhcp-option=option:domain-search" also does nothing. Per the wiki, it should?
Joined: 16 Nov 2015 Posts: 6439 Location: UK, London, just across the river..
Posted: Fri Dec 02, 2022 7:35 Post subject:
hmm first things first...not bad to update to the last version 50963 as it contains vital dnsmasq and other security fixes..
not very clear the final goal of your effort but...i can see you are using VPN tun2
and those dns servers fetched either from your ISP or the router ahead, or your VPN
or you have them specified in the static dns x3 boxes
to not fetch dns servers you must use no-resolv command in dnsmasq than specify your set of servers
server=9.9.9.9 for example...
to stop VPN to push their VPN dns you use this command in advanced VPN config
pull-filter ignore "dhcp-option DNS"
if you disable DHCP and DNSmasq than something external must do all those as advanced dnsmasq option
box will not use those commands i guess...but im not entirely sure...as i cant test those..
you have to point to this external dhcp&dns resolver via the static config and those will not be created too cat /tmp/resolv.dnsmasq
i dont have time and routers around to try few things so, that's all i can say atm
haven't got my coffee neither... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Thanks Alozaros! Will try an update to 50963 possibly this weekend. I'll try the other suggestions as well. (The VPN bits were extra but they're not really at the core of what I'm after.)
In regards to the final goal. I wish to be able to ping / resolve out of my router. However, when I enable DNSmasq, it changes /etc/resolv.conf, populating instead /tmp/resolv.dnsmasq. This doesn't work to resolve from the cli since /etc/resolv.conf now has been replaced by the router's IP which isn't running a DNS server.
I'm trying to move off of using SFE and as a result, I'm looking for an alternative way to handle DNS requests. I've provided more details in those posts. You might have replied to one of them.
The DHCP domain-search option is also not working. No additional domains are specified in /etc/resolv.conf nor /tmp/resolv.dnsmasq. _________________ Cheers, TK
------------------------
The IP address of the router is still in /etc/resolv.conf and so pings from inside the router naturally fail.
Doesn't appear I can use DNSmasq and be able to ping / resolve off the same router. Disabled DNSmasq and kept DHCP in "disabled" mode. ( SFE Off ). Resolution and connectivity through or from within the router is fine in when set like this. _________________ Cheers, TK
------------------------
Last edited by tkmds on Sat Dec 03, 2022 6:13; edited 1 time in total
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Sat Dec 03, 2022 16:12 Post subject:
I don't know about other readers, but (and I'm still working on coffee intake!) I'm still finding your goals and approach very confusing. It feels like you are overcomplicating things greatly.
If you check the dnsmasq for DNS box (and not the Unbound or Smart DNS boxes), and in the dnsmasq options include ONLY
no-resolv
server=9.9.9.9
then you will certainly be able to resolve from the CLI using nslookup. nslookup will show the router IP as the resolver, but the resolutions will be going through dnsmasq and on to Quad9. (I can even confirm this by using ssh -L and browser-proxying trickery so that I can visit dnsleaktest.com "in" the CLI.) In that case, resolv.conf will contain the usual lines, but they will be ignored per the no-resolv command.
What am I missing? (Or what were you missing?) _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 16 Nov 2015 Posts: 6439 Location: UK, London, just across the river..
Posted: Sun Dec 04, 2022 8:21 Post subject:
This is the main thread about pi external DNS so the idea is the same...
Not bad idea to read the forum guidelines..and learn how to start a new thread and provide details...
Router model / Firmware number is a must...
Do we know your router model ?? not all the routers have the same functionality, although your case should be not a concern...
Also post a pic of your set up makes this easy... we need pic of your basic set up and services page..
cover the sensitive data...to me it smells like a settings based issue...
pictures can say a thousand words.... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Let's use this thread which is closer to the issue at hand. I had another one for SIRQ recently but that one went cold, however this second one below has all the info:
Joined: 16 Nov 2015 Posts: 6439 Location: UK, London, just across the river..
Posted: Sun Dec 04, 2022 18:08 Post subject:
tkmds wrote:
Let's use this thread which is closer to the issue at hand. I had another one for SIRQ recently but that one went cold, however this second one below has all the info:
I should have stuck with one I suppose. Sorry for the confusion.
yep it seems a very confused and overcomplicated set up...now posting that link creates more confusion...of your final goal...Im confused...
IF SFE breaks thing's and its known it does...do not use it...if your router is unable to handle your pipe and SFE helps, but breaks things, than you'd need a more powerful router that will handle without SFE...
In the link I posted above is how to handle external pi-DNS with DDWRT router... it's a simple and it does work for any external DNS that you want to use...if you do a search in google or forum about DNSmasq solutions you will find an answer... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913