Change in DNS Behaviour between Turris 5.2 and 5.1.x

There seems to have been a change in the behaviour of DNS between turris 5.1.x and 5.2. But right now I cannot pinpoint the change. Thus I share my thoughts about this change here.

In Turris 5.1.x I had servers running outside of my lan and inside of my lan, both available under the same domain name. The servers inside my lan are added from the DHCP table and this custom.conf of kresd:

--- /etc/kresd/custom.conf 
local lan_rule = policy.add(policy.suffix(policy.STUB(''), policy.todnames({'',''})))
table.insert(policy.rules, 1, lan_rule)

(I substituted my domain with in this example)

Now (Turris 5.1.x) I can reach my webmailer in the outside world under as well as my internal NAS which does only exist in LAN by it’s domain name

In turris 5.2 this does not work anymore. It seems like the meaning or interpretation of “local domain” and “local server” (as configured in /etc/config/dhcp) has changed.

For instance:
If I specify as my local server a ping to nas gets extended to despite of the local domain having the value
If I leave local server empty, a ping to nas gets extended to This is the expected behaviour. But queries to the domain would now be forwarded to the outside world (at least according to the documentation)

So, I assume the value in local server somehow interrupts with local domain.

I think all your blocking issues are with dnsmasq configuration which I do not know well, but let me post a couple other minor points that I’ve noticed:

  • Using port 5353 this way feels… risky to me. It’s allocated for the mDNS protocol (e.g. avahi) that is relevant to LAN and even has very similar wire-format, but it’s a different protocol.
  • The kresd configuration hack with deletion and reinsertion shouldn’t be needed anymore (for a very long time, since TOS 4.0.0 in most cases, 5.0.0 possibly in some others).
1 Like

Thank you very much for your kind reply.

You are very right. I noticed that whilst debugging this night, and changed the port.

Well then, let`s see what happens when I remove the custom config and tick that “DHCP checkbox” in reForis’ DNS settings.

Edit: if this works as expected I’ll try to dive into the dnsmasq configuration.

It shouldn’t make a difference; it’s just unnecessary anymore.

I removed the custom configuration, and rebooted the router as well as the client. It suddenly works as expected again. I have no idea what caused this hickup. Maybe it was just to late at night for me.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.