WAN DNS not propagated to DHCP Clients

Redyellow · March 29, 2020, 10:17am

I am running a MOX classic with Turris OS 4.05.

currently I am a bit puzzled why the WAN DNS is not propagated to any interface that I have setup.

I have a regular LAN (port 1-3 + wifi) and a VLAN (port 4 only) and for both I need to setup DHCP option 6 in order to have DHCP propagate a DNS Server. If I don’t set this option DHCP does not propagate a DNS at all.

What could cause this problem?

vcunat · March 29, 2020, 3:57pm

I don’t think I can really help you, but the default is to announce Turris address as the DNS server via DHCP, i.e. DNS WAN is used only indirectly through forwarding. (IIRC plaintext forwarding to WAN DNS is still the default.)

Redyellow · March 29, 2020, 4:52pm

I have looked it into the problem again.
It seems like as default only the IPv6 address is propagated which seems not be sufficient.

vcunat · March 29, 2020, 6:19pm

Well, I don’t understand DHCP* stuff, but my almost-default Omnia on 4.0.6 does provide me with one IPv6 (fd**) and one IPv4 (192.168.**).

Redyellow · March 30, 2020, 11:27am

Would you mind showing me your /etc/config/dhcp ?

It would like to compare. I will also post mine shortly.

anon50890781 · March 30, 2020, 12:43pm

It probably bears down to the hybrid deployments in OpenWrt and the patchset in TOS:

OpenWrt

hybrid DHCPv4/DNS via dnsmasq as default
DHCPv6 via odhcpd as default
(L)UCI for configuration, another hybrid since part of it manipulating the UCI network section and another part the UCI dhcp section

TOS

DHCPv4 via dnsmasq as default
DHCPv6 via odhcpd as default
DNS via kresd by default (dnsmasq for DNS turned off)
Foris for configuration (which not always aligns with UCI) with underlying resolver for DNS configuration

By default in OpenWrt the ISP’s DNS sever is set and can be controlled (peerdns | dns) via (L)UCI in the network section. This glues/ties it with dnsmasq and eventually propagates the DNS server to clients.

Since dnsmasq's DNS functionality is turned off in TOS not every thing done in LuCI applies the same as in OpenWrt.

One can get easily tangled up in all of this hybrid jungle and start wondering what is what. For my part:

not using LuCI or Foris for any network/dns/dhcp configuration
removed dnsmasq
utilise odhcpd for DHCPv4|6 which propagates the local DNS resolver instance to clients
utilise undbound as local DNS resolver instance that does not listen globally but only on the lo and each other dhcp subnet

vcunat · March 30, 2020, 1:35pm

The relevant part is here, with Turris.IPv4.address “replaced”:

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option dhcpv6 'server'
        option ra 'server'
        option ignore '0'
        option leasetime '43200'
        list dhcp_option '6,Turris.IPv4.address'

Redyellow · March 30, 2020, 7:05pm

Mine is

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option dhcpv6 'server'
        option ra 'server'
        option ignore '0'
        option leasetime '43200'
        list dhcp_option '6,8.8.8.8,8.8.4.4'

Interestingly after taking this option out in LUCI it was still working as I have this DNS also set for WAN.

@anon50890781: Thank you! I think this is the explanation why this is happened. I was totally not aware of that. I will keep that in mind when configuring.