On Wed, 30 Sep 2020 at 08:40, Mark Rogers mark@more-solutions.co.uk wrote:
Part of my problem is finding a way to describe what is happening to ask Google and get a meaningful answer. It seems that dnsmasq is blocking local IP responses from non-local DNS servers (maybe there's a securty reason to do so but if so surely there's a way to turn that off if such responses are valid?)
Re-reading the dnsmasq docs, I think this is the key:
--stop-dns-rebind Reject (and log) addresses from upstream nameservers which are in the private ranges. This blocks an attack where a browser behind a firewall is used to probe machines on the local network. For IPv6, the private range covers the IPv4-mapped addresses in private space plus all link-local (LL) and site-local (ULA) addresses.
Turning off rebind protection within OpenWRT seems to have fixed my issue.