On Tue, 29 Sep 2020 at 17:39, mick mbm@rlogin.net wrote:
Try adding your local addresses to the static hosts file on the router and make sure that your resolv.conf (or whatever resolver routines you use) point to the openwrt router and that router can correctly resolve local addresses.
I'm reluctant to add the addresses elsewhere (it defeats the point of having DNS, I might as well add them to hosts on my laptop!), but I might be left with no choice. But if so I'd like to understand why.
I know the authoratative DNS is set up correctly as I can resolve the hosts using dig/nslookup from my laptop (Win10, using nslookup under Windows and dig under WSL, although I now find that nslookup under WSl fails). If I try the same from the router, it queries 127.0.0.1 (dnsmasq) and gets no response. If I tell it to use Google's DNS at 8.8.8.8 it works, though, so it definitely seems to be a configuration issue within dnsmasq. (And it can resolve other hosts on the same domain that aren't 192.168.x.x addresses.)
I just tried using dig from my Ubuntu desktop (behind same router) where both nslookup and dig fail. The Ubuntu box is itself, of-course, using dnsmasq.
Part of my problem is finding a way to describe what is happening to ask Google and get a meaningful answer. It seems that dnsmasq is blocking local IP responses from non-local DNS servers (maybe there's a securty reason to do so but if so surely there's a way to turn that off if such responses are valid?)
I have a siilar setup, but I have two separate internal networks, each with their own DNS server running DNSmasq (and stubby for DNS encryption) I have no trouble resolving internal addresses.
Is dnsmasq ever resolving a local IP from a non-local DNS server in your configuration? (I think that's the key here.)
Obviously all my comments regarding example.com are to avoid referencing the real hosts but I think maybe a real example might help, so I have just set up: alugtest.msl-office.co.uk => 192.168.0.100 Its authoritative DNS is ns.123-reg.co.uk and I just verified that it is live there now but it may take a little while to propagate beyond that. I'd be interested to know who can/can't resolve it. (Google's DNS also resolve it correctly as I write this.)