Router DNS server not working

[blava_b]

It appears that the built in DNS server on my router has stopped responding to queries. All my networking appears to be working fine and as long as I have DCHP configured to not use the router to resolve DNS everything works just fine. Any ideas on how to troubleshoot this?

I am running the current version of Asuswrt-Merlin.

Any help would be appreciated.

Thank you,

 

[bbunge]

What are your WAN/DNS Server settings? Are you using DoT/DNSSEC? Is LAN/DNS Filter turned on and if so to what?

Did the same test on my router and it works fine.

 

[blava_b]

Here you go:

 

[Mutzli]

Try with DNS filter turned on and global filter pointing to router:

 

[dave14305]

Try with DNS filter turned on and global filter pointing to router:
View attachment 31750

His screenshot shows that a LAN DHCP DNS server is set (based on the warning under DNS Privacy). So DNS Filter will force queries to the LAN DHCP DNS server instead of the router.

 

[blava_b]

Thank you for the advice, but forcing DHCP to use the WAN DNS settings isn't going to solve my problem. I need to get DNS working properly on the router. As it is right now it won't respond to DNS queries over port 53 at all. I need to get DNS on the router working.

 

[dave14305]

Running these commands on the router over SSH might help understand what's happening on the router end.

ps | grep dnsmasq
netstat -nltup | grep dnsmasq$
cat /etc/dnsmasq.conf
nslookup www.snbforums.com 127.0.0.1

 

[blava_b]

 

[blava_b]

I keep getting an error from the forums when I try to attach my dnsmasq.conf file or cut and paste it as text.

 

[blava_b]

Couldn't get the upload of the file to work, so I took screenshots.

 

[dave14305]

Which subnet is your Apollo machine on? You have 0, 2 and 5. Are you using the correct router address to reach the DNS server from the subnet? Are you running YazFi to customize your guest networks?

 

[blava_b]

Which subnet is your Apollo machine on? You have 0, 2 and 5. Are you using the correct router address to reach the DNS server from the subnet? Are you running YazFi to customize your guest networks?

It's running on the .0 subnet. Yes YazFi was used to customize the guest networks.

 

[blava_b]

FYI, just to eliminate something "odd" going on with my network switches, I've plugged my computer directly into a port on the router instead of one of the switches. Same results.

And just to confirm, you can see that Apollo is using the correct IP addresses for its subnet.

 

[dave14305]

We need reinforcements. @Jack Yaz #notjacksfault

 

[Jack Yaz]

where has add-mac and add-subnet come from? did you install NextDNS at any point?

also please post screenshots of LAN -> DNSFilter and output of iptables -S INPUT

 

[dave14305]

where has add-mac and add-subnet come from? did you install NextDNS at any point?

Might also be for Pi-Hole...

 

[blava_b]

Add-mac and add-subnet were for Pi-hole, which is currently turned off.

 

[Jack Yaz]

what are those rules for UDP port 53? I don't recognise them and they appear that they will block anything not matching that hex string, whatever it means

 

[ColinTaylor]

The hex string = "asus.com"

https://github.com/RMerl/asuswrt-merlin.ng/blob/02bef5d2a4d3d0bd60fde5a9549f7dd5bd565515/release/src/router/rc/firewall.c#L3044

He appears to have a URL whitelist active (asus.com is always allowed).

 

[juched]

what are those rules for UDP port 53? I don't recognise them and they appear that they will block anything not matching that hex string, whatever it means

Yup, that would appear to be it, as the next rule drops everything which goes to port 53 on br0.