RT-AC86U can only resolve local names

[BillP]

I Am running 384.12 of asuswrt-merlin and have set it up as a wireless router although I have no need for the WAN port because I have an upstream router (on a lan port) doing that job. I had to add a static route with metric 1 to access all addresses outside the local network via that upstream gateway.

I can ping the upstream dns servers. I can resolve hostnames setup through the local shop, but I cannot resolve anything else.

I have tried it with WAN enabled and with it disabled. Not sure what I am missing.

Any help would be appreciated.

Thanks

 

[ColinTaylor]

If you're not using the Asus as a router why have you configured it as such. This is just going to cause conflicts between the DHCP and DNS servers on the Asus and your gateway router.

 

[BillP]

Hi Colin:

Thanks for your response. Good question.

I am replacing a device that has failed that was running ddwrt. I was using that device to provide a wireless access point, dhcp, local dns (using dnsmasq) and caching dns entries for one of three subnets behind my main gateway / router / security device. The other subnets have their own DNS (among other services)...

I can't seem to configure the dns to forward to an upstream dns when the name is for a host outside my network. Everything else seems to work.

 

[ColinTaylor]

OK thanks for the info.

So it sounds like this router is part of a completely independent subnet with it's own DHCP server, DNS server and DNS domain name?

So how are you connecting this subnet to the upstream (or other) subnets if you are not using this device as a router? Do you have another router between this subnet and the others? Is there any particular reason you don't want to use the Asus as a router?

Maybe it's easier to describe how you had the DD-WRT device configured.

 

[BillP]

Yes, you are correct. In fact I have no need for a route between this subnets and the others (it's just for home entertainment, streaming, browsing the web, etc.).

This device would be connected to a simple switch that is also connected on an interface of the main router. So this switch is used for the 192.168.10.x subnet. The main router exposes the .1 IP address of the subnet as the gateway. So I connect a lan port of this device to the same switch and specify 192.168.10.1 as the gateway in the dhcp settings.

Since I am not using the WAN port on the device, I don't think I need it enabled, but I remember I had to have WAN enabled for some reason for ddwrt to work... in any case I have tried it both ways, with the WAN setup with the same ip address and dns settings as on the lan page.

Does this help?

 

[ColinTaylor]

OK that's a bit different.

So it sounds like the Asus (and any devices connected to it) are not on a separate subnet from your main router/gateway. So your main subnet is 192.168.10.x and the main router is at 192.168.10.1. So the Asus and any devices connected to it will also be on 192.168.10.x. Correct?

Assuming the above is true, where are the current DHCP and DNS servers for the 192.168.10.x subnet? Or do you not have any and that is what you want the Asus to do? (Bear in mind that there can only be one DHCP server on a subnet.)

 

[BillP]

The main router is configured to expose a separate subnet on each of its interfaces, each with a gateway address in that subnet, but for all intents and purposes, within this subnet you are correct - the gateway address of the router is in the same subnet.

This device will be the only dhcp and dns server on the subnet.

 

[ColinTaylor]

I think I understand now and also why you had to enable WAN and router mode for your DD-WRT box.

As you said previously, ideally you want the Asus to just be an access point + a DHCP/DNS server. Unfortunately that's not possible* with Asuswrt, it just wasn't designed to work in that configuration.

The only easy way to do this is to put the Asus into router mode and then connect the Asus' WAN port directly to the main router's switch port. As the routing between the two devices' subnets would now be handled by the Asus you'd need to reconfigure the port on the main router so that it wasn't a gateway (router) anymore. Is that something worth pursuing or do have have other constraints on that design? You said there is another switch connected between the Asus and the main router. That would have to be removed.



* Well it is technically possible but it involves a lot of hard work and it's a horrible botch. See my posts here, here, here and here!

 

[BillP]

Unfortunately, the switch carries all the wired devices on the subnet, and the Asus is placed at a location that is more appropriate for Wi-Fi signal propagation, far from the patch panel main router and switch.

 

[ColinTaylor]

I think there are two problems. First is that for DHCP/DNS to be running on the Asus it must be in "router" mode. The second is that in router mode the Asus expects the WAN port to be connected to another network (duh) and that network is the default route for anything running on the router (e.g. dnsmasq).

So, as a wild guess, try this:

Setup the Asus in router mode, but with nothing plugged into the WAN port.

Turn off the WAN connection (WAN > Internet Connection > Enable WAN)

Manually set the WAN DNS addresses to your upstream servers (WAN > Internet Connection > Connect to DNS Server automatically = No)

Spoiler: Problem

I think the problem here is that after the router is rebooted the config file that contains the upstream DNS servers is not recreated. Unfortunately I don't run this firmware version and it's behaviour was changed recently so I can't check this. I think that instead of setting the WAN DNS servers in the GUI you'll have to create a custom script that inserts them directly into dnsmasq.conf like this.

Configure the router's LAN address (LAN > LAN IP) as something like 192.168.10.2.

Configure the other LAN DHCP settings as required

Create a default route to your gateway address (LAN > Route) as follows:

Connect one of the router's LAN ports to the upstream gateway/switch.


If that doesn't work you could always use the normal LAN > DHCP settings to instruct the clients to directly query the upstream servers instead of using the router. You would of course lose the ability to resolve local host names.

 

[BillP]

Hi Colin:

First off, thanks for your efforts on this.

The configuration you suggested is pretty much where I had settled, including the custom route but without setting the WAN IP address to something upstream. That last bit didn't seem to affect the behaviour, and I have been running without the local DNS as you pointed out at the end of your post.

I suspect you are right about the upstream DNS in the dnsmasq config file being lost on reboot.

I will look into the custom script (there are other items I would also like to insert there if I go that route) but my fall back will be to flash a linksys wifi router to ddwrt (one I am using on one of the other subnets of my network) and swap it with the Asus, as I only need these features on this one subnet.

Thanks again!

 

[BillP]

BTW I just stumbled across a setting in the tools>other settings tab, named "WAN: Use local caching DNS server as System resolver". It was set to default "no", but doesn't seem to change the behaviour with the WAN disabled.

Any guess if this might work if the WAN is enabled but unplugged?

 

[ColinTaylor]

BTW I just stumbled across a setting in the tools>other settings tab, named "WAN: Use local caching DNS server as System resolver". It was set to default "no", but doesn't seem to change the behaviour with the WAN disabled.

Any guess if this might work if the WAN is enabled but unplugged?

Yes, that was the "changed behaviour" I was referring to in my previous post. In your case I don't think it will make any difference. It was really introduced as a consequence of a problem with the DoT implementation.