Joined: 03 Jan 2017 Posts: 49 Location: Lindau, Germany
Posted: Tue Aug 15, 2017 8:01 Post subject: Re: DDWRT, can resolve internet, but not domain
puffel wrote:
In a corp. domain. Using ddwrt to setup my private subnet for testing.
I guess your setup seems similar to mine: DD-WRT router (with local subnet 192.168.1.0/24) behind upstream router (with own subnet 192.168.178.0/24). The DD-WRT router is connected via WAN port to the upstream router which is a Fritz Box.
Quote:
However, I cannot get the host name in domain (WAN side of DDWRT) resolved.
Also, the -stop-dns-rebind is configured.
The GUI entry "No DNS Rebind" results in the dnsmasq parameter "stop-dns-rebind". From the man pages of dnsmasq (I found that they fit well to the DD-WRT implementation):
--stop-dns-rebind
Reject (and log) addresses from upstream nameservers which are in the private IP ranges. This blocks an attack where a browser behind a firewall is used to probe machines on the local network.
My solution (running current KONG build 33010):
As I want to use "No DNS Rebind" and want to access the upstream router with "fritz.box" as well, I added the following parameters to "Additional DNSMasq Options":
The first parameter prevents dnsmasq from using the upstream DNS servers addresses (e.g. via DHCP) or the locally defined one (for me: just to be sure). But be aware: You have to specify all servers locally by server statement like: server=8.8.8.8 (e.g. for Googles DNS) as dnsmasq has no other source for getting the nameserver IP.
The other two entries tell dnsmasq to allow rebind access to the upstream domain. And I have to tell dnsmasq that the names of the upstream domain are resolved by the upstream nameserver running at 192.168.178.1.