Wireguard Client with custom DNS not resolving *.lan domains

Hi everyone

I got a Beryl AX router and use a Wireguard connection into my home network with my piholes as custom dns servers in the wireguard config.
It mostly works except for domains with the domain .lan (for example gitlab.felix.lan), they are not resolved. Other custom entries are not problem (for example gitlab.felix).

Does anyone have an idea why and how to configure it in the admin ui or in the openwrt ui?

  • DNS rebinding is disabled
  • i tried all current firmwares, stable, beta, op24 and snapshot

It is looks like DHCP with hostname and dns are different.
Have look in Luci > Network > DHCP > general and another tap hostnames

1 Like

ok, what would you suggest as a solution? Putting a static copy of all my DNS entries into the hostname list is not really a practical solution. I already tried deleting the lan from the Resolve locally and local domain fields but it still did not want to resolve the domains upstream :frowning:

So where did you define your static DNS entries so far?

in my two pihole instances running as dns resolvers in sync in my homelab. they are referenced as DNS servers in my wireguard client conf

Does have pihole DHCP? If yes then gl router turn off dhcp server and dns manual address to pihole.

I have a DHCP in my home network but doen't the beryl ax wireguard client have to run internal dhcp anyways to control the remote clients before tunneling the traffic? The router acting as client has a assigned IP it gets, but the beryl wifi clients are a dedicated network independent from that

also with totally different ip ranges etc

its already forwarding all DNS requests its just the *.lan Domain...

With the new 4.7.0 snapshots its still the same problem

Adguard home only.
Private Adguard dns will blocked.

I belive pi hole same thing, just add normal syntax etc/host your rules. Even not using dhcp :+1:t2:

As far as I can see this has nothing to do with my problem. I am not using adguard on my Beryl. It seems to be a openwrt routing issue. And editing the local hosts files of all clients defends the purpose of having a DNS server :frowning:

I want to know:

  1. What is the subnet of the Wireguard connection
  2. What is the subnet of your Home network
  3. Your wireguard config (pls remove endpoint and keys)

Hi @alzhao no problem.


  • Wireguard internal
  • Homenetwork:
  • Beryl AX:


PrivateKey = xxxx
Address =
DNS =,

PublicKey = xxxxx
PresharedKey = xxxxx
AllowedIPs =, ::/0
PersistentKeepalive = 0
Endpoint = <domain>:<port>

Thanks for your help

It seems to me everything is ok.

Can you confirm that is also, which is the Pi hole serving as Wireguard server and dns server. and are the pihole machines. The Wireguard server is running on aswell with the WG internal IP

I wonder if you can pm me a Wireguard config to test.

You can also change dns serve to in your wireguard

I will try to setup a similar setup on a vps for you. What confuses me is that everything works and is resolved by my dns resolvers (internet entries and also local custom ones) just the *.lan is a problem.

I tried around with the /lan/ entries in the openwrt dhcp interface but it did not help either. I suspect its something in openwrt and the internal use of .lan as (local)domain for the Beryl ax internal network.

When I use the same wireguard config files on my laptops and phones directly theres no problem, so this is defnitly a problem with your products internal configuration

These are not routers and didn't add extra layer. So don't think they will behave the same.

I tested my setup locally and I can resolve local dns. So must try out the same setup as yours.

That is correct but if there was a general alyer problem I would expect all local domains or DNS in general not to work. Are you able to resolve *.lan domains from an upstream network in your test?

Thanks for taking your time to help :slight_smile:

Yes. I used two GL routers to do the test locally. Which is not totally the same as yours so have to try yours.