Wireguard Client with custom DNS not resolving *.lan domains

der-felix · June 27, 2024, 2:39pm

Hi everyone

I got a Beryl AX router and use a Wireguard connection into my home network with my piholes as custom dns servers in the wireguard config.
It mostly works except for domains with the domain .lan (for example gitlab.felix.lan), they are not resolved. Other custom entries are not problem (for example gitlab.felix).

Does anyone have an idea why and how to configure it in the admin ui or in the openwrt ui?
Details:

DNS rebinding is disabled
i tried all current firmwares, stable, beta, op24 and snapshot

slesar · June 27, 2024, 11:18pm

It is looks like DHCP with hostname and dns are different.
Have look in Luci > Network > DHCP > general and another tap hostnames

der-felix · June 28, 2024, 6:14am

ok, what would you suggest as a solution? Putting a static copy of all my DNS entries into the hostname list is not really a practical solution. I already tried deleting the lan from the Resolve locally and local domain fields but it still did not want to resolve the domains upstream

admon · June 28, 2024, 6:20am

So where did you define your static DNS entries so far?

der-felix · June 28, 2024, 6:57am

in my two pihole instances running as dns resolvers in sync in my homelab. they are referenced as DNS servers in my wireguard client conf

slesar · June 28, 2024, 6:58am

Does have pihole DHCP? If yes then gl router turn off dhcp server and dns manual address to pihole.

der-felix · June 28, 2024, 7:20am

I have a DHCP in my home network but doen't the beryl ax wireguard client have to run internal dhcp anyways to control the remote clients before tunneling the traffic? The router acting as client has a assigned IP it gets, but the beryl wifi clients are a dedicated network independent from that

also with totally different ip ranges etc

its already forwarding all DNS requests its just the *.lan Domain...

der-felix · July 3, 2024, 11:23am

With the new 4.7.0 snapshots its still the same problem

slesar · July 8, 2024, 8:43pm

Adguard home only.
Private Adguard dns will blocked.

I belive pi hole same thing, just add normal syntax etc/host your rules. Even not using dhcp

der-felix · July 9, 2024, 8:02am

As far as I can see this has nothing to do with my problem. I am not using adguard on my Beryl. It seems to be a openwrt routing issue. And editing the local hosts files of all clients defends the purpose of having a DNS server

alzhao · July 9, 2024, 9:18am

I want to know:

What is the subnet of the Wireguard connection
What is the subnet of your Home network
Your wireguard config (pls remove endpoint and keys)

der-felix · July 9, 2024, 12:51pm

Hi @alzhao no problem.

Subnets:

Wireguard internal 10.8.0.0/24
Homenetwork: 10.23.91.0/24
Beryl AX: 192.168.8.0/24

WG-Conf:

[Interface]
PrivateKey = xxxx
Address = 10.8.0.6/24
DNS = 10.23.91.4,10.23.91.5

[Peer]
PublicKey = xxxxx
PresharedKey = xxxxx
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = <domain>:<port>

Thanks for your help
Felix

alzhao · July 9, 2024, 1:51pm

It seems to me everything is ok.

Can you confirm that 10.23.91.4 is also 10.8.0.1, which is the Pi hole serving as Wireguard server and dns server.

der-felix · July 9, 2024, 1:55pm

10.23.91.4 and 10.23.91.5 are the pihole machines. The Wireguard server is running on 10.23.91.5 aswell with the WG internal IP 10.8.0.1

alzhao · July 9, 2024, 2:15pm

I wonder if you can pm me a Wireguard config to test.

alzhao · July 10, 2024, 5:19am

You can also change dns serve to 10.8.0.1 in your wireguard

der-felix · July 10, 2024, 6:38am

I will try to setup a similar setup on a vps for you. What confuses me is that everything works and is resolved by my dns resolvers (internet entries and also local custom ones) just the *.lan is a problem.

I tried around with the /lan/ entries in the openwrt dhcp interface but it did not help either. I suspect its something in openwrt and the internal use of .lan as (local)domain for the Beryl ax internal network.

When I use the same wireguard config files on my laptops and phones directly theres no problem, so this is defnitly a problem with your products internal configuration

alzhao · July 10, 2024, 7:10am

These are not routers and didn't add extra layer. So don't think they will behave the same.

I tested my setup locally and I can resolve local dns. So must try out the same setup as yours.

der-felix · July 10, 2024, 7:13am

That is correct but if there was a general alyer problem I would expect all local domains or DNS in general not to work. Are you able to resolve *.lan domains from an upstream network in your test?

Thanks for taking your time to help

alzhao · July 10, 2024, 8:31am

Yes. I used two GL routers to do the test locally. Which is not totally the same as yours so have to try yours.