LEDE/OpenWRT — How to set up DNS Forwarding

CT WiFi
LEDE/OpenWrt & IoT
Published in
2 min readFeb 4, 2016

There are a number of reasons for wanting to change your DNS, whether you want to benefit from speed & reliability improvements, set up parental controls, or want to access geoblocked content.

But sometimes you might not want all of your traffic routed through a custom DNS server, especially if you just want to do something simple like access US Netflix outside of the US. There is a really easy option to set up in LEDE/OpenWRT that allows you to set DNS servers to be used only with specific domains.

SSH to your LEDE/OpenWRT device

If you are using Windows then start PuTTY and click Session on the left side, select SSH from the options, and then enter in the IP Address of your LEDE/OpenWRT box into the Host Name field.

Once you’ve done this just click on Open to start up the SSH connection.

PuTTY

If you are connecting via terminal, then just SSH to your LEDE/OpenWRT device using the following command, where 192.168.1.1 is your LEDE/OpenWRT device’s IP address.

ssh root@192.168.1.1

Setting up DNS forwarding

Once you are logged into your LEDE/OpenWRT device, run the following command to edit your DHCP file:

vi /etc/config/dhcp

The rules you want to add to this section are formatted as follows:

list server ‘/domain_name/dns_address’

Find the dnsmasq section and add in your rules, it should look something like the following:

config 'dnsmasq'
option domainneeded 1
option boguspriv 1
option filterwin2k 0
option localise_queries 1
option rebind_protection 1
option rebind_localhost 0
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
list server '/netflix.com/111.118.175.56'
list server '/netflix.com/118.127.33.48'

Once you have added your rules, save your changes.

You may need to restart the service for your changes to apply so run the following command in the console:

/etc/init.d/dnsmasq restart

It is as easy as that. Whenever you access that domain, it will be through that DNS, while the rest of your traffic uses your normal default DNS settings.

(Optional) Using the web GUI

This can all be done using the web GUI by navigating through Network > DHCP and DNS > Sever Settings > General Settings, and entering the rules in the following format under DNS Forwardings:

/domain_name/dns_address
e.g
/netflix.com/118.127.33.48

If you found this post helpful please let us know by clicking the ♥ below.

This blog was brought to you by Cucumber Wi-Fi. Cucumber helps you run a more efficient Wi-Fi network. Check it out here.

Cucumber Wi-Fi — control any (Wi-Fi) device from the cloud.

--

--

CT WiFi
LEDE/OpenWrt & IoT

An orchestration tool for WiFi devices — Manage your networks from a single-pane of glass.