Configuring Custom DNS Servers for DHCP Clients in OpenWrt: A Technical Guide


2 views

When clients connect to your OpenWrt router via DHCP, they automatically receive DNS server information as part of their network configuration. By default, OpenWrt acts as a DNS forwarder (using dnsmasq) and provides its own address as the DNS server.

The primary configuration file we need to modify is /etc/config/dhcp. Here's how to specify custom DNS servers:

config dhcp 'lan'
    option interface 'lan'
    option start '100'
    option limit '150'
    option leasetime '12h'
    option dhcpv6 'server'
    option ra 'server'
    option ra_management '1'
    list dhcp_option '6,8.8.8.8,8.8.4.4'  # Custom DNS servers here

For those who prefer command-line configuration, you can use UCI commands:

uci add_list dhcp.lan.dhcp_option='6,1.1.1.1'
uci add_list dhcp.lan.dhcp_option='6,1.0.0.1'
uci commit
/etc/init.d/dnsmasq restart

For more complex setups where different clients need different DNS servers, create a custom script in /etc/hotplug.d/dhcp/:

#!/bin/sh
case "$1" in
    add)
        if [ "$MAC" = "00:11:22:33:44:55" ]; then
            echo "dhcp-option=6,9.9.9.9" >> /tmp/dnsmasq.leases
        fi
        ;;
esac

After making changes, verify that clients are receiving the correct DNS information:

cat /var/dhcp.leases
dnsmasq --test
/etc/init.d/dnsmasq restart
  • Clients not updating DNS: Try releasing and renewing DHCP leases
  • Configuration not applying: Check for syntax errors in config files
  • DNS queries failing: Verify that your custom DNS servers are reachable

When using third-party DNS servers:

  • Consider DNS-over-TLS for privacy
  • Be aware of logging policies of public DNS providers
  • For sensitive networks, maintain local DNS resolution for internal domains

When running OpenWrt as your router OS, you'll often need to push specific DNS server addresses to DHCP clients rather than using the default gateway address. This becomes crucial when implementing:

  • Pi-hole or Ad-blocking DNS solutions
  • Internal domain resolution with custom DNS
  • DNS-over-HTTPS/TLS forwarders
  • Geolocated DNS services

The primary configuration file we need to modify is /etc/config/dhcp. Here's the essential snippet for pushing custom DNS:

config dhcp 'lan'
    option interface 'lan'
    option start '100'
    option limit '150'
    option leasetime '12h'
    option dhcp_option '6,192.168.1.100,192.168.1.101' # DNS servers
    option domain 'localdomain'

For more complex scenarios, consider these approaches:

Conditional DNS Based on Client MAC

config host
    option mac 'aa:bb:cc:dd:ee:ff'
    option ip '192.168.1.50'
    option dhcp_option '6,9.9.9.9,149.112.112.112' # Quad9 DNS

Using UCI Commands for Dynamic Changes

uci add_list dhcp.lan.dhcp_option="6,208.67.222.222"
uci commit dhcp
/etc/init.d/dnsmasq reload

After making changes, verify that clients receive the correct DNS settings:

  • Windows: ipconfig /all
  • Linux: nmcli dev show | grep DNS
  • MacOS: scutil --dns

If DNS settings aren't propagating:

  1. Check logread for dnsmasq errors
  2. Verify client DHCP lease renewal with dhcp-release
  3. Test DNS functionality directly: nslookup example.com 192.168.1.100

When running custom DNS:

  • Monitor DNS response times with dnstop
  • Consider local caching with dnsmasq-full
  • Implement failover with multiple DNS servers