1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNSMasq doesn't do remote lookups for second VLAN?

Discussion in 'Tomato Firmware' started by gfunkdave, Jul 23, 2012.

  1. gfunkdave

    gfunkdave LI Guru Member

    I have a somewhat involved setup, so perhaps it's best to describe it, and then the problem.

    I have a Tomato router running an OpenVPN server, and another running the OpenVPN client. Both are running Toastman 1.28.7500. The server router also runs two separate VLANs: a private one and a guest one. DNSMasq works fine on the server router.

    I have the client router set to forward all serverdomain.local DNS queries to the server router. This works fine for the private VLAN on the server router, but not for the guest VLAN. But if I manually specify the server router as DNS server, it works fine.

    The following is in a Windows nslookup on a PC connected to the client router:

    > guest.serverdomain.local
    Server:  router.client.local
    *** router.client.local can't find guest.serverdomain.local: Non-existent domain
    > guest.serverdomain.local router.serverdomain.local
    Server:  router.serverdomain.local
    Name:    guest.serverdomain.local
    NSlookups on PCs on the private VLAN in serverdomain.local work fine.

    In addition, my DNSMasq config options include the following on the server router:

    ...and on the client router, I have the directive of:
    Does anyone know what might be going on? I seem to remember this working not too long ago - not sure what might have changed.
  2. gfunkdave

    gfunkdave LI Guru Member


    Figured it out. I had iptables rules designed to prohibit the guest VLAN from accessing the router but they also prohibited my return pings and DNS queries. I changed their position in the INPUT chain to after the directive that accepts established/related connections and all works fine now.

Share This Page