For quite a long time, I have a problem, that DNS in my OpenWRT box does not resolv local range on wan interface. Today I have learned that it is doing it in order to protect me:
dnsmasq[15709]: possible DNS-rebind attack detected: jmnet.czf
But hey, my wan interface has 10.* address and I want to resolve 10.* domains there!
A little bit of googling revealed that this is caused by --stop-dns-rebind passed to dnsmasq. Okay, the easiest fix is to disable it. You need to change /etc/config/dhcp:
config 'dnsmasq'
option 'rebind_protection' '0'
After reading source of /etc/init.d/dnsmasq I realized there is also way to whitelist some domains, what sounds like a slightly better idea. After fighting with syntax, I found the solution to be (again in /etc/config/dhcp):
config 'dnsmasq'
list 'rebind_domain' '/czf/'
Next thing to explore is why is native IPv6 not working for me on the router though it should...
