24 comments on “Using DD-WRT for Local DNS and DHCP

  1. Thanks for the writeup. FYI, my firmware version has a GUI option for “No DNS Rebind”. Firmware: DD-WRT v24SP2-MULTI (07/15/12) std (on Buffalo WZR-HP-G300NH)

  2. If i enable “Local DNS” near DNSMasq then my router stopped connecting to internet and not accessible. If I disable that then the local dns doesn’t work. I am on DD-WRT build R24.

    • Make sure, the settings are accurately completed. The IP’s I used are examples, not to be filled in literally. Make sure “Use DNSMasq for …” DNS and DHCP are both checked. Then under Service Management -> DNSMasq section, The DNSMasq checkbox must be set to ENABLED, as well as the Local DNS checkbox. Also ensure the additional options are filled in. With v24-SP2, the setup works as described.

      • Thanks for the reply. I have to do the following things to get local DNS working in R24-SP2 with vpn build.

        Under DHCP Server:
        Use JFFS2 for client lease DB (Not mounted)
        Use NVRAM for client lease DB
        Used Domain
        LAN Domain
        Additional DHCPd Options

        Under DNSMasq:
        Local DNS
        Additional DNSMasq Options

        Under Setup:
        Static DNS 1… (router / gateway ip)
        Static DNS 2.. other external DNS server1
        Static DNS 3.. other external DNS server2


    • I think you can, but I haven’t tested it since I have no need for it. Presumably you are needing subdomain for a web server. You should be able to add a wildcard entry similar to the following into the dnsmasq.conf file:

      The IP address should be the address of the web server. To preserve the entry across boots, you will need to set this in the dnsmasq options or modify the startup command script to make the addition and bounce the dnsmasq service.

      With it, you should be able to access the cloud.mylaptop.home.net or drive.mylaptop.home.net.

  3. Interesting… I have always heard that you shouldn’t use a public domain for local DNS to avoid resolution conflicts (even if you own the domain name). Is it safe? What’s the best practice?

    FWIW, I always use something.local on my LAN.

    • You are correct. I’ve known this, but at the time of writing I chose a poor example. I use “.home” (without the “.net” on the end). It won’t resolve externally to any top level domains, which is the risk you could run using something like “.home.net” as in the post. I believe using “.net” can be OK, but if a host is not resolved locally the query will be sent to the external DNS server which will most likely fail to match something like “jimmysxbox.home.net” (unless you get extremely lucky with a name that does exist and resolves externally).

  4. Pingback: DD-WRT Web Server for Viewing All Network IPs | Unfinished Bitness

  5. Pingback: Synology NAS Web Server | Unfinished Bitness

  6. Thanks for the info, but I am having an issue trying to resolve hostnames from a MAC I have on the LAN. I can only resolve them if I put a dot at the end. for example “server.” will resolve but “server” will not.

    I used “home.net” as my LAN Domain. Is it just my Mac causing this or is it the dns services on the router.

    DD-WRT v24-sp2
    Asus RT-AC68U

    • Use just “home” instead. Double check all settings. Any device that is DHCP should not be listed in the static hosts file. Make sure router has been rebooted post changes.

  7. I had a PFSense router for a while that died unfortunately due to power outage. I have decided to give dd-wrt a go on my asus rt-ac66u.

    I have been unlucky so far with the dnsmasq options. every time I tried following other tutorials the entire lan lost internet connection. Luckily I have a very patient wife 🙂

    In PFSense, I had a service called DNS Forwarder in which I could type a domain name and an IP address in the lan to be associated with it. Then from the outside world I could reach that domain on the correct mahine inside the lan. Much more convenient than any NAT rules.

    Can i do the same with dd-wrt? Can I put in the dnsmaq options something else than IP – Machine name?

    Can I do: domain1.com domain2.com


    Thank you.

  8. Is it really important to use JFFS2a and NVRAM?
    I only want to resolve local names when on home network and on VPN to home network, so it works the same regardless of being local of remote on VPN.

    Router FW is V24-sp2.

    Static DNS 1: local router IP
    Use DNSMasq for DHCP: enabled
    Use DNSMasq for DNS: enabled
    DHCP-Authoritative: enabled

    JFFS2: no mount
    NVRAM: disabled

    Used Domain: WAN
    LAN Domain: somenet.local

    DNSMasq: enable
    Local DNS: enable
    No DNS rebind: disabled

    DNS1: local router IP

    Now I can get server from VPN using “[servername].somenet.local” but also “[servername].” works, why does adding a dot work?

    ..but ping on ip with a -a option only gives only [servername] (i.e. ping -a [server ip])

    Is it possible to ping server name directly like, or better to use servername + local domain?

    What is the bet way(most secure?) to pass names to remote clients (the ones on VPN)?

    Thanks for any feedback

    • I haven’t used DD-WRT in a while now. You do need JFFS, which is stored in NVRAM. This is where the filesystem is created. The filesystem is where the scripts and lookup tables are kept. With it properly setup you should be able to ping just a name without the network name, such as “xbox”. I can’t answer the VPN question with DD-WRT.

  9. Thanks. As grant said: lots of bad info out there.

    For me it worked without JFFS (I can’t find the option to activate it, but I guess I’ll miss the option to have static IPs).

    I played a little with DD-WRT and somehow the VMs in VirtualBox got confused and I had to restart the host system to be able to get IP addresses using DHCP.

  10. Im running build 32868 on a tp-link 1900 ac v3 and the Services Page is grayed out and there is no save or apply radio button . DHCP is enabled in setup. It is the same in every browser I have . Any ideas ? I am a DD-WRT beginner, please be easy.

Leave a Reply to WRipkowski Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.