I use OpenWRT firmware for my home WiFi accespoints and router/firewall. This morning I installed an update that broke my internet access. This post is about what I did to fix it.
One of the advantage of OpenWRT over the firmware the hardware vendor provides is that they provide security updates for years. Another advantage is that they provide a variety of add-in packages for extra functionality.
One of the downsides of OpenWRT is that firmware upgrades don’t include add-on packages. You have to re-install them after you install the main firmware upgrade. This is a bit tedious but hasn’t really been a big deal because most of the extra packages I install aren’t essential.
Recently though, I started using Unbound to perform recursive DNS locally in order to reduce the amount of information about my browsing habits easily available to my ISP. Unfortunately, once OpenWRT is configured to use Unbound, DNS requests on the router and the local network fail if Unbound isn’t working, or is no longer installed.
The solution is obvious: re-install Unbound. Unfortunately reinstalling Unbound involves downloading files over the Internet, and downloading files over the internet involves DNS lookups, which are broken, because Unbound is no longer installed.
To solve the problem I had to figure out how to revert OpenWRT to using dnsmasq to do DNS forwarding for long enough to re-install Unbound. I went poking around in the LuCI UI for an appropriate setting. I was hoping there was a simple checkbox, but at the same time, worried that the checkbox would only be available if Unbound support was installed.
After a bit of poking around, I found the setting I needed under Network > DHCP and DNS > Advanced Settings. About 2/3rds of the way down the page there is a setting for DNS Server Port. It’s set to a non-standard port (1053 in my case) to get out of the way of Unbound. Setting it back to 53 temporarily will restore DNS service. You can then update the package lists and re-install luci-app-unbound. Then you can change the port back to 1053 (or whatever it was set to on your system) and reboot. When the router comes back up, DNS should again be working through unbound.
In summary: If you are using OpenWRT with Unbound and your internet access is broken after an OpenWRT update, you’ll need to re-install Unbound. In order to reinstall Unbound, you’ll need to temporarily change Network > DHCP and DNS > Advanced Settings > DNS Server Port to 53. This will restore internet access so you can reinstall Unbound.