Setup Overview:

• Omada Controller Version: 5.15.24.19
• Gateway: ER605v2
• Reverse Proxy: Apache2 with multiple vHosts (subdomains)
• DNS Configuration:
  • Primary DNS: Pi-hole with DNS rewrites (internal domains resolve to internal Reverse Proxy)
  • Secondary DNS: LAN-DNS enabled with same DNS rewrites for redundancy
  • Secondary DNS Server: 192.168.1.254 (Gateway)
    
     

Problem Description:

When LAN-DNS is enabled and configured with the same DNS rewrites as Pi-hole (for redundancy), internal clients start resolving internal domains via the WAN interface, resulting in NAT behavior.
 

Example:
Accessing the URL which is configured in "LAN-DNS" from inside the network resolves to the external WAN IP of the Reverse Proxy host, even though the host is reachable internally.
 

However, when LAN-DNS is disabled and the secondary DNS server is removed, everything works as expected:

• Internal clients route directly to internal hosts without NAT – which is the correct and intended behavior.
   

Question:

How can I properly configure DNS redundancy on the ER605v2 with Omada, without causing internal traffic to be NATed through the WAN interface?

The goal is to ensure that the ER605v2 – being the most stable and least rebooted device during power outages – can provide reliable DNS fallback without breaking internal routing.



*had to rewrite two times, invalid captcha + illegal url "example.."