AX86U DNS Leak with original DNS data. vpn problem

[Funnyland123]

Hello everyone, I need your help or your advice because even my VPN provider has no advice.

First of all what I have already done.

factory reset
Current but also older Asus Merlin firmware
Asus AX86U original firmware
Different DNS addresses.
And almost every imaginable setting.

Whether static IP or automatic does not matter. I add the original DNS addresses from Nordvpn (my provider)

103.86.96.100 and 103.86.99.100 I get a DNS leak no matter on which server and in which country.
I wear for example
1.1.1.1 or 1.0.0.1 or Google or no matter what else there is I have no DNS leak.

When I asked Nordvpn, I heard it was the router, which I don't believe because the part is new and otherwise works perfectly. I should contact Asus. Well he will tell me to contact Nordvpn.

The funny thing is that the error only occurs with these 2 original Nordvpn DNS addresses and you should think that the Nordvpn servers and their DNS addresses work together.

Does anyone have any advice where it can be?

 

[eibgrad]

IIRC, NordVPN recommends you assign those DNS servers (103.86.96.100 and 103.86.99.100) to the WAN. But since the introduction of 386.4, that's no longer a good recommendation, since the ASUS developers now statically bind the WAN's DNS servers to the WAN for the benefit of the WAN connectivity check. As a result, no matter how you configure the OpenVPN client w/ NordVPN (which pushes these same DNS servers), be it Strict or Exclusive, all your DNS traffic will *still* be bound to the WAN!

Long story short, those NordVPN instructions regarding DNS are no longer valid. All users should use *different* DNS servers for the WAN so that the NordVPN DNS servers can remain bound to the VPN.

 

[Funnyland123]

IIRC, NordVPN recommends you assign those DNS servers (103.86.96.100 and 103.86.99.100) to the WAN. But since the introduction of 386.4, that's no longer a good recommendation, since the ASUS developers now statically bind the WAN's DNS servers to the WAN for the benefit of the WAN connectivity check. As a result, no matter how you configure the OpenVPN client w/ NordVPN (which pushes these same DNS servers), be it Strict or Exclusive, all your DNS traffic will *still* be bound to the WAN!

Long story short, those NordVPN instructions regarding DNS are no longer valid. All users should use *different* DNS servers for the WAN so that the NordVPN DNS servers can remain bound to the VPN.

Thank you for the detailed explanation. Can you also tell me by chance what I should or must do now.

No DNS enter or in another place ? or at all completely something else. ?

The translation into my language is unfortunately difficult to understand what is meant.

 

[eibgrad]

All you need to do is make sure you provide DNS servers on the WAN that are NOT the same ones pushed by the VPN provider's OpenVPN server (e.g., 1.1.1.1 and 1.0.0.1). By doing so, you don't create a situation where the DNS servers of the VPN provider end up bound to the WAN.

 

[Funnyland123]

It's weird, because you buy supposed security in the belief that you buy security and cannot use the offers used by the provider together because there will be a DNS leak.