DNS over TLS still advertising Regular DNS to clients

[nitro001]

Hello,
I am trying to follow the instructions in the Beta thread for the DNS over TLS setup (Instructions weren't copied into release thread) on my RT-AC3100.

My internal network is a 192.168.2. network and I had previously had 2 OpenDNS servers in the LAN configuration along-side the advertise router IP as DNS entry. I then noticed the DNS-over-TLS settings showed the following warning: Your router's DHCP Server is configured to provide a DNS server that's different from your router's IP address. This will prevent clients from using the DNS Privacy servers.

So I then initially removed both DNS entries and left the advertise router IP as DNS entry option enabled and when it applied it didn't push any DNS entries. Once I hard-coded one and got back in, I added the IP of the router as well as the IP of my VMWare server as it is on a subnet that has resolution issues otherwise, and still got that warning.

I then enabled DNS-over-TLS as Opportunistic for now and added the 2 google servers. Once the network restarted, I checked the local client again, released and renewed just in case, and flushed dns and saw on the client it had the 2 OpenDNS entries as well as the Router IP, but no VMWare IP.

I'm not sure why the OpenDNS is still showing as it isn't configured in the router anywhere now, I would expect to see just the 2 internal IP addresses.

In addition, on the router when I do a traceroute to google it takes almost 30 hops to get there which seems really odd and I have some odd entries:

traceroute to www.google.com (172.217.212.104), 30 hops max, 60 byte packets
1 * * *
2 96.34.46.89 (96.34.46.89) -1557597583574.492 ms -1557597583577.045 ms -1557597583574.687 ms
3 96.34.36.26 (96.34.36.26) -1557597583574.294 ms -1557597583574.318 ms -1557597583574.932 ms
4 96.34.2.56 (96.34.2.56) -1557597583573.938 ms -1557597583574.124 ms -1557597583574.269 ms
5 96.34.0.54 (96.34.0.54) -1557597583572.318 ms -1557597583572.131 ms -1557597583572.624 ms
6 96.34.0.139 (96.34.0.139) -1557597583572.508 ms -1557597583578.692 ms -1557597583562.525 ms
7 96.34.3.9 (96.34.3.9) -1557597583578.630 ms -1557597583577.844 ms -1557597583579.534 ms
8 96.34.152.117 (96.34.152.117) -1557597583580.806 ms 96.34.152.30 (96.34.152.30) -1557597583591.399 ms -1557597583585.861 ms
9 108.170.244.2 (108.170.244.2) -1557597583579.588 ms 108.170.243.233 (108.170.243.233) -1557597583581.552 ms 108.170.243.219 (108.170.243.219) -1557597583581.329 ms
10 216.239.42.108 (216.239.42.108) -1557597583583.152 ms 216.239.57.77 (216.239.57.77) -1557597583574.072 ms 72.14.233.10 (72.14.233.10) -1557597583580.809 ms
11 108.170.243.233 (108.170.243.233) -1557597583579.895 ms 209.85.143.103 (209.85.143.103) -1557597583578.642 ms 72.14.232.70 (72.14.232.70) -1557597583578.507 ms
12 209.85.250.144 (209.85.250.144) -1557597583580.238 ms 172.253.66.213 (172.253.66.213) -1557597583579.320 ms 209.85.250.35 (209.85.250.35) -1557597583585.471 ms
13 74.125.37.61 (74.125.37.61) -1557597583579.575 ms 209.85.143.103 (209.85.143.103) -1557597583580.104 ms 216.239.62.253 (216.239.62.253) -1557597583579.922 ms
14 172.253.64.215 (172.253.64.215) -1557597583581.357 ms 216.239.41.99 (216.239.41.99) -1557597583580.348 ms *
15 * 216.239.63.155 (216.239.63.155) -1557597583598.349 ms *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 172.217.212.104 (172.217.212.104) -1557597588527.876 ms * *

Would anyone have any ideas why it is still advertising the OpenDNS entries and why I get the odd traceroute entries from the router?

Thanks in advance.

 

[L&LD]

Are you using the Beta still?

 

[nitro001]

Are you using the Beta still?

Nope upgraded from 384.10_2 straight to 384.11.

 

[owine]

Please screencap WAN page and LAN - DHCP Server page.

 

[nitro001]

Here you go. Now I do have the Connect to DNS Server automatically setting enabled, but the router is not advertising Spectrum's DNS, it's advertising the OpenDNS DNS entries.

I also uploaded the ethernet settings I am receiving.

 

[owine]

Here you go. Now I do have the Connect to DNS Server automatically setting enabled, but the router is not advertising Spectrum's DNS, it's advertising the OpenDNS DNS entries.

I also uploaded the ethernet settings I am receiving.

On DHCP page remove both dns server entries and change advertise router IP to YES. You will likely have to restart the router so all devices pull new leases instead of renew.

 

[nitro001]

Ok, so I did that and after a reboot of the router it still had the old lease. It is a Windows 10 Enterprise client on an Ethernet connection. Couldn't tell you it why it did that. So I disabled and re-enabled the Ethernet connection and the client obtained a new lease and has the correct settings and seems to be working.

 

[Striker317]

Ok, so I did that and after a reboot of the router it still had the old lease. It is a Windows 10 Enterprise client on an Ethernet connection. Couldn't tell you it why it did that. So I disabled and re-enabled the Ethernet connection and the client obtained a new lease and has the correct settings and seems to be working.

That’s expected. You would need to initiate the release and renew of the lease at the client.

 

[nitro001]

It's odd though a ipconfig /release and /renew didn't do it though. Should have renewed the lease then. Even rebooting the router didn't renew the leases (DHCP lease table didn't get flushed). I had to disable the adapter completely and re-enable it which seems a bit extreme. Should be a way on the router I can force the table to expire and make all clients request a new IP, rebooting should have done that. I have about 14 devices so this is a pain having to do this to all devices so I'm just letting the rest expire themselves though and renew.