DNS Server Settings with VPN Client

[LearningAsIGo]

Hi, I have an Asus RT-AC86U, with Asus-Merlin version 384.18. I am running a VPN client. I am trying to get my head around exactly how each of the various DNS settings work together. I'm doing this by running various tests. One particular test has confused me:

-My VPN client has Policy Rules (strict), Accept DNS Configuration Exclusive, and for my test, instead of using the URL of the VPN server I want to connect to, I put it's IP.
-Normally under WAN, DNS Server 1& 2 are my VPN provider's DNS servers, but for this test I set them to fake ones that don't work (the aim of this test is to see how these WAN DNS servers get used).

I was thinking the DNS servers under WAN were used by the router to resolve the VPN server URL (when I use a URL) but in this test I used the server IP. So I was expecting the VPN client would still be able to connect to the VPN server. But it can't. I have to enter valid DNS servers under WAN for the VPN client to connect, even when using an IP not a URL.

Has anyone got an explanation for how the WAN DNS servers are used by the VPN client (and devices connected to it)? For devices connected to it, I would have thought they use the VPN providers pushed DNS servers, so they wouldn't be using those set under WAN.

Would appreciate any thoughts to help me on this, many thanks.

 

[LearningAsIGo]

No thoughts on this? It may seem obvious to the experts here but I can assure you it isn't obvious to me. Would appreciate any guidance.

I have also changed my WAN DNS servers to third-party DNS servers and run a DNS leak test. This verified that devices going through my VPN are using the VPN provider's DNS servers as I expected (i.e. no DNS leaks). So that further makes the results of my test in the OP confusing, since it confirms devices going through the VPN don't use WAN DNS (as I thought they shouldn't).

So my question remains: why does the VPN client fail to connect in my test when I use the VPN server IP rather than URL, and have invalid WAN DNS servers configured? And so more generally, when are these WAN DNS servers used, since they aren't used by clients going through the VPN.

 

[Zastoff]

Would suggest setting wan dns servers to cloudflare/quad9 or even auto (isp dns servers)
"Accept DNS Configuration Exclusive"
Should provide the vpn dns servers for the clients that connect thru the tunnel.
Doing like this also makes it a lot easier to detect dnsleaks, you should not get the dns server chosen in wan when checking a client that uses the vpn tunnel.
Hope this helps a bit

 

[LearningAsIGo]

Thanks Zastoff, yes I'm confident I'm not getting DNS leaks when I use my true settings but am also trying to piece together how all the DNS settings work together, so would like to understand why the VPN client doesn't connect in my test when WAN DNS servers are fake ones (I'm only using fake ones in my test as I try to go through these settings bit by bit to work out when they are used).

 

[LearningAsIGo]

No ideas from the experts? Or suggestions for up and coming experts?