Having trouble setting dns servers

[ewokuk]

I am running latest merlin, AC86U, win10 and am connected via openvpn on the router. I am trying to add a DoT add blocking dns (nextdns) but no matter what I do it seems to keep showing my vpn dns server as well as the 2 from nextcloud, so it randomly uses that one instead of only the ad blocking ones.

Under WAN I have set DNS privacy protocol to DNS-over-TLS, and added the 2 servers from nextdns. Under the vpn client page I have set "accept dns configuration" to disabled, which as I understand it should stop it trying to use my vpn providers dns servers. But when I run dns leak tests, the vpn dns still shows up, along with 2 others which I assume are the ad blocking ones (I dont know because the 2 listed do not match the names or ip's of the nextdns ones but there are no others they could be).

It is driving me mad, all I want to do is point all dns requests for all devices connected through the router to these 2 servers, using DoT, regardless or whether the device is using the vpn or not.

 

[Zastoff]

I am running latest merlin, AC86U, win10 and am connected via openvpn on the router. I am trying to add a DoT add blocking dns (nextdns) but no matter what I do it seems to keep showing my vpn dns server as well as the 2 from nextcloud, so it randomly uses that one instead of only the ad blocking ones.

Under WAN I have set DNS privacy protocol to DNS-over-TLS, and added the 2 servers from nextdns. Under the vpn client page I have set "accept dns configuration" to disabled, which as I understand it should stop it trying to use my vpn providers dns servers. But when I run dns leak tests, the vpn dns still shows up, along with 2 others which I assume are the ad blocking ones (I dont know because the 2 listed do not match the names or ip's of the nextdns ones but there are no others they could be).

It is driving me mad, all I want to do is point all dns requests for all devices connected through the router to these 2 servers, using DoT, regardless or whether the device is using the vpn or not.

Test to set:
LAN/DNSFilter: Enable DNS-based Filtering=ON
Global Filter Mode=Router
and see if that helps

 

[ewokuk]

Test to set:
LAN/DNSFilter: Enable DNS-based Filtering=ON
Global Filter Mode=Router
and see if that helps

That looks like it might have done it, its now showing the 2 dns servers that are not the vpn one. hmmm

no spoke too soon, the vpn one has popped up again! No its finding nothing but the vpn one again! It seems to vary wildly, one minute its showing all 3, then just the vpn one and sometimes just the 2 ad blocking ones.

 

[Zastoff]

That looks like it might have done it, its now showing the 2 dns servers that are not the vpn one. hmmm

no spoke too soon, the vpn one has popped up again!

And LAN/DHCP-server the dns fields there are empty?

 

[ewokuk]

And LAN/DHCP-server the dns fields there are emty?

yep both empty.

I think it is vpn related because on my android phone connecting to the same router but not routed via the vpn I get just the 2 ad blocking dns and never the vpn one. On the pc which I have assigned a static ip and routed through the vpn, sometimes I get ONLY the vpn one, sometimes the 2 ad blocking ones, and sometimes all 3.

If I set "accept dns configuration" in the vpn client page to strict instead of disabled, i always get all 3 servers in the test. It looks like setting it to disabled doesnt disable it properly or something.

If I stop routing the pc via the vpn then i get the 2 ad blocking servers all the time but if its routed through the vpn, it doesnt seem to make any difference what i set that "accept dns configuration" to, the vpn dns server randomly pops up in the tests.

 

[ewokuk]

yep both empty.

I think it is vpn related because on my android phone connecting to the same router but not routed via the vpn I get just the 2 ad blocking dns and never the vpn one. On the pc which I have assigned a static ip and routed through the vpn, sometimes I get ONLY the vpn one, sometimes the 2 ad blocking ones, and sometimes all 3.

If I set "accept dns configuration" in the vpn client page to strict instead of disabled, i always get all 3 servers in the test. It looks like setting it to disabled doesnt disable it properly or something.

If I stop routing the pc via the vpn then i get the 2 ad blocking servers all the time but if its routed through the vpn, it doesnt seem to make any difference what i set that "accept dns configuration" to, the vpn dns server randomly pops up in the tests.

Ok I rebooted the router and that seems to have sorted it so far. Now I have lan dns filter off, vpn accept dns set to disable and the 2 ad blockers under dns over tls on wan and those are the only 2 showing up in tests so far.

 

[Zastoff]

yep both empty.

I think it is vpn related because on my android phone connecting to the same router but not routed via the vpn I get just the 2 ad blocking dns and never the vpn one. On the pc which I have assigned a static ip and routed through the vpn, sometimes I get ONLY the vpn one, sometimes the 2 ad blocking ones, and sometimes all 3.

If I set "accept dns configuration" in the vpn client page to strict instead of disabled, i always get all 3 servers in the test. It looks like setting it to disabled doesnt disable it properly or something.

If I stop routing the pc via the vpn then i get the 2 ad blocking servers all the time but if its routed through the vpn, it doesnt seem to make any difference what i set that "accept dns configuration" to, the vpn dns server randomly pops up in the tests.

In custom configuration on the vpn client do you have dhcp-option DNS or push dhcp-option DNS?
If not test to change your wan (dot) dnsservers to example cloudflare servers and clear browser cache ,Hard reboot everything and see if that helps

 

[ewokuk]

Ok so the reboot fixed being able to set the ad blocking dns properly....the problem I have is that despite having my pc routed over the vpn, and having policy rules set to strict, the dns requests are completely bypassing the vpn. What I need it to do is still route ALL my traffic over the vpn including dns requests, just not use the vpn providers dns server! Surely this is possible? The dns requests should be seen as coming from my vpn, not my real ip. Otherwise it is pointless me using the vpn because its just giving away my real ip in every single dns request!

 

[Zastoff]

Add to custom configuration(vpn client)
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"

And change: accept dns configuration=exclusive
That will force dns thru tunnel
And you can change 1.1.1.1 & 1.0.0.1 to what you want

 

[ewokuk]

Add to custom configuration(vpn client)
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"

And change: accept dns configuration=exclusive
That will force dns thru tunnel
And you can change 1.1.1.1 & 1.0.0.1 to what you want

Ok tried that and this uselsss router has decided yet again to completely ignore any of my settings and has reverted to showing both my vpn dns and my isp dns.....and NEITHER of the 2 ad blocking ones I have told it to use via push/dhcp-option. I give up. Doesn';t matter what I do it randomly ignores half the stuff its meant to be doing, regardless of rebooting it or anything else.

 

[Martineau]

Ok so the reboot fixed being able to set the ad blocking dns properly....the problem I have is that despite having my pc routed over the vpn, and having policy rules set to strict, the dns requests are completely bypassing the vpn. What I need it to do is still route ALL my traffic over the vpn including dns requests, just not use the vpn providers dns server! Surely this is possible? The dns requests should be seen as coming from my vpn, not my real ip. Otherwise it is pointless me using the vpn because its just giving away my real ip in every single dns request!

You could try using the openvpn-event triggers to force either the target DoT servers or the DoT port thru the VPN tunnel.

 

[Zastoff]

Ok tried that and this uselsss router has decided yet again to completely ignore any of my settings and has reverted to showing both my vpn dns and my isp dns.....and NEITHER of the 2 ad blocking ones I have told it to use via push/dhcp-option. I give up. Doesn';t matter what I do it randomly ignores half the stuff its meant to be doing, regardless of rebooting it or anything else.

It all seems weird.. DoT, DNSCrypt, DoH and with my vpn "accept dns configuration=exclusive" has all worked fine for me
Isp or country trying to block something?
You can try change: Tools/Other settings-Wan: Use local caching DNS server as system resolver (default: No) =Yes
I have that set to the default No
And see how/if that works for you

At the moment i use:
LAN/DNSFilter: Enable DNS-based Filtering=ON
Global Filter Mode=Router
DNS Privacy Protocol(DoT) with Cloudflare and Quad9 servers
For my VPN-Client:
Accept DNS Configuration=Disabled (use DoT servers not thru tunnel) Diversion do not work with Exclusive