Static DNS IP addr gets ignored after a while 380.63_2

[czar4you]

Hello,

Im using a DNS service where Porn and Ads are blocked. Everything works as expected within Windows, but as soon as i try to upload this ip to my router then i have noticed that it would switch between my ISP DNS after couple of minutes or so.

Setup:
AC87U router with 380.63_2
WAN DNS 1 is Public DNS IP ADDR for example
WAN DNS 2 is SAME IP ADDR as above (just in case)

LAN->DHCP Server DNS 1 Same IP as Above example
LAN->DHCP Server DNS 2 Same IP as Above example

Advertise router's IP in addition to user-specified DNS -> NO
Forward local domain queries to upstream DNS ->YES
Enable DNSSEC support -> YES
WINS Server -> empty


Windows worsktation:
Windows 10 with static ip addr IPV6 disabled, and IPV4 enabled, where GATEWAY and DNS is the router IP ADDR (192.168.0.1)

Testing:
CMD-> nslookup
sex.com shows the DNS IP addr since request got denied

after couple of minutes executing same step, then it would show IP ADDR of real sex.com which indicates that something went threw.

flushing dns does not fix anything. If i reboot a router, nslookup for sex.com it would pretty much repeat above behaviour.

I want to note that i have same DNS IP addr added to DNS1 and DNS2 filed in router. Not sure if there would be fail over to my ISP if i left DNS2 field blank.

Not sure what is going on

 

[RMerlin]

I would start by simplifying your setup a bit:

1) Set WAN DNS1 to your desired nameserver
2) Leave WAN DNS2 empty
3) Leave DHCP DNS empty
4) Set your computer to Automatic DNS
5) Release and renew your computer's DHCP lease

Make sure you did not enable DNSFilter (as this override all of this DNS configuration).

Also make sure you don't have any OpenVPN client configured (as it might override your DNS).

Then run your tests.

Note that there's a slight possibility that your ISP could be intercepting/redirecting DNS queries.

 

[RMerlin]

Also, note that using IPv6 can override all of this as well, if you have a different IPv6 DNS server, or if your DNS server doesn't properly filter our IPv6 IPs.

 

[czar4you]

Also, note that using IPv6 can override all of this as well, if you have a different IPv6 DNS server, or if your DNS server doesn't properly filter our IPv6 IPs.

Yes that was it.
My workstation had IPV6 disabled, but my router had NATIVE mode IPV6 enabled. Does that mean that IPV4->IPV6 is performed? If so is this a bug? If not...i would like to know how this is beneficial.

 

[RMerlin]

Yes that was it.
My workstation had IPV6 disabled, but my router had NATIVE mode IPV6 enabled. Does that mean that IPV4->IPV6 is performed? If so is this a bug? If not...i would like to know how this is beneficial.

I'm not entirely sure how the router handles the IPv6 DNS when it's acting as your LAN resolver. I don't generally deal with the IPv6 code as I have no way of really testing it (plus, I think IPv6 support in general is currently a mess at ISP levels).