[Cartel]

I want the dns in green, DDWRT adds the ones in red against my will.
Is there a way to solve this?

thanks

[blkt]

Ignore WAN DNS? Setup -> Basic Setup

[Cartel]

[blkt]

Understandable, feature did not exist until 08-02-2020-r44048, workaround was Query DNS in Strict Order.

Bypass resolv.dnsmasq in Services -> Services -> Additional DNSMasq Options add no-resolv, list servers.

no-resolv
server=
server=
server=

When strict order is combined with no-resolv the last server in the list is primary. "Back in my day, blabla.."

[PascalCase]

Thanks, blkt. Your answer also solved my issue with the extra dns servers.

I thought the "Ignore WAN dns" means I'm hosting my own dns server(s) locally.

[Jay461]

Thanks Blkt. I recently upgraded to r44719 and was not aware. What do I need to select in Dnamasq on the Services tab? Just want to ensure I am not using outdated selections.

[blkt]

Query DNS in Strict Order was the easy workaround but it was possible to leak ISP DNS servers.

Bypass resolv.dnsmasq method was the other workaround to prevent any DNS leak.

These are no longer necessary with the Ignore WAN DNS checkbox.

[Jay461]

[egc]

I think you do not need anything in the Additional DNSMasq.

Just do the following:
Make sure ignore WAN DNS is enabled (ticked)
Make sure Local DNS and Gateway are left at its default 0.0.0.0
In Static DNS 1 set the IP address of the Pi
Disable (untick) "Use DNSMasq for DNS"

By disabling "Use DNSMasq for DNS" the clients will now receive the contents of Static DNS as their DNS servers

[Jay461]

Thanks egc. I have the Local DNS set to Pi-Hole IP and have Use DNSMasq for DNS selected- will change that.

Router:R7800
Firmware: r44719 std (plan on upgrading to the latest version when nobody's home)

I have been following your posts in regards to forcing DNS via pi-hole. Will these 2 iptables suggested by you work in my environment? I don't have VLAN's or guest WiFi. My Upstream DNS Servers in Pi-hole is 127:0:0:1#5335

Assuming my pi-hole IP is 192.168.xxx.x

iptables -t nat -I PREROUTING -i br0 -s ! 192.168.xxx.x -p tcp --dport 53 -j DNAT --to 192.168.xxx.x:53
iptables -t nat -I PREROUTING -i br0 -s ! 192.168.xxx.x -p udp --dport 53 -j DNAT --to 192.168.xxx.x:53

Also, I have no idea how to test it via putty/cli or how to identify if it works or not. Although, I am familiar with accessing the R7800 via Putty. Thanks

[egc]

You only need these rules if you suspect clients (children) wanting to set their own DNS servers to dodge your control.
Otherwise all clients should already pointing to the the Pi.
But if you need to enforce it (there are still ways to dodge this, actually rather easily) then yes you can use these rules