ISP server forced in search domain

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
buffpatel
DD-WRT User


Joined: 22 Feb 2011
Posts: 115

PostPosted: Mon Sep 13, 2021 13:23    Post subject: ISP server forced in search domain Reply with quote
dTX wrote:
Note for BrainSlayer:
twindragon6 if you don't mind i'll be using part of your attached log for example.
Code:

cat /etc/resolv.conf

search nv.charter.com <==== !!!!
search BLACK-ICE
nameserver 192.168.1.1
nameserver 127.0.0.1


The search domain that every ISP is shoving in our throats is just another form of tracking/data mining and it's a very successful one,not far from what they use their DNS for.
Therefore if user chose the option Ignore WAN DNS the search domain automatically has to be removed and ignored as well.
So far by just removing and ignoring the WAN/ISP DNS is a half ass done job when it comes to...some form of privacy protection....IN MY OPINION Exclamation


Hi,

I saw the above discussion from a thread for a recent build and wanted to discuss if there is any solution to fix this. For reference, I'm running an R8000 on build 47381 from 9/8/21.

I have "Ignore WAN DNS" set on basic settings.

Additional DNSMasq options:
no-resolv
all-servers
bogus-priv
no-negcache
dhcp-option=43,01:04:00:00:00:02
server=1.1.1.1
server=1.0.0.1
server=9.9.9.9
server=8.8.4.4
server=8.8.8.8
server=2606:4700:4700::1111
server=2606:4700:4700::1001
server=2001:4860:4860::8888
server=2001:4860:4860::8844
local=/arunasubhash.lan/
expand-hosts
domain-needed
dhcp-range=::1000,::FFFF,constructor:br0,ra-stateless,ra-names,12h
dhcp-option=option:domain-search,arunasubhash.lan
dhcp-option=option:dns-server,192.168.1.1
dhcp-option=option6:domain-search,arunasubhash.lan
dhcp-option=option6:dns-server,[fe80::eafc:afff:XXXX:XXXX]
ra-param=br0,10,300
enable-ra
quiet-ra
quiet-dhcp
quiet-dhcp6


and when I run: cat /etc/resolv.conf, I get:

search cinci.rr.com
search arunasubhash.lan
nameserver 192.168.1.1

So it looks like the search cinci.rr.com server has been forced into my search domain despite me having Ignore WAN DNS set, and also having no-resolv in my DNSMasq options. Is there something I might be missing?
Sponsor
d33b0_n4p41m
DD-WRT User


Joined: 10 Sep 2021
Posts: 133

PostPosted: Mon Sep 13, 2021 13:36    Post subject: Reply with quote
Screenshots of your "Setup -> Basic Setup" and "Services -> Services" pages would help. You may want to read the help files associated with both pages ^_^
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Mon Sep 13, 2021 14:04    Post subject: Reply with quote
I am looking into it going to see if I can make a patch for it.

So be patient Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
d33b0_n4p41m
DD-WRT User


Joined: 10 Sep 2021
Posts: 133

PostPosted: Mon Sep 13, 2021 17:22    Post subject: Reply with quote
Or someone can look at the configurations already there and try manually overriding their WAN domain information, if they have not already... ^_^
buffpatel
DD-WRT User


Joined: 22 Feb 2011
Posts: 115

PostPosted: Tue Sep 14, 2021 10:17    Post subject: Reply with quote
d33b0_n4p41m wrote:
Screenshots of your "Setup -> Basic Setup" and "Services -> Services" pages would help. You may want to read the help files associated with both pages ^_^


Hi, I am attaching the requested screenshots of my config for you (I resized them to make them 50% smaller. Hopefully they are correct size). Please let me know if any other screenshots would be helpful - and thanks in advance!

Please note - the entire "additional Dnsmasq options" on is listed in the original post of this thread as you cannot see it in full on the screenshot.



Screen Shot 2021-09-14 at 6.07.23 AM.png
 Description:
 Filesize:  61.43 KB
 Viewed:  2840 Time(s)

Screen Shot 2021-09-14 at 6.07.23 AM.png



Screen Shot 2021-09-14 at 6.07.38 AM.png
 Description:
 Filesize:  97.86 KB
 Viewed:  2840 Time(s)

Screen Shot 2021-09-14 at 6.07.38 AM.png



Screen Shot 2021-09-14 at 6.06.32 AM.png
 Description:
 Filesize:  155.32 KB
 Viewed:  2840 Time(s)

Screen Shot 2021-09-14 at 6.06.32 AM.png


egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Tue Sep 14, 2021 10:25    Post subject: Reply with quote
Luckily you have no-resolv but your settings are not realy "optimal"

Local DNS should be kept at its default 0.0.0.0 when you use it as a normal gateway

Static DNS 1,2.3 should point to a DNS server higher up not to itself just leave it at 0.0.0.0

Luckily no-resolv overrides these wrong settings

It also has nothing to do with the original problem but other users might pick up the wrong idea from this.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
buffpatel
DD-WRT User


Joined: 22 Feb 2011
Posts: 115

PostPosted: Tue Sep 14, 2021 10:38    Post subject: Reply with quote
egc wrote:
Luckily you have no-resolv but your settings are not realy "optimal"

Local DNS should be kept at its default 0.0.0.0 when you use it as a normal gateway

Static DNS 1,2.3 should point to a DNS server higher up not to itself just leave it at 0.0.0.0

Luckily no-resolv overrides these wrong settings

It also has nothing to do with the original problem but other users might pick up the wrong idea from this.


Thank you very much for the feedback! I believe I got those settings from some very old websites when I first started using DD-WRT over 10 years ago, so those are clearly not optimal with all the advancements over the years.

I will change my Local DNS and static DNS to 0.0.0.0 as you suggested. Thanks again!
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Tue Sep 14, 2021 11:05    Post subject: Reply with quote
using all-servers and query in a strict order along with no-resolv its not a good idea...
one of the best ways to avoid forced DNS by the ISP, is to use encrypted DNS...depends from your router you can use DNScrypt or SmartDNS via CLI, Unbound or Stubby check those green and red links in my signature...or sickies around forum regarding the others...
I recommend Stubby or SmartDNS as the easiest options...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
d33b0_n4p41m
DD-WRT User


Joined: 10 Sep 2021
Posts: 133

PostPosted: Tue Sep 14, 2021 14:08    Post subject: Reply with quote
But some folks are *absolutely* certain that it's not a configuration issue that is the root cause of the upstream ISP search domain being shoved down their router's throat. ^_^
_________________
An old man said, “Erasers are made for those who make mistakes.” A youth replied, “Erasers are made for those who are willing to correct their mistakes!” Attitude matters! ~ Anonymous
----------
“You are always a student, never a master. You have to keep moving forward.” ~ Conrad Hall
----------
“Life is about moving on, accepting changes and looking forward to what makes you stronger and more complete.” ~ Anonymous
itwontbewe
DD-WRT User


Joined: 29 Sep 2020
Posts: 260
Location: United States

PostPosted: Tue Sep 14, 2021 15:55    Post subject: Reply with quote
egc wrote:
I am looking into it going to see if I can make a patch for it.

So be patient Smile

much appreciated


****

thanks to kp too and obviously bs


Last edited by itwontbewe on Mon Sep 20, 2021 23:17; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Sep 14, 2021 16:28    Post subject: Reply with quote
The main issue is that "ignore wan dns" does not take into consideration "wan domain" information; this is what I discovered looking at the source code and passed over to @egc. There were already workarounds, but people didn't seem to want to look deep enough into it and create a solution until this was patched and fixed permanently. Thanks for your continued development support, @egc!
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
itwontbewe
DD-WRT User


Joined: 29 Sep 2020
Posts: 260
Location: United States

PostPosted: Tue Sep 14, 2021 16:30    Post subject: Reply with quote
the op is seeking a workaround

Last edited by itwontbewe on Tue Sep 14, 2021 17:21; edited 2 times in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Tue Sep 14, 2021 16:57    Post subject: Reply with quote
The workaround, until the patch is verified to work revolves around the "get_wan_domain" function and associated nvram variable.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net


Last edited by kernel-panic69 on Fri Sep 17, 2021 16:39; edited 1 time in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Thu Sep 16, 2021 13:52    Post subject: Reply with quote
Patch has been send upstream for reviewing, I did not have the time to properly test it so just lets see if it is any good and will be accepted.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
buffpatel
DD-WRT User


Joined: 22 Feb 2011
Posts: 115

PostPosted: Mon Sep 20, 2021 18:20    Post subject: Reply with quote
This issue appears to be resolved in newest build R47474 on 9/20/21:

cat /etc/resolv.conf:

search arunasubhash.lan
search arunasubhash.lan
nameserver 192.168.1.1

Not sure why the LAN domain name (arunasubhash.lan) is listed twice, but I no longer have my cable providers server in the list.

Thanks everyone for helping find a patch and applying it so quickly!
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum