Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sat Aug 27, 2022 10:27 Post subject:
Query DNS in strict order is a fairly useless settings, not that it matters in this case as you have only one upstream DNS resolver in DNSMasq (which is SmartDNS)
Check Unsigned DNS replies is also useless as you do not have DNSSEC enabled (which you should not as you use SmartDNS)
About the settings in the OpenvPN config to stop the pushing of DNS servers, I would keep it there just as a reminder you are not using them (and if you inadvertently are going to use Split DNS with PBR).
But it does not do anything in this case as you are not using them anyway as you are using SmartDNS.
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Thu Jan 12, 2023 11:21 Post subject: SMart DNS
Are my settings correct?
When I do a DNS test, I dont see the smart dns servers but these
178.238.10.99 None Clouvider Limited London, United Kingdom
217.146.83.100 100.83.146.217.baremetal.zare.com. Hydra Communications Ltd London, United Kingdom
Screenshot 2023-01-12 at 10.45.26.png
Description:
Filesize:
765.65 KB
Viewed:
882 Time(s)
_________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Thu Jan 12, 2023 11:55 Post subject:
Still showing VPN dns servers. How do I test and check if smart DNS is working? _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Thu Jan 12, 2023 19:36 Post subject:
I can see this command has an extra space/interval at the end by the quotes no idea if this plays role...
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "
no idea why you need those lines in DNSmasq as those are confusing the DNS,
especially if you did not enable use additional servers only in SmartDNS
also 3-d line in the stack is wrong, i guess..just remove them all
if you need and extra...NTP time servers just add an IP in the box where NTP time in this format
216.239.35.4 162.159.200.123
those 2 are google and cloudflare NTP time, but you can add others too, the format is a like this with space/interval in between...as well on the new versions of firmware BS made an adjustment so
the default NTP time queries few NTP servers...by default..so you don't really need anything... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Fri Jan 13, 2023 10:44 Post subject:
Alozaros, not sure either, one guru asked me to add it. Please tell me exactly what I should do. I mean I will copy and paste what you send, just let me know where in DDWRT to add it too please. Apologies for the inconvenience. _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500
Joined: 04 Mar 2021 Posts: 65 Location: Manchester
Posted: Sat Jan 14, 2023 19:41 Post subject:
I got it working and cheers to all for the supply. _________________ Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500