This seems to work only temporarily for me. My ISP-assigned DNS servers come back after awhile. I have no-resolv in my dnsmasq conf, too.
if you add in your Advanced DNSmasq config...
no-resolv
server=9.9.9.9
this should be ok...
you can circumvent any forced ISP DNS by using SmartDNS ... i hope your router model has more than 16MB flash ram...as if less than no ssl for SmartDNS...
Using SmartDNS will encrypt your DNS..and you can force SmartDNS to use only the servers specified in its config...
99% of the time when something is wrong is due to user set up error...
post your dnsmasq config... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
than... depends on the use of this router...in most of the cases if its a normal gateway
-if you have a dynamic dhcp, than tick ignore WAN DNS..set x3 DNS boxes in GUI as 1.1.1.1 or 9.9.9.9
and with this setup you should be fine...
-if you use a static IP - than do not set anything for DNS anywhere, apart of advanced DNSmasq box
no-resolv
server=9.9.9.9
if you try any of those and still have a DNS leak...than it seams your ISP provider is forcing their DNS as they cap and translate the DNS request on the standard port 53...
however...if you use SmarDNS...(if your routers supports openssl)
you can set SmartDNS to forward encrypted requests via https, and force only smartdns specified resolvers...in this way it will go undetected and it will circumvent any ISP restrictions or whatever else...
nowadays, that is all you need for SmartDNS to work
also make sure you left local DNS > Basic settings page the small box, at default values 0.0.0.0
and you also enable forced DNS at basic setp page too...
as we dont know details on your set pic and ect. it's a bit of a guessing what do you have...and what happens...in general DDWRT and DNSmasq are rock solid for DNS _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Mon Mar 18, 2024 23:02 Post subject:
Geremia12 wrote:
Alozaros wrote:
tick ignore WAN DNS
I don't have that option. I wish I did; it would solve all my problems.
if you use a static IP than this option is not present...use no-resolv advise...
what router model are we talking about build number any details will help... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
if you use SmarDNS...(if your routers supports openssl)
you can set SmartDNS to forward encrypted requests via https, and force only smartdns specified resolvers...in this way it will go undetected and it will circumvent any ISP restrictions or whatever else...
Oh, I do have "Ignore WAN DNS"! I saw it at the top, in the "WAN Connection Type" section. I was looking for it in the DHCP section. Unticking it fixed the problem. Thanks! 🙏
Thanks for introducing me to SmartDNS. I was wondering how to do DoT/DoH.
if you have a dynamic dhcp, than tick ignore WAN DNS..set x3 DNS boxes in GUI as 1.1.1.1 or 9.9.9.9
and with this setup you should be fine...
I had to untick "Use dnsmasq for DNS" on the "Basic Setup" tab to make it work with SmartDNS. Is that normal? Dnsmasq is still enabled on the "Services" tab. Now, when I go to https://www.dnsleaktest.com, it only shows Cloudflare IPs, not what specific DNS servers I'm using.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Tue Mar 19, 2024 22:15 Post subject:
i dont have such a trouble... you have to read (carefully) the SmartDNS guide and look at the pic i posted for the settings that all you need...and yes you can turn of DNSmasq and use only SmartDNS, although its not recommended...and only god knows, what you are doing with your router...
There are guides, that are made to serve and provide knowledge..use the force, feel the matter, read (tfkng) the guide... if you follow the guide, you will make it to work...if not and keep asking a questions you rather fall in your own trap of not knowing what you are doing and become a victim of your own mess... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Post a screenshot of your Setup -> Basic Setup and Services -> Services pages.
I'm getting two issues: DNS resolving doesn't work unless I have "Ignore WAN DNS" unticked.
And DOH not working ("server-https https://dns.sev.monster/dns-query" needs to be "server 168.235.111.72").
Last edited by Geremia12 on Wed Mar 20, 2024 18:13; edited 1 time in total
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Mar 20, 2024 19:37 Post subject:
1.st as you have IPv6 this is causing the main problem...
2nd your SmartDNS settings are wrong not only wrong but terribly wrong, and practically not working...i don't even know how do you have any dns resolving, may be ipv6 dns goes behind and that is why you have problems with ignore WAN dns..as this is the only one that you have working...
as i keep saying you are in your own mess...
now im on repeat ...
all you need for SmartDNS to work
open look at the pic and check the correct syntax...and compare with yours...
_________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913