hi, i'm using OpenWrt 18.06.6 installed on HG556a (version B)
the setup is a 4G sim card in a 3G modem plugged in my openwrt
i have the following interfaces
i enter the following dns servers on the wan and lan interfaces :8.8.8.8 8.8.4.4 1.1.1.1
but when i open https://www.dnsleaktest.com/ i get the isp dns
i tryed also changing it on the 3g interface but when i do it internet seem not working
also when i change dns manually on my connected device to my router internet seem not working on the router
If there is an option under the 3G interface it will be supported.
In my LTE connection with NCM protocol it is supported.
If it is not you can ignore the resolv file and use forwarders.
i think its not possible cause i tryed use the dns auto installed by isp internet work well i edit my mobile configuration and change dhcp to static i enter dns 8.8.8.8 8.8.4.4 and internet didnt work so may they use something in the protocole or in firewall rulles that block those dns requests
I don't think its the DNS itself that's blocked -- you could know by specifying static IP/DNS then from terminal:
ping 8.8.8.8
If it works, then IP connectivity is there and DNS is blocked. My theory though is that with a static IP, this will not work. A lot of networks these days have firewall entries that are DHCP aware and static addresses, unless specifically allowed by admins on a per-device level (say for servers) are not allowed to communicate with anyone.
This means you'd need to find a way to get DHCP IP settings but override/specify the DNS.
when i change dns on the 3G interface ping to 8.8.8.8 still work but requesting any domain will not work goole.com not working but when i typed google's ip 172.217.168.163 it work
so that mean that there is a problem while sending /receving dns requests
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain localhost
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain local
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain invalid
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain bind
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using local addresses only for domain lan
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.8.8#53
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.8.8#53
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using nameserver 1.1.1.1#53
Thu Sep 17 23:23:48 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.4.4#53
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: reading /tmp/resolv.conf.auto
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain test
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain onion
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain localhost
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain local
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain invalid
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain bind
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using local addresses only for domain lan
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 105.67.10.4#53 (isp dns)
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 105.71.24.5#53 (isp dns 2)
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.8.8#53
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 1.1.1.1#53
Thu Sep 17 23:25:07 2020 daemon.info dnsmasq[3031]: using nameserver 8.8.4.4#53
NOTE this bypasses all system DNS settings and looks up yahoo.com using 8.8.8.8
If this works, then the ISP doesn't have DNS blocked.
If this doesn't work, then UDP port 53 is blocked.
All that said, what I'd do is see if your 3G/4G supports IPv6 and if so, I'd try Google's IPv6 DNS servers to see if your ISP forgot to block it in ip6tables:
You fail to show which interface you set this on... In your posting giving the output of:
uci show network; head -v -n -0 /etc/resolv.* /tmp/resolv.*
We see:
In addition, your networks TAB screenshot shows on your WAN interface:
RX: 0 B (0 Pkts.)
TX: 6.81 MB (19927 Pkts.)
Did you apply the ignore peer DNS + custom DNS servers on your unused WAN interface as opposed to your 3G interface? If so, I think that may be your problem?
2.) You somehow didn't have IP connectivity when you ran nslookup yahoo.com 8.8.8.8, but I'd assume you ran ping 8.8.8.8 first to eliminate this possibility.
So, sorry we couldn't get it going, looks like you may be forced to use your ISPs DNS :\