Hello.

Prior to updating to OpenWRT 25.12.2, I was using 24.10.4 on a Linksys WRT32X. Earlier today, I tried to do an attended sysupgrade, and got a failed response from the server. So, I just flashed the firmware using the .bin from the releases, and reset to factory defaults.

I was able to set everything up back to normal. However, I’ve been having a massive headache with trying to use custom DNS servers (Quad9 and CloudFlare). On the old update, I disabled “Use DNS servers advertised by peer” on the wan interface, added the IPv4/IPv6 for Quad9 and CloudFlare, and it worked like a charm. When I checked for DNS leaks, no ISP DNS showed up. I did the same thing with the new update, but there is a DNS leak no matter what I try. Maybe I forgot how to setup the custom DNS servers, and after factory reset couldn’t get it working again. In any case, any help would be appreciated. Thanks

Did you disable "Use DNS servers advertised by peer" on both wan and wan6 interface?

Yes. It is disabled on both wan and wan6 interfaces. Although the addresses are only on the wan interface.

What do you see if it’s not the ISP DNS?

This was prior to the update and the issue I’m currently having. Before I just saw “WoodyNet” for Quad9 or “CloudFlare”.. Now I see my ISP DNS on every single DNS leak test on dnsleaktest.com

Ah, sorry. Just finished my first cup of coffee…

See what’s in /tmp/resolv.conf.d/resolv.conf.auto

root@OpenWrt:~# cat /tmp/resolv.conf.d/resolv.conf.auto

Interface wan

nameserver 9.9.9.11
nameserver 149.112.112.11
nameserver 1.1.1.1
nameserver 2620:fe::11
nameserver 2620:fe::fe:11
nameserver 2606:4700:4700::1111

That’s good. How about:

grep -H resolv-file= /var/etc/dnsmasq*

root@OpenWrt:~# cat /var/etc/dnsmasq*

auto-generated config file from /etc/config/dhcp

conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
enable-ubus=dnsmasq
expand-hosts
bind-dynamic
local-service
cache-size=1000
edns-packet-max=1232
domain=lan
local=/lan/
addn-hosts=/tmp/hosts
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.d/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
conf-dir=/tmp/dnsmasq.cfg01411c.d
user=dnsmasq
group=dnsmasq

dhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf

bogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf
dhcp-range=set:lan,192.168.1.50,192.168.1.248,255.255.255.0,12h
no-dhcp-interface=pppoe-wan

Does everything look good? I may have found the cause if so.. I think wan6 interface was not set up correctly. After changing the device to “wan” and not pppoe-wan. The dns leak is gone. I’m not really sure if that’s the change that fixed it. I have one more question. I want OpenWRT to prioritize Quad9 and only use Cloudflare if Quad9 is not responding. Will enabling strict order mess up IPv6 connectivity, and will it work with my current DNS setup? Thanks for the help

DNSMasq will periodically check which is the fastest and uses that so default settings with both your DNS servers should be fine

Strict order is highly unreliable

Edit consider using secure DNS e.g. HTTPS-DNS-Proxy or unbound etc.

if you forward DNS through a VPN then the site that tells you about a leak will not talk about it, in all other options they will always tell you that it is a leak)

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.