DNS servers and windows 10 security

Just installed OpenWrt 21.02.1 on a BT Home Hub 5A clone (Plusnet) to work with Nowtv (Sky) Internet. Performance is very good.

Two issues. Whenever I Try to login using the network address from Windows 10 I get
NET::ERR_CERT_AUTHORITY_INVALID
which makes connecting a paln. I think its a windoze thing as its the same with different browsers.

The next is some confusion on my part as to which DNS is being used. On the Status/Network/IP4 upstream the two DNS's listed are the sky ones. Whereas my preferred ones are listed in Network/ DHCP and DNS/ Server Settings. How can I tell which DNS is being used?

This is not an idle request. I need to know as I am thinking of setting up a pihole for advert suppression.

Many thx

Best Regards

dataguy

No, it's a browser thing, search the forum for the error.

By whom ?

Windows - ipconfig /all

OpenWRT - cat /etc/config/network

Keep in mind that DoH/proxy can be enabled/configured in the client browser and DNS forwarding on OpenWrt, so more comprehensive diagnostics is required in general case.
Also plain DNS can be hijacked by the upstream/ISP, making the result not so reliable.

Thanks for the info.
The certificate issue can be resolved by viewing and saving the certificate, then importing it into the browser. (took me ages to find so I thought Id restate).

The DNS issue is a bit odd (Thx oldnavyguy). My windows 10 machine sees the sky network DNS (ipconfig/all), despite the Network/DHCP and DNS/DNS forwardings set to google dns first and open dns second (8.8.8.8 208.67.220.220).

Not sure how its possible to configure pihole if dns requests can not be diverted.

Many thx for your time
Best Regards
dataguy

Don't need to divert them, you simply have to provide the piholes IP as DNS in the DHCP configuration.

There are at least three places in openwrt where DNS IPs can be seen, and set.

WAN port DNS provided by ISP
WAN port DNS used by the router
LAN side DNS sent to the clients

If you want a easier method?

You can install AdGuard Home on your router and use it instead of a PiHole. (I used to run a PiHole but switched to using AGH.)

Your DNS issues are because you are most likely using Sky's upstream DNS. You can bypass Skys dns and use whatever DNS you want.

@ mercygroundabyss
You just beat me to the post !!.
I got the pihole working yesterday but although it was intercepting requests it was not blocking them.

As I was looking for a fix I came across an openwrt adblock article. It looked so easy I thought why not ??. About 10 mins later, installed by Luci, I had it up running and working brilliantly.

So definitely a big, big plus for adblock and Openwrt, cheers :beer:

Not sure what the difference between adblock, adguard home is. Curiously adblock lists Active Sources as adaway, adguard, disconnect, and yoyo, so maybe it just uses their lists.

Many thanks for your help

Best Regards

Dataguy

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.