Help config DNS

I wanted to ask for help to correctly configure the DNS for my VPN.
I have set up my home network as follows:
FritzBox Cable 6591: Internet sent to:
FritzBox 4040 with OpenWrt in which I use Openvpn for NordVpn, and Wireguard is as Server and Client.
Now I would like to know how I can correctly configure the NordVpn DNS and the DNS of my Wireguard server (Mullvad)

You would add a DHCP Option 6 to the DHCP config in the LuCI web GUI:


This morning and tried to put there the ip of the mullvad DNS and the only thing I did with it was to run out of internet. I'd also like to use Nordvpn's

To be clear:

  • your VPN is already configured; and
  • you have already routed and can properly reach each DNS server via the established VPN tunnels


You'd simply add both as the example shows.

1 Like

my tunnels work very well. What I don't like is when I use a tunnel, some streaming services detect that I use vpn even if it's from the country itself and it doesn't work for me. So I don't really use servers from other countries very much. and then when I do a leak test it puts me at risk

Providing custom DNS with DHCP

Will this not cause problems for my network?

You can always back up and restore your working configuration.

1 Like

when I've leak here:


Failed checking for WebRTC leaks.

Very good days,
The only problem that I have noticed so far, the Adblocker is not going to me like before, what could it be?

AdBlock requires Dnsmasq to be your primary DNS.
Configure an upstream DNS provider and intercept DNS queries from the LAN clients.

1 Like

I am not very clear on how to configure it without undoing what has been achieved so far. I looked at the link, but I still don't know

You can reset DHCP-related DNS settings to the defaults like this:

uci -q delete dhcp.lan.dhcp_option
uci -q delete dhcp.lan.dns
uci commit dhcp
/etc/init.d/dnsmasq restart
/etc/init.d/odhcpd restart

Although this makes no difference with DNS hijacking, as it is designed to override client DNS settings unless they use DNS encryption.


If I reset, will I be back to the beginning of the topic? I don't want that

There are at least 2 different methods:

  • The first method is easy to use with PBR, but it does not support AdBlock.

  • The second method supports AdBlock, but PBR for DNS traffic becomes complicated.

It is up to you which method to utilize.


I am going to stay with method 1 for the moment, for its ease and for the moment it is going to be despite not having AdBlock.
Can this fit into my system ?:
What can you advise or tell me about DNS Encrytion?
Would this fit into my system without losing connection to my VPNs and Internet?
Table of Contents
DNS over HTTPS with Dnsmasq and https-dns-proxy

The first method doesn't support DNS encryption on OpenWrt, only client-side DNS encryption, e.g. DoH in Chrome/Firefox.
However, you don't really need DNS encryption assuming that you trust the VPN provider well enough.

thank you very much again for all your help. good day and thanks

1 Like

This probably deserves a separate topic.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.