Help config DNS

Santa79 · July 12, 2020, 7:28pm

Hello,
I wanted to ask for help to correctly configure the DNS for my VPN.
I have set up my home network as follows:
FritzBox Cable 6591: Internet sent to:
FritzBox 4040 with OpenWrt in which I use Openvpn for NordVpn, and Wireguard is as Server and Client.
Now I would like to know how I can correctly configure the NordVpn DNS and the DNS of my Wireguard server (Mullvad)

lleachii · July 13, 2020, 1:58am

You would add a DHCP Option 6 to the DHCP config in the LuCI web GUI:

Santa79 · July 13, 2020, 6:10am

This morning and tried to put there the ip 193.138.218.74 of the mullvad DNS and the only thing I did with it was to run out of internet. I'd also like to use Nordvpn's

lleachii · July 13, 2020, 6:26am

To be clear:

your VPN is already configured; and
you have already routed and can properly reach each DNS server via the established VPN tunnels

...correct?

You'd simply add both as the example shows.

Santa79 · July 13, 2020, 7:31am

my tunnels work very well. What I don't like is when I use a tunnel, some streaming services detect that I use vpn even if it's from the country itself and it doesn't work for me. So I don't really use servers from other countries very much. and then when I do a leak test it puts me at risk

vgaetera · July 13, 2020, 9:15am

Providing custom DNS with DHCP

Santa79 · July 13, 2020, 9:57am

Will this not cause problems for my network?

vgaetera · July 13, 2020, 10:15am

You can always back up and restore your working configuration.

Santa79 · July 13, 2020, 2:34pm

when I've leak here:

WebRTC

Failed checking for WebRTC leaks.

Santa79 · July 14, 2020, 3:56am

Very good days,
The only problem that I have noticed so far, the Adblocker is not going to me like before, what could it be?

vgaetera · July 14, 2020, 9:28am

AdBlock requires Dnsmasq to be your primary DNS.
Configure an upstream DNS provider and intercept DNS queries from the LAN clients.

Santa79 · July 14, 2020, 9:38am

I am not very clear on how to configure it without undoing what has been achieved so far. I looked at the link, but I still don't know

vgaetera · July 14, 2020, 11:54am

You can reset DHCP-related DNS settings to the defaults like this:

uci -q delete dhcp.lan.dhcp_option
uci -q delete dhcp.lan.dns
uci commit dhcp
/etc/init.d/dnsmasq restart
/etc/init.d/odhcpd restart

Although this makes no difference with DNS hijacking, as it is designed to override client DNS settings unless they use DNS encryption.

Santa79 · July 14, 2020, 1:14pm

If I reset, will I be back to the beginning of the topic? I don't want that

vgaetera · July 14, 2020, 1:41pm

There are at least 2 different methods:

The first method is easy to use with PBR, but it does not support AdBlock.
The second method supports AdBlock, but PBR for DNS traffic becomes complicated.

It is up to you which method to utilize.

Santa79 · July 14, 2020, 2:42pm

I am going to stay with method 1 for the moment, for its ease and for the moment it is going to be despite not having AdBlock.
Can this fit into my system ?:
What can you advise or tell me about DNS Encrytion?
Would this fit into my system without losing connection to my VPNs and Internet?
Table of Contents
DNS over HTTPS with Dnsmasq and https-dns-proxy

vgaetera · July 14, 2020, 4:17pm

The first method doesn't support DNS encryption on OpenWrt, only client-side DNS encryption, e.g. DoH in Chrome/Firefox.
However, you don't really need DNS encryption assuming that you trust the VPN provider well enough.

Santa79 · July 14, 2020, 6:33pm

thank you very much again for all your help. good day and thanks

vgaetera · July 15, 2020, 12:10am

This probably deserves a separate topic.

system · July 25, 2020, 12:10am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.