still the same, I have the same setting and before the last month, never had a problem about that
You manually configured the ip address, gateway, subnet mask and the DNS server and it still used your ISP?
Ok, you meant on my PC device....
1 Like
I seem to have the same type of issue as OP or atleast it would show any client set dns rather than the hijacked, the dns hijacked fw rule is indentical, i don't want to interfere this topic with my own issue i'll rather have to make my own topic then besides i also have to investigate my issue more (also using nextdns).
when i look to possible commonalities i do see pbr being listed in ops firewall config, i wonder has anyone verified if this works with pbr and it's dns changes?
1 Like
@PerkelSimon and @xize:
Who is your ISP?
Currently Im not using wireguard and pbr
1 Like
From Canada, Cogeco
KPN, but my isp isn't hijacking, it just ignores my hijacking rule and follows dns my client have setup, if i had setup google i see google dns on multiple devices which is odd, the only thing i didn't have tested if it was affected by pbr since recently it has new functionality to route dns.
I asked because this is the second thread about this device flaking out today. (the thread is older than that but @xize mentioned it today)
The other thread is AT&T.
Just noticed something and pulled on a string; thanks.
2 Likes
I made it and yep, still
Clear the browser cache, reboot the device (PC) and try again.
This is really not how IPv4 is supposed to work.
Just in case I've misunderstood:
you disabled all the background/add-on packages and its supposed to be just running firewall and NAT?
I'm not a pro so, I take your sentence too , Just in case I've misunderstood you,
and you say ''all add-on packages'' you mean?
Any VPN or ad-blocking etc.
I re-read the thread and I do not see anything but just to be sure and the cache really does cause issues sometimes.
Interesting🤔, would this also mean even if i had it previously uninstalled, then do a sysupgrade with keeping the settings, the remmants may in theory still run?
That could explain maybe the unexplained behaviour i notice.
Run firstboot -y && reboot.
Other Linksys E8450 reported that some configs were not being overwritten in a fresh install.
firstboot -y && reboot will flush everything so be prepared.
3 Likes
If you were telling the truth and trying to help anyone, you wouldn't resort to using throw-away accounts. I have no idea what spurred this personal vendetta of yours, but yeah, if you keep spreading lies, I will keep reporting.
2 Likes
I've been meaning to ammed the pbr README, yes, if you use the pbr dns policies, they will override your routers DNS/DNS hijacking.
2 Likes
if I use the dns hijacking, I can add the port 853 too?
5. Optional: DNS hijacking: Configure firewall to intercept DNS traffic:
# Intercept DNS traffic
uci -q del firewall.dns_int
uci set firewall.dns_int="redirect"
uci set firewall.dns_int.name="Intercept-DNS"
uci set firewall.dns_int.family="any"
uci set firewall.dns_int.proto="tcp udp"
uci set firewall.dns_int.src="lan"
uci set firewall.dns_int.src_dport="53"
uci set firewall.dns_int.target="DNAT"
uci commit firewall
service firewall restart
You can only redirect encrypted DNS if you've a local server that can handle it, such as dnsproxy and the client doesn't expect certificate validation.
Older tls clients could fallback to DNS 53, but in practice this 853 redirect is a blocking rule which is good in its own right.
So the rule itself is useful although it seldom redirects any more