LanCache DNS server not being used even when specified on FriendlyWrt

I am configuring my lancache server and would like to use the DNS function to enable it.
I have verified that the server is reachable when I specify the IP:

However, when I don't specify the IP, and let the router decide, I get this:

I have my Windows PC Ethernet adapter settings as follows to try to force the usage of the DNS server:

I have enabled all three DNS settings in OpenWRT.

image568×579 12.8 KB

I even tried making a port forward rule.

image941×91 7.16 KB

Any ideas? I have tried a combination of each of the three DNS fields in LAN/WAN/DHCP. Let me know what I'm missing.
I will provide any log/command outputs on request.

Forcing it in windows should definitely work, the DHCP method, and firewall too.
Unless you haven't disabled DoH in the browser?

From what I can see, you have only set the DNS servers for IPv4 communication.
For IPv6, you can distribute DNS servers via DHCPv6.
I guess that would be the list dns option in /etc/dhcp.
For devices that don't listen to DHCPv6, you could set the router's IPv6 DNS server in use to the address you want.

The firewall rule in the screenshot should also have little effect in my opinion, since this device is specified as the destination of the packet.
This would only intercept packets that send DNS queries to the router itself.
I think the destination zone should rather be wan or equivalent because you want a redirect rule to the router.

Unless you haven't disabled DoH in the browser?

Do you think that would impact my command prompt results?

edit: I also don't want to have to do this whenever making use of the cache. This is for LAN setting and asking people to change settings would defeat the ease of use.

Like in here?

image910×640 23.1 KB

EDIT:
Actually, I have IPv6 disabled on the DNS server, per the LanCache guides.

good point, no.

but if you want to have all clients, even guests, capable of accessing it, you'll need to do more.
since IPv6 and DoH/DoT is a thing, you'll need to force the clients to use your DNS, by stopping all external DNS access.

except for the fw rule, which works for the regular DNS calls, you need to use the BanIP package
to block known DoH and DoT servers.

what does the ipconfig say on your windows host(s) ?

The use case would be for anyone on LAN accessing Steam/battlenet servers to redirect to the lancache instead because the games will be stored there. I do not care to change the normal DNS browsers use.
With that being said, can the browser still manipulate the overall DNS for what I'm trying achieve?
This is my ipconfig of a windows PC on LAN:

My linux box is hosting the DNS server.

I have learned something crucial:
With IPv6 disabled on my network adapter, the correct DNS is used!

So how can I go about making IPv6 requests translate to IPv4 and route to the lancache?

Also, I don't think this firewall rule is helping. I disabled (after changing destination to WAN) and the results do not change.

image966×95 6.84 KB

I tried disabling IPv6 DNS announce in LAN interface:

image890×671 34 KB

Restarted clients and this was returned (PC has IPv6 enabled in this test):

image887×90 4.6 KB

If I use this rule:

image958×86 7.07 KB

I get this result from command prompt:

Policy for lan zone is to accept everything. You can change the rule to deny the port 53 for ipv6 family.
However it would add some delay to all queries that try from ipv6 first.
You'd better advertise the ipv6 address of the lancache server.

If I just enable IPv6 on the machine, and don't change anything else, do you think DNS requests will fail?

Enabling IPv6 on the DNS server box has weird results. Initiating a game download will start with the lancache, but after 20-45 seconds it stops using the lancache and uses the internet. I can no longer download from steamcache.

I made the following changes:
Used the Dynamic IPv6 address of the lancache DNS server (how do I assign a static IPv6 address?):

image901×651 34.2 KB

I no longer am limiting my Ethernet adapter to IPv4 only. IPv4 and 6 are both enabled.

If I close and open Steam, it will start downloading again from the lancache. This does not work anymore.

Is the DoH changing my DNS? do I need to change other settings in OpenWRT?

EDIT: The lancache will randomly work and other times not.

You need to verify that lan clients only query lancache over ipv4 or ipv6.
DoH can bypass the announced nameservers. You'd have to intercept it.

Yea I think I need to unfortunately. I can flushdns and restart steam to make it use lancache, but I think DoH might be what's causing problems.

I am just typing this example into my SSH session?

opkg update
opkg install ipset resolveip
 
# Configure IP sets
uci -q delete dhcp.doh
uci set dhcp.doh="ipset"
uci set dhcp.doh.instance="doh"
uci add_list dhcp.doh.name="doh"
uci add_list dhcp.doh.name="doh6"
uci commit dhcp
/etc/init.d/dnsmasq restart
 
# Filter DoH traffic
for IPV in 4 6
do
uci -q delete firewall.doh${IPV%4}_fwd
uci set firewall.doh${IPV%4}_fwd="rule"
uci set firewall.doh${IPV%4}_fwd.name="Deny-DoH"
uci set firewall.doh${IPV%4}_fwd.src="lan"
uci set firewall.doh${IPV%4}_fwd.dest="wan"
uci set firewall.doh${IPV%4}_fwd.dest_port="443"
uci set firewall.doh${IPV%4}_fwd.proto="tcp udp"
uci set firewall.doh${IPV%4}_fwd.family="ipv${IPV}"
uci set firewall.doh${IPV%4}_fwd.ipset="doh${IPV%4} dest"
uci set firewall.doh${IPV%4}_fwd.target="REJECT"
done
uci commit firewall
/etc/init.d/firewall restart
 
# Configure hotplug
mkdir -p /etc/hotplug.d/online
cat << "EOF" > /etc/hotplug.d/online/60-ipset-doh
if [ ! -e /var/lock/ipset-doh ] \
&& lock -n /var/lock/ipset-doh
then
uclient-fetch -O - "https://raw.githubusercontent.com/\
dibdot/DoH-IP-blocklists/master/doh-domains.txt" \
| uci -q batch << EOI
delete dhcp.doh.domain
$(sed -e "s/^.*$/\
del_list dhcp.doh.domain='\0'\n\
add_list dhcp.doh.domain='\0'/")
commit dhcp
EOI
lock -u /var/lock/ipset-doh
fi
EOF
cat << "EOF" >> /etc/sysupgrade.conf
/etc/hotplug.d/online/60-ipset-doh
EOF
. /etc/hotplug.d/online/60-ipset-doh
 
# Populate IP sets
ipset setup

This is what my Linux shows for DNS/IPv6:

image632×709 45.4 KB

I'm not familiar with Linux or IPv6 so I'm not sure if anything sticks out as problematic.

looks good to me.

Yes.

root@FriendlyWrt:~# for IPV in 4 6
do
uci -q delete firewall.doh${IPV%4}_fwd
uci set firewall.doh${IPV%4}_fwd="rule"
uci set firewall.doh${IPV%4}_fwd.name="Deny-DoH"
uci set firewall.doh${IPV%4}_fwd.src="lan"
uci set firewall.doh${IPV%4}_fwd.dest="wan"
uci set firewall.doh${IPV%4}_fwd.dest_port="443"
uci set firewall.doh${IPV%4}_fwd.proto="tcp udp"
uci set firewall.doh${IPV%4}_fwd.family="ipv${IPV}"
uci set firewall.doh${IPV%4}_fwd.ipset="doh${IPV%4} dest"
uci set firewall.doh${IPV%4}_fwd.target="REJECT"
done
uci commit firewall
/etc/init.d/firewall restart
The fw4 firewall does not appear to be loaded, try fw4 flush to delete all rules.

Is this normal?

root@FriendlyWrt:~# mkdir -p /etc/hotplug.d/online
cat << "EOF" > /etc/hotplug.d/online/60-ipset-doh
if [ ! -e /var/lock/ipset-doh ] \
&& lock -n /var/lock/ipset-doh
then
uclient-fetch -O - "https://raw.githubusercontent.com/\
dibdot/DoH-IP-blocklists/master/doh-domains.txt" \
| uci -q batch << EOI
delete dhcp.doh.domain
$(sed -e "s/^.*$/\
del_list dhcp.doh.domain='\0'\n\
add_list dhcp.doh.domain='\0'/")
commit dhcp
EOI
lock -u /var/lock/ipset-doh
fi
EOF
cat << "EOF" >> /etc/sysupgrade.conf
/etc/hotplug.d/online/60-ipset-doh
EOF
. /etc/hotplug.d/online/60-ipset-doh
Downloading 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-domains.txt'
Connecting to 2606:50c0:8002::154:443
Writing to stdout
-                    100% |*******************************|  3193   0:00:00 ETA
Download completed (3193 bytes)
root@FriendlyWrt:~# ipset setup
ipset v7.15: No command specified: unknown argument setup
Try `ipset help' for more information.
root@FriendlyWrt:~#

and ipset setup doesn't appear to be working.