Newbie help config AX3600

  • I don't understand what this remark means - can you better explain - describe how you "see" the main router "forcing you"?
  • Additionally, why are you entering the IP 100.64.0.3 for DNS?
  • Have you tried using e.g. 1.1.1.1 (Cloudflare), 8.8.8.8 (Google) or 9.9.9.9 (Quad9) instead?

As of your posts thus far (especially your screenshot) seem like you're intentionally configuring Vodafone DNS yourself.

That 100.64.0.3 was just another try, it's Mullvad DNS. Yes I have tried CloudFlare, 1.1.1.1 and I set them up back again now.

To see which is my DNS I use: https://whoismydns.com/

But there are also other services which tells me the current resolver (like NextDNS panel):
Screenshot from 2023-05-09 21-50-14

I am not configuring Vodafone DNS, I want to avoid them.

EDIT: I will test this better, let me clear DNS cache first, it might be the culprit.

OK. Let's take a pause here to understand your setup.

100.64.0.3 is not a public IP. So it seems you have some other network setup that we're not aware of. I was under the assumption this was a Vodafone internal IP; but you stated it's Mullvad.

If you're using Mullvad VPN and DNS, it should already be impossible for your ISP to intercept the requests.

Do you have Mullvad VPN setup somewhere and you didn't mention it?

Provide the output of the following commands:

ip route get 8.8.8.8 from 192.168.93.1
ip route get 1.1.1.1 from 192.168.93.1
ip route get 100.64.0.3 from 192.168.93.1
1 Like

No, I am sorry, I confused you by first trying 1.1.1.1 and seeing it was not working, then I tried just the DNS of Mullvad (not their VPN), and found out later I can't use that.
Now I tried with Quad9 and with the website whoismydns I finally see that my DNS changed! I just had to look from another clean browser, my fault.

Seems like I sorted out the DNS config, I have other questions regarding useful packages like should I install this: https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm

Any other advice of which package to install to improve privacy, security and performance? I know it seems generic, you can just tell what you would use and why I will read more about that

1 Like

I used QoS in previous versions of OpenWrt - I currently don't need QoS, SQM, etc. so I'm not familiar. Security-wise, the default OpenWrt and settings are good.

The only change from default I perform is the following:

  • All firewall settings that say "Reject" - I change to "Drop"

Please understand the technical implications of this change.

Nope, I don't add generally consider adding packages to make things more secure or perform better. I can't think of any, except that if you do have a Mullvad account, you can install the VPN packages necessary to configure/use on the router - setup clients to route thru it, etc. :wink:

I believe DoH/DoT was also suggested in another post.

Hope this helps and congratulations on solving your issue.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

I tried with 9.9.9.9 (which is the DNS I set up in OpenWRT) and I get:

root@OpenWrt:/# ip route get 9.9.9.9 from 192.168.93.1
9.9.9.9 from 192.168.93.1 via 192.168.1.1 dev wan 

It's the same output if I use 1.1.1.1 or 8.8.8.8, just the first part is changing obv. From what I am understanding it just says that the route goes to the main router (192.168.1.1) as it should be, right?

Regarding the solution, my topic wasn't about DNS in particular but more general setup, including DNS. I will certainly mark a post as solution later on, I was just experimenting with the nextdns package and then I realized I would like to try a more general dns-over-https or dnscrypt-proxy package. I see with that one I can also use NextDNS among others. I would like to set up my DNS not with IPv4 (like we just succeded, it was the first step) but protecting my DNS queries with one of the above packages, for instance.

Correct. But I already thought this issue was solved (no need to test now), and we discussed that the IP 100.64.x.x used was private (i.e. will only work over a VPN). I apologize if that wasn't clear.

OK, cool (it helps reduce confusion by createing a single thread per issue).

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.