/etc/resolv.conf point correctly to OpenWRT device.
I persisted my OpenWrt logs on USB stick, but there is only a very small subset of DNS queries in dnsmasq log
For example this morning I surf and use my computer many hours.
Sun Nov 8 00:00:00 2020 daemon.info dnsmasq: 9722 y.y.y.y query[AAAA] i.ytimg.com from z.z.z.z
It looks like only Non-Browser based queries are in dnsmasq log. A lot of spying from Apple domains and other Non-Browser software I use.
Perhaps you have DoH enabled in the browser.
Or your system is not using
/etc/resolv.conf for primary resolvers.
If it was Linux, you should check NSS configuration.
Thank you very much. It's was Firefox DoH.
I disabled DoH on "my" network
To signal that their local DNS resolver implements special features that make the network unsuitable for DoH, network administrators may configure their networks to modify DNS requests for the following special-purpose domain called a canary domain: use-application-dns.net.
There is other software than Firefox that uses DoH? How can I block them all?
Because I only blocked Firefox from DoH