As you use also IPv6 you have to use the MAC address for your Policy instead of the IP address, make sure you use the telephone mac and not a private mac address.
For DNS policy also use the same MAC address and one IPv4 DNS address and one IPv6 DNS address space delimited
Make sure you set it before the @br-lan DNS Policy
Yes that looks good but I did a quick test and your remote DNS servers do not appear to work
So if you have DNS problems just use 1.1.1.1 and 2606:4700:4700::1111
You can use this for the VPN routed clients and the LAN routed clients.
A simple way to test DNS servers is on your client:
nslookup openwrt.org <dns server> e.g. nslookup openwrt.org 2606:4700:4700::1111
I have tested all DNS dispalyed in pictures and all seems to answere.
In openvpn DNS is protected in vpn tunnel so no need to do anything there.
In wan-side there is no DNS hijacking protection.
What is possible to use in conjunction with PBR as I can't use "https-dns-crypt" ?
Dnssec,Stubby, Unbound or DNSCrypt-proxy2
Great so I assume it is working?
You can use anything you want just as a second dnsmasq instance or smartdns, unbound etc. as long as it does not interfere with your current dnsmasq.
Meaning have it listen on port 54 and make a dns policy redirect to that port 54.
Yes it’s seem to working maby later on there is new thoughts.
I look into second dnsmasq and see if I can get it working.
Is it any guide to do that?
Big thanks for all help, I really appreciate it.
I mark this solved soon.
Is it any guide to do that?
I look into second dnsmasq and see if I can get it working.
Do a forum search but you can start here:
If I do a forum search (second dnsmasq) get alot of postings .
https://forum.openwrt.org/t/best-way-to-create-a-second-dnsmasq-instance-without-dhcp/202198/6
(I can't sort out what I need.)
Your link point my post?
I have setup a second dnsmasq instance but seems some config is needed.
dnsmasq instance 2
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '0'
option local '/lan/'
option domain 'lan'
list interface 'lan2'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases2'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1280'
option dnssec '1'
option port '54'
list addnmount '/var/run/pbr.dnsmasq'
config interface 'lan2'
option proto 'none'
option device '@lan'
and in https-dns-crypt I have changed port to "54"
config main 'config'
option dnsmasq_config_update '*'
option force_dns '0'
list force_dns_port '54'
list force_dns_port '853'
option procd_trigger_wan6 '0'
option verbosity '1'
option force_ipv6_resolvers '1'
but I'm sure I have missed some config, someone have a suggestion?
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.