I'm currently using OpenWrt 21.02.1 r16325-88151b8303 on a TP-Link Archer A7. I noticed that I can't visit torproject.org (including any subdomains) via Wifi anymore, regardless of the device. It just says ERR_NAME_NOT_RESOLVED. According to dnsleaktest.com OpenWrt uses Dismail's and Digitalcourage's DNS services which don't cause problems when set up directly on a device.
Well, yes, obviously. Unfortunately, I don't remember how I configured OpenWrt to use Dismail and Digitalcourage – do you know how I might have done this or how I can change the respective settings?
Oh, and FYI: I'm using the adblock package. In OpenWrt's settings 127.0.0.1#5453 is set as DNS forwarding. Is this of relevance? I have added torproject.org to adblock's whitelist though.
Are your clients are using your router as DNS, or does the DHCP point to the Digitalcourage (?) DNS directly, or perhaps by rerouting the traffic in the router's firewall ...
Well, those devices/apps (e.g. my phone) that just use the network's default DNS server don't have access to torproject.org, whereas devices/apps with custom DNS settings do have access (e.g. Firefox with DoH).
if the clients use the DNS provided by your phone, then I'd say your ISP is blocking the access.
you have no control over what the ISP is doing with the DNS traffic, they might forward it someplace,
or have their own DNS set up. it's out of your control.
@frollic Oh, I think my initial wording was a bit confusing. I meant: Devices like my phone or my tablet just use the network's DNS, so by default that would be the WiFi router's DNS. Those devices display ERR_NAME_NOT_RESOLVED when contacting torproject.org. Since dnsleaktest.com shows that the DNS is provided by Dismail and Digitalcourage, the problem is definitely not with the ISP.
On my laptop, on the other hand, Firefox uses Digitale Gesellschaft's DNS-over-HTTPS and is able to reach torproject.org.
I'm using Ubuntu. In the Wifi settings, for “IPv4 method” it only says “Automatic (DHCP)”.
@lleachii I just removed the entire adblock package to test whether it causes the problem but torproject.org is still not being resolved.
Well, yes, I uninstalled adblock in order to test whether it causes the problem (it doesn't).
Thanks!
I just figured out how I configured OpenWrt to use Digitalcourage and Dismail DNS: I followed Mike Kuketz' tutorial on how to set up Stubby. These are the resolvers that I set in etc/config/stubby:
I set fdns2.dismail.de as "Private DNS" on my Android phone and tried to open torproject.org – it worked. I also checked via dnsleaktest.com that my phone actually uses Dismail DNS. So the problem is not about the DNS providers.
You then went on to say it wasn't (you uninstalled it, duh)...but it really would help to know why it was there to begin with (as it seems you wern't using it).
My phone and tablet use the network's default DNS a.k.a. the router.
OpenWrt uses the Adblock package as DNS. (Adblock is currently disabled though.)
Adblock uses dnsmasq.
Dnsmasq sends all DNS requests to Stubby.
Stubby uses Digitalcourage and Dismail.
Apparently, torproject.org is being resolved normally since today, without me having changed anything about the configuration. However, snowflake.torproject.org is not resolved.