Set ISP DNS for VPN bypassed domain

Installing and Using OpenWrt
1

New forum member => please bare with me :-). Also using luci because of my, eeh, limited command line skills but at least managed to set a machine up with open vpn and vpn pbr.

Despite reading an awful lot of DNS config threads, I still do not see exactly how to solve my specific problem. Probably just being stupid but this is it - short version: How do I limit VPN provider DNS servers to VPN traffic only while everything else should see the ISP provided DNS?

And now the long version... Default config in my setup is to route all traffic through VPN. Added the VPN provider DNS servers (per wiki instructions) through interfaces/lan/custom dns servers which works perfectly fine and looks correct when checked at dnsleaktest.com.

I do need to bypass a few streaming domains, though, and have PBR working (IP wise...) but with custom DNS servers set as above, they will be applied to this traffic as well - which does not work. I simply need bypassed domains to see my ISPs DNS.

Suppose there should be a way to config DNS servers for VPN only, without affecting other traffic, but still have not figured it out. Anyone?

2

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#selective_dns_forwarding

2 Likes
3

Thank you. I looked at that section previously but was not sure if and how to use it. Tried now (with dnsleaktest.com for simplicity) but for some reason it does not work with my ISPs DNS. It works when tried with Google servers, though. What on earth could be the cause of this?!?

1 Like
4

It may require an explicit policy to route DNS requests to a specific interface.
As an alternative, you can advertise custom DNS to different clients with DHCP.

5

Well, this is where I need more specific help. To clarify slightly: what I tested was bypassing dnsleaktest.com and handing it my ISPs DNS servers manually, by forwarding as described. All with the VPN up and running.

It does work with my ISPs DNS if I shut down the VPN (still running VPN providers custom DNS), though. This makes me suspect the bypass is not perfect, triggering a no response situation by the ISP DNS servers (where Google DNS servers might be less picky). Plausible?