Smartphone does not want to use Dnsmasq

Hi all !
I installed openwrt for a friend of mine and everything works fine except his phone
Samsung Galaxy Z Fold3
if you connect his phone to a regular router with standard firmware, it works.
DNS does not work on the phone, if you enable VPN on the phone, then it works.
all other devices work without any problems.
Maybe someone has some ideas or someone may have already encountered this, otherwise I have no ideas)
luci-app-https-dns-proxy is installed on the router, but I don’t think that has anything to do with it.
I don’t like these Samsungs much, there are always some problems with them ))

I entered the IP address and DNS in the phone manually and the result was zero

what does this mean, exactly ?

perhaps you need https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns ?

Everything seems to be configured correctly.
What to pay attention to, where to look, tell me ?
This phone does not want to use DNS, maybe he needs a certified DNS, and therefore does not want to use it as an option ?

where doesn't the dnsmasq DNS work ?
it the browser ? in some app ? does it ignore the DNS settings all together ?

Some phones use random mac addresses so that you cannot set a static lease, some phones (webbrowsers) use private DNS via DoT (DNS over TLS).

If you enabled DNS hijacking on the router then DoT is blocked

Disable random MAC address and disable Private DNS on the phone (and in the webbrowser)

the phone completely ignores dns from the router

writes without access to the Internet in the phone, but if you turn on VPN in the phone, then it starts to work, VPN has its own DNS, that's why it works, on any ordinary simple router with standard firmware it works without VPN

This model does not have a random mac address

But the phone or webbrowser used could have private DNS to bypass the routers DNS and that could be blocked by the router.

then you're back at the link you got in the 1st reply.

or as @egc pointer out, disable all DNS security in your phone, browser, android, etc ...

1 Like

but https-dns-proxy does not block, but redirects and why the phone refuses to accept dns responses from the router, it is not clear, perhaps it sees that it is not certified dns and therefore refuses to use it

it doesn't have settings like a regular android

Although there is a redirect rule for DoT in reality you cannot redirect. Older versions could use insecured DoT or fall back to DNS53, but nowadays it cannot not so the redirect rule effectively blocks DoT.

The default in Android is to use the DHCP-advertised DNS only once to look up the name of the DoT server. DoT is used for all subsequent DNS.

yes, only this android costs 2 thousand dollars )
That's probably the problem, it's not clear what they stuffed into it

Disable private DNS on the phone or disable redirection of DoT on the router (it is a setting in the luci-app-https-dns-proxy).

My advice is free but you do not have to take it but then you are stuck with a very expensive phone without DNS :wink:

1 Like

By default, it hijacks port 853 (DoT). Try removing port 853 from the https-dns-proxy config file.

the idea itself was to put OpenWRT, install adblock, https-dns-proxy
the option of passing dns from the provider is not suitable

that's OK, your 2k $ phone ignores them anyway :slight_smile:

So if I delete port 853 from the configuration of settings, will the phone begin to climb the Internet through this port? Then the whole meaning of using https-dns-proxy is lost