Hello everyone, I am having a terrible time trying to get this to work.
I am trying to get each one of my VLANs to use a different DNS.
10.10.10.1 - I want to use 8.8.8.8 & 8.8.4.4
10.10.20.1 - I want to use 103.86.96.100 & 103.86.99.100
10.10.30.1 - I want to use 1.1.1.1 & 1.0.0.1
10.10.40.1 - I want to use 8.8.8.8 & 8.8.4.4
I have tried changing them in each interface in both "use custom DNS servers" and in the interface dhcp>advance DHCP-OPTIONS
I am not having anyluck.
Just to check and see if I could get any custom DNS to work I changed them in the same places on WAN interface and LAN and it still did not work. I'm not sure what I am doing wrong here
My setup is a WG1608 mounted to my roof with OpenWRT on it to get a 4G signal and that is connected inside to a AC68U where I do all my routing and where I am trying to change these settings.
I have reverted everything back to stock setting for the moment
Use option 6 to advertise your desired DNS servers on each VLAN's DHCP server.
So when I put:
6,8.8.8.8,8.8.4.4
there it still doesn't work
Have you restarted the dnsmasq process and then forced your client devices to renew their DHCP leases?
I have not, will a router reboot do this?
yes, a router reboot is fine. Be sure to also force the client devices to renew their DHCP leases (this will happen if the interface bounces during the reboot, otherwise you need to make sure the client does this -- a reboot of those devices is one way to do it).
Awesome, thank you 
I will try this real quick
Do I need to change anything else anywhere? I've read something about unchecking the "Use DNS servers advertised by peer" in the wan.
Is this needed too?
no, that's only if you want to specify different DNS servers for the router itself.
Ahh I see, I'll keep that in mind.
So the DNS kind of worked, when I connect to that VLAN now it shows 8.8.8.8 & 8.8.4.4 as the DNS
but when I do a leak test it is showing 143.244.60.24 Datacamp Limited
let's see your config files:
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
root@ROOter:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdXX:1b54:XX::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ifname ' tap0 tap-server'
config device
option name 'eth0.2'
option macaddr '78:XX:AF:7d:XX:e9'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option metric '1'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '5t 1 2 3 4'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5t 0'
config interface 'VPN'
option proto 'none'
option auto '0'
option device 'tun0'
config interface 'VPNS'
option proto 'none'
option auto '0'
option device 'tun-server'
config interface 'TAP'
option proto 'none'
option auto '1'
option device 'tap0'
config interface 'TAPS'
option proto 'none'
option auto '0'
option device 'tap-server'
config interface 'wwan'
option proto 'dhcp'
option metric '2'
config interface 'wwan6'
option proto 'dhcpv6'
config switch_vlan
option device 'switch0'
option vlan '10'
option ports '5t 1t 2t 3t 4t'
config switch_vlan
option device 'switch0'
option vlan '20'
option ports '5t 1t 2t 3t 4t'
config switch_vlan
option device 'switch0'
option vlan '30'
option ports '5t 1t 2t 3t 4t'
config switch_vlan
option device 'switch0'
option vlan '40'
option ports '5t 1t 2t 3t 4t'
config interface 'TPLinkAP'
option proto 'static'
option device 'eth0.10'
option ipaddr '10.10.10.1'
option netmask '255.255.255.0'
config interface 'NORDVPN'
option proto 'static'
option device 'eth0.20'
option ipaddr '10.10.20.1'
option netmask '255.255.255.0'
config interface 'SmartDevices'
option proto 'static'
option device 'eth0.30'
option ipaddr '10.10.30.1'
option netmask '255.255.255.0'
config interface 'CCTV'
option proto 'static'
option device 'eth0.40'
option ipaddr '10.10.40.1'
option netmask '255.255.255.0'
config interface 'wan1'
option proto 'dhcp'
option metric '10'
option device 'wan1'
config interface 'wan2'
option proto 'dhcp'
option metric '20'
option device 'wan2'
config interface 'wg0'
option proto 'wireguard'
option auto '0'
list addresses ''
config interface 'wg1'
option proto 'wireguard'
option auto '0'
list addresses ''
root@ROOter:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '0'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'CCTV'
option interface 'CCTV'
option limit '150'
option start '10'
option leasetime '2h'
list ra_flags 'none'
config dhcp 'NORDVPN'
option interface 'NORDVPN'
option limit '150'
option start '10'
option leasetime '2h'
list ra_flags 'none'
config dhcp 'SmartDevices'
option interface 'SmartDevices'
option limit '150'
option start '10'
option leasetime '2h'
list ra_flags 'none'
config dhcp 'TPLinkAP'
option interface 'TPLinkAP'
option start '100'
option limit '150'
option leasetime '2h'
list dhcp_option '6,8.8.8.8,8.8.4.4'
list ra_flags 'none'
root@ROOter:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'TPLinkAP'
list network 'NORDVPN'
list network 'SmartDevices'
list network 'CCTV'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 wwan wan1 wan2'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config zone 'vpnzone'
option name 'VPN'
option forward 'REJECT'
option output 'ACCEPT'
option network 'VPN'
option input 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding 'vpnforward'
option dest 'VPN'
option src 'lan'
config zone 'vpnzones'
option name 'VPNS'
option forward 'REJECT'
option output 'ACCEPT'
option network 'VPNS'
option input 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding 'vpnforwards'
option dest 'VPNS'
option src 'lan'
config zone 'wgzone'
option name 'wg'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'wg0 wg1'
option input 'ACCEPT'
option masq '1'
option mtu_fix '1'
It appears that this is the only network that you have specified the DNS servers via option 6. With that in mind, be sure you're testing on this network.
Also, try different browsers and ensure you don't have any VPNs enabled or any browser extensions... those can cause DNS overrides relative to what is DHCP advertised (as can malware/spyware or some legit 'helper' utilities and even the system level DNS controls).
Ahh, I bet AdGuard on my phone is doing it
Not surprised. Glad you now have the problem identified.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thank you so much for troubleshooting this with me!