In my network i have Linux sever, few android devices and two windows machines.
Both linux and android devices DNS queries are successfully going through dnsmasq.
But i don't see any requests to dnsmasq from windows machines in logread -f even if i do nslookup google.com 192.168.1.1.
Also if i do nslookup from WSL - request going through dnsmasq successfully.
DoH enabled on those clients ?
https://www.howtogeek.com/765940/how-to-enable-dns-over-https-on-windows-11/
All clients is Win10 which doesn't have DoH afaik
Verified that. I don't have "Configure DNS over HTTPS (DoH) name resolution" setting in my group policy editor, Get-DNSClientDohServerAddress is not recognized by powershell and i don't see EnableAutoDoh registry key.
Run Wireshark on your Windows PC and look for DNS requests and responses.
are you by any chance running some 3d party firewall or security package, or VPN even ?
Windows firewall is disabled, dont have any other. OpenVPN and Wireshark is disabled. Only single thing that i have and which does something with my connections - is HyperV but i dont think it is a reason.
Oh here is a thing. Looks like windows using DNS servers 77.88.8.8. But idk why windows is doing that. Here is my ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : KiraKun-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter vEthernet (Ethernet):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-15-5D-08-E4-94
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6d9d:a687:ec74:a549%40(Preferred)
IPv4 Address. . . . . . . . . . . : 172.29.208.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 671094109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-26-58-2E-2A-46-6F-04-36-B6
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter vEthernet (Default Switch):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-BC-4F-A1
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f11e:8da6:3087:7a49%45(Preferred)
IPv4 Address. . . . . . . . . . . : 172.17.144.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 754980189
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-26-58-2E-2A-46-6F-04-36-B6
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : 2A-46-6F-04-36-B6
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
based on ?
you still should have had hits when you did nslookup google.com 192.168.1.1,
hence the question about security suite or VPN.
Then this problem has nothing to do with OpenWrt.
yup.
what OP can do, is to implement https://openwrt.org/docs/guide-user/firewall/fw3_configurations/intercept_dns
still think it's some kind of addon, or software causing this.
@KrykiZZ if you're bored, look for the Yandex DNS IP in the Win registry.
I've heard that windows have a mechanism of requesting DNS from multiple sources which leads to DNS leak in VPN's like OpenVPN but it should beed disabled by "Turn off smart multi-homed name resolution" group policy setting.
but you weren't using any/it was disabled ?
that looks like the policy editor, not regedit ...
Thats a very good advice, thank you. Seems like i've somehow left GoodbyeDPI service enabled (but i remember how i removed it long time ago) and this is a cause of my problem. Thank you very much!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
