(SOLVED)Questions about custom DNS

I am trying to get away from my ISP's DNS servers because they are terrible. I constantly get page cannot be displayed or they take forever to load. I just recently started using OpenWRT. I have used TomatoUSB and DDWRT for many years. I am a little confused on setting custom IPV6 DNS servers. Do I put the custom IPV4 and IPV6 addresses under Interface>LAN>General settings, or do the IPV6 addresses go under DHCP Server>IPV6 Settings>Announced DNS servers?

Also, I thought when I changed the DNS servers and clicked on Status>Overview>Network IPV4 Upstream and IPV6 Upstream should update to the custom DNS servers I set? I have IPV4 custom DNS servers added and I am still seeing my ISP's DNS servers under IPV4 Upstream. Can someone tell me how to configure it properly so I can avoid my ISP's DNS instead of having to manually set it on every device?

Another thing I wanted to look into was encrypted DNS. An article I read was saying that if you setup encrypted DNS you can stop your ISP from tracking you. That they will no longer be able to see your browsing history etc. If I can not only route my DNS inquiries through other DNS but also encrypt it I would like to do that. How would I go about setting this up?

In the WAN Interface config:



Ahh okay got to uncheck the "Use DNS servers advertised by peer" I didn't even know there was DNS settings in there lol. So I can add two IPV4 addresses then add 2 IPV6 address all under there?

1 Like

Yep, feel free to add them there.


Awesome thank you. It is working perfectly now. I am using Cloudflare DNS. I read that their DNS is encrypted. So now that I am on their DNS my ISP should not be able to track me and see what pages I'm visiting? Just wondering how true what I read is :rofl: :joy: :rofl:

Depends on tracking (and your security concerns):

  • Obviously, your ISP can see your unencrypted traffic, this is the trust you must give any carrier, so traffic to any server at 53/udp can be seen
  • Stopping use of their DNS servers means they cannot record/log via your "voluntary" use of the servers via the WAN DHCP assignment
  • Use of some encrypted DNS protocol, or routing your DNS traffic over a VPN would ensure the ISP cannot see your DNS lookups
  • Nonetheless, your carrier can see what IP/ports you connect to, regardless if they have a record of the DNS lookup(s) - or of the encryption status - using a full VPN would only show the ISP you're connected to the VPN provider (which you now give trust)

Thanks again I appreciate your help.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.