Verizon search assist bypass OpenDNS

su_A_ve · May 1, 2020, 11:20pm

Recently, I had to restart my computer and after restarting the browser, it attempted to connect to a private work URL. Since my connection to my work VPN was down, I would have expected a page not found.

Instead I got a searchassit.verizon.com page which is the default when you use their DNS servers.

But my OpenWRT router is configured to use OpenDNS. (verifying with https://welcome.opendns.com/)

For example,

X:\>nslookup asdfs.openwrt.org
Server:  OpenWrt.lan
Address:  192.168.2.1

Non-authoritative answer:
Name:    asdfs.openwrt.org
Address:  92.242.140.21

Adding DNS servers to the client (either Google or OpenDNS), I don't get this problem. Is Verizon hijacking the response somehow or something is not configured correctly in the router?

Openwrt relevant config section:

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.2.1'
        option ifname 'eth0.1 tap0'
        option dns '208.67.222.222 208.67.220.220'

After manually adding the DNS server in the client I do get:

X:\>nslookup asdfs.openwrt.org
Server:  resolver1.opendns.com
Address:  208.67.222.222

*** resolver1.opendns.com can't find asdfs.openwrt.org: Non-existent domain

trendy · May 1, 2020, 11:37pm

First it is wrong to add internet dns under lan interface, you should add them under the interface where they are reachable from, for example the wan.
Second these dns are used by dnsmasq for forwarding, they are not advertised to the hosts by dhcp.
If you want to advertise them by dhcp to hosts you need to add in config/dhcp

config dhcp 'lan'
...
        list dhcp_option '6,208.67.222.222,208.67.220.220'

stangri · May 3, 2020, 9:47am

If you get redirected to a Verizon web-site, looks like it. I'd enable DNS-hijack on the router and try encrypted DNS (DNS over HTTPS or DNS over TLS) and see what happens.

lleachii · May 3, 2020, 1:58pm

I agree with @trendy.

To use OpenDNS with OpenWrt, you would add them to WAN, not LAN
If you assign the servers the clients instead, you do so with DHCP Option No. 6

You only need one method.