Weird result while testing DNS-Over-TLS configuration

NoobestNoob · August 2, 2019, 6:02pm

Used this method to configure DNS-Over-TLS /etc/config/dhcp looks like this.

However, while restarting dnsmasq I get this.

# /etc/init.d/dnsmasq restart
udhcpc: started, v1.28.4
udhcpc: sending discover
udhcpc: no lease, failing

I failed to undersatnd above error but still I dared and tested DNS

1.1.1.1/help and dnsleaktest result looks good I guess

Now the weird part,

I also tested DNS on https://cmdns.dev.dns-oarc.net/

Firefox result : Imgur

Chrome result : Imgur

Firefox and Chrome with tutorial result : Imgur

OpenWRT 18.06 Adblock 3.6-5.2

I tested these multiple times to be sure getting the same result.

Call me silly but something is weird.

vgaetera · August 2, 2019, 6:18pm

cat /etc/resolv.conf

And what is 192.168.31.1?

NoobestNoob · August 2, 2019, 6:42pm

# cat /etc/resolv.conf
# Interface wan
nameserver 127.0.0.1

what is 192.168.31.1 ?

My routers IP

vgaetera · August 2, 2019, 7:12pm

It doesn't work well with Adblock, you should use split DNS mode and restart Stubby:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#upstream_dns_provider

/etc/init.d/stubby restart

If your router and DHCP server is the same device, then you don't need to push this IP as the DHCP option.

Note that some browsers have pre-configured DNS over HTTPS, or pre-installed Tor plugins, or the like.
When those features are not disabled specifically, the test results are unreliable.

Also your DNS leak test shows 2 different countries which may be an incorrect GeoIP match or not.
So, it may affect the test result because the replies from those servers may be different.

NoobestNoob · August 3, 2019, 6:10am

Can you tell me from where do I remove and replace it with what?

Also I used to have pihole so I've added

config domain

shall I remove it?

I've read people are using with adblock without any issues

vgaetera · August 4, 2019, 6:58pm

It works fine in split DNS mode.
Otherwise Adblock fails to download the blocklists and/or Stubby fails to start upon system startup.
There's a race condition between these services.

So, you don't have it anymore?
What role does it perform if you still have it?

uci -q delete dhcp.lan.dhcp_option
uci commit dhcp
service dnsmasq restart

And reconnect the LAN clients to apply the changes.

NoobestNoob · August 7, 2019, 3:50am

Currently nothing. I'm still figuring out something new to do with rpi.

system · August 17, 2019, 3:50am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.