Flint 2 (GL-MT6000) - DNS

The WAN port of Flint2 is connected to LAN port of my ISP Modem/Router.

Flint2 is getting the DNS from my ISP Modem/Router.

Is there an way the computers connected to Flint2 to use the DNS set on it instead of using the DNS distribuited by my ISP Modem/Router?

On my ISP Modem/Router I can set just “Manual DNS (like, or Automatic DNS (my ISP DNS)”, but there is no encrypted DNS available on it like on Flint2.


Override DNS Settings for all clients will do the job if the devices are connected to your Flint2 instead of your modem.

But it’s not overwriting…

If I go to the client connected to Flint2 and type “ipconfig /all” (cmd Windows prompt), I can see the DNS is that one from my ISP Modem/Router and not that specified on Flint2

have you tried ipconfig /flushdns ?

and if that does not work ipconfig /renew since dns is given by dhcp?

though its strange if override settings for all clients does not work, I would think its a forward which hijacks all dns traffic right?

in that case can you try this:
nslookup -type=TXT whoami.ds.akahelp.net

I had once a different issue with overriding dns and it made me think it really did not work on dnsleaktest even with flushing, or chrome://net-internals/#dns but the command here above is a really good test in my situation it show it did worked :slight_smile:

the ips it first spits out should be your new dns… maybe external so you can whois them to verify :wink:

You Encrypted DNS/DoH looks proper. Engaged DNS Rebinding & fire up IP Leak using Incognito/Private Mode after flushing per @xize11 , @admon 's respective notes.

Related: I find it always best to use Incognito mode when administrating a GL or OpenWrt device; browser caching can be a b!7ch in causing ‘false positive’ errors & weird inconsistencies. YMMV.

How do you connect your devices to your router? Are they connected directly, or is the router just “one of many” devices connected to the modem?

Also just a hint :wink:, if you use DoT or DoH or even a vpn on the client device itself not the router, then there is a chance you skip your settings and overriding does not work then.

Overriding requires normal dns port 53, DoH and DoT uses 853,443, the vpn skips a hop entirely, so unless the dns is set in the vpn config with allowance to lan, otherwise theres a chance it will not work.

1 Like

That’s true but what makes me wonder is that the client shows the IP of the modem That’s usually not possible if they get the DHCP from the Flint2.

Jup that is idd strange but maybe a caching / flush issue.

Or… OP uses some type of exotic configuration (i.e different device than br-lan, or guest) and the scripts may not work with this, but then i think it should be reflected in luci. :wink:, there was a time some of these scripts did add interoperability to uci/luci firewall directly but not all of them.

If have look IP isp dns looks like conflict between router and isp. My suggestion flint 2 change lan network range

Flint2 is connected to the Modem/Router (WAN port from Flint2 wired to LAN port of the Modem/Router).

Most of devices (laptops, computers, smartphones) are connected by WiFi on Flint2 (5GHz network)

Some devices (smart plugs, thermometers, thermostats) are conneced by WiFi on the ISP Modem/Router (2.4GHz).

When I return to home I’ll test all suggestions on this thread. Thanks


I ran the flushdns…

I set and on my ISP Modem/Router.

This is what I get on Flint2:

nslookup -type=TXT whoami.ds.akahelp.net
Server: console.gl-inet.com

Non-authoritative answer:
whoami.ds.akahelp.net text =


(root) ??? unknown type 41 ???

DNS Detect says:

ipconfig /all says:

DNS Servers . . . . . . . . . . . : (this is my Flint2)

Logs (Flint2) says:

daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] [quad101] OK (DoH) - rtt: 210ms
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] [nextdns] OK (DoH) - rtt: 6ms
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] [nextdns-ipv6] OK (DoH) - rtt: 7ms
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] [cloudflare] OK (DoH) - rtt: 17ms
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] Sorted latencies:
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] - 6ms nextdns
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] - 7ms nextdns-ipv6
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] - 17ms cloudflare
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] - 210ms quad101
daemon.err dnscrypt-proxy[2916]: [2024-01-25 10:17:33] [NOTICE] Server with the lowest initial latency: nextdns (rtt: 6ms)

Looks like I’m not using Nextdns as DNS server :thinking:

What does your Flint2 shows in the menu Network > DNS?

2nd image on the 1st post.

Ah, sorry.

But in this image you have more then just NextDNS - that’s why Cloudflare will answer.
If you want to use NextDNS, you should remove all others - or change the order (if its possible)

only cloudfare is answering and it’s the primary DNS server on my router

So where is the problem then?

Sorry but I’ll not repeat all over again…
Please check the 1st post.

My devices should use the DNS set on my Flint2 and not from my ISP Modem/Router.

I don’t get it.

The 2nd image in the 1st post shows that you are trying to use cloudflare as main server for DNS-over-HTTPS. The picture from DNS Detect says that you are using cloudflare. Soooo… that’s what you configured.

Those IPs clearly aren’t working on DoH.
They are from the DNS I set on my ISP Modem/Router.

To prove this, I removed cloudfare from the list of the servers on Flint2, then reboot, flusdns, renew, etc…

And I’m still having cloudfare as DNS.
None of the DNS set on Flint2 is used on the computers connected on it.