I just received my Flint 3 and I decided to try 4.8.1 beta.
I turned ON a VPN tunnel (tried OPVPN and Wireguard - I currently use Proton) and I enabled Adguard Home using NextDNS as Upstream DNS servers (tried H3, Quic, TLS).
Doing some dns leak tests on Browserleaks and Dnsleaktest everything seems fine BUT one thing bothers me: on NextDNS logs I see that my requests are from my WAN (my real IP) instead of my VPN Tunnel.
Tried this even on my Flint 2 with 4.8.0 beta and I had the same IP leak on NextDNS.
Then I tried reverting to 4.7.14 and everything is working as expected: on my NextDNS logs I see my VPN Tunnel address instead of my real IP...
To be short, I tested it on Flint 3 v4.8.1 firmware and it didn't reproduce this issue. Please let me know what features you enable and configure, or say how to reproduce?
That's the right settings.
However, My LAN1 port is set to WAN and I have a multi-WAN setup in failover mode.
EDIT: In Adguard Home I've chosen "parallel requests" instead of "load balancing", try also using H3 and QUIC please, as they seems the cause of the leak.