I Just need some information related to DNS. I have the following scenario.
On my flint router i have openvpn client enabled with vpn policies with domain/ip using not to use VPN.
for example, i have domain youtube.com not to use vpn, so how dns will be resolved in that case, will it resolve the vpn’s local regional IP addresses or as it is bypass it will resolve outside of VPN ?
Note: DNS servers which i’m actually using are actually routed over vpn, as i have never mentioned to be bypass
Add ipeak.net to your domain/IP exclusions, apply & check the results.
For best results I recommend setting your DNS to an Encrypted service to keep its control out of your VPN provider’s hands.
(GL GUI → Network → DNS → DNS Server Settings → Mode → Encrypted DNS + Encryption Type → DNS over HTTPS)
doing this will segregate the dns quaries based on where the traffic is routed?
and addition to my scenario shared, i’m also using adguard Home.
ipleak will help you determine what DNS is being used when you’re enforcing other devices (‘clients’) to use/not use the VPN, accordingly.
IDK how much of this will work w/ AdGuard Home & I doubt it without some unsupported customizations; by default that takes control of all DNS resolution at the local level/local connections within OpenWrt & forwards them to the AdGuard Home service which runs independently ‘behind the scenes’ of the GL GUI which runs atop OpenWrt Linux.
Your Flint would be sending all DNS fowards to something like 127.0.0.1#5453 to shunt that DNS lookup through AdGuard Home first. I don’t use AdGuard so I can’t confirm/comment further.
Port 5453 isn’t a standard DNS port. :53 is the classic, unencrypted, insecure port (Do53).
In adguard home traverse to dashboard->settings->dns setting
Under dns setting please specify the domain which is excluded for vpn as per the following.
[/domain.com/]localdns server IP
*make sure the dns server is also excluded from vpn
Example:
[/google.com/]192.168.1.1
[/*.google.com/]192.168.1.1
This if you want to match sub domains too