Maybe found a dns bug

Hi there!,

So appearantly sometimes the override dns settings doesn’t seem to work.

Since I’m using a more advanced network with multiple subnets/interfaces and their own isolated firewall zones that might be the reason why it doesn’t work for me.

I had the following active:

  • Wireguard was on.
  • Nextdns was on.
  • Rebind protection off.
  • vpn policies off
  • ipv6 is off

Now something strange happens:

On wireless I noticed all networks seem to get the dns, though I can’t be 100% sure.

on lan it doesn’t, it seems the hardcoded dns from chrome still gets through, and also my eth1 network (different interface and dhcp and fw zone), for tv it seems to not log nextdns queries from the OS and apps who abuse hardcoded dns.

So in order to verify this, I added a port forward rule:

Anything from wan with destination port udp 53 redirect to 53 in any zone

this is a trick I know to basicly hijack all dns and sent it through the routers dns, then I saw all the hidden dns in my nextdns logs.

Maybe I’m mistaken but does the option override dns not have the same intention as my port forward rule?, I believe it did worked in the past with older firmwares.

My firmware is 3.213 for flint.

Have you added an interface or VLAN configuration?

Yes I have, atleast sort off.

I noticed inside the logs vlan0 has been added to my lan interfaces though I have not set a vlan interface with id 0 (I think this is as expected by the software?)

However I only removed eth1 from psysical settings in luci and gave it its own interface and firewall zone so this port is not really a vlan port.