I tried scouring the forums but I havent seen any fixes.
Router: MT6000
Firmware: 4.7.0 OP24
Description:
Im using WireGuard config from Windscribe with Global Proxy. My Adguardhome on the other hand, has my preferred DOH servers from Cloudflare, Google, and Quad9 with proper fall back addresses. Now, when I turn off the VPN and use AGH only, the DNS leak doesnt happen and when VPN is enabled, it does. I tried toggling AGH handle client request on and off but its the same result.
VPN On (Rise Asia Technology Limited is my providers DNS)
Apparently using Quad9's DOH and DOT causes the leak. I tried commenting it out and did the tests again with Cloudflare and Google DOH and DOT active (parallel requests and optimistic caching enabled), the leak never happened again.
I guess the network in your area may have hijacked the Quad9 domain name.
Perhaps you can try to manually resolve the nord9 domain name and use the obtained IP address to query the geographic location information for verification.
root@GL-MT6000:~# dig dns.quad9.net +short
;; communications error to 121.54.70.162#53: timed out
;; communications error to 121.54.70.162#53: timed out
;; communications error to 121.54.70.162#53: timed out
;; communications error to 121.54.70.154#53: timed out
So 121.54.70.154#53 is obviously not a Quad9 address. When I tried to check it via ipinfo.io, it returns:
Which is my Internet Provider's Prepaid / Cell telecom company. Im using Postpaid Fiber which is handled by their sister company, PLDT, but its highly possible that theyre sharing the same infra. I could simply not use Quad9 as a resolver for now since VPN is much more important but its a waste since Quad9's response time is better than Cloudflare or Google most of the time. Any possible lead from this info?
It seems that the DNS address sent by the ISP following the DHCP does not support the resolution of Quad9. You can manually add the DNS address for your upstream interface, as shown in the picture below.
