After upgrading to 4.7 ads started to pop up.
DNS is now defaulting to Cloudflare, which I never set up.
I use the following settings:
https://test.nextdns.io returns 'unconfigured'.
What could be the problem / solution?
Hi,
If disable the option Override DNS Settings of All Clients and enable Allow Custom DNS to Override VPN DNS, does the DNS work ok?
Hi @bruce , it's still defaulting to Cloudflare with these settings:
It happened after the firmware update to 4.7 from the preceding version.
The R&D guys try to reproduce on theMT3000 with v4.7.0, it does not occur issue.
Check if the subscribe plan overdue?
Check if the client has Cloudflare DNS proxy?
Even if the NextDNS is not available, it will not switch Cloudflare. What do you use to detect DNS?
Hi @bruce,
Thank you for the reply.
My network is as follows:
- Incoming fiber cable box, connects with:
- KPN Experia box (Network provider), connects with:
- Flint 2
This is and was the setup, and used to work.
Now it seems, that the DNS settings on Flint 2 are not honoured and are defaulted to what KPN Experia box is configured with. It seems it's configured with Cloudflare.
Here are my settings:
I think you can see in this screenshot "Ethernet Settings" that DNS is retrieved from my KPN box, instead of NextDNS. Note: setting a Static connection doesn't work either. Still defaults to Cloudflare.
NextDNS = Paid. If I use the Mac app it works fine.
I use https://test.nextdns.io and I check the NextDNS panel for it's status:
Hi @bruce , something 'strange'.
Safari (latest) on Mac is still defaulting to Cloudflare where Chrome is using NextDNS.
Safari: "status": "unconfigured"
Chrome: "status": "ok"
Firefox: "status": "unconfigured"
.... no idea 
Reverted to 4.6.8. DNS is now working correctly with these settings. I did do a factory reset first.
Where does the cloudflare come from?
Do you use it to test on the machine if overriding works?
Then this is normal, it's kinda sneaky but if you use chromium browsers, they all use DoH and if DoH was blocked by a blacklist it uses DoT and then finally it fallsback to 53 which can be overriden, this bypasses your full dns.
Unfortunately the nasty side is, aslong secure dns is active (maybe also inactive), chromium holds a hardcoded list of known resolvers and forces DoH even when unintended.
Desktop devices can disable this checkbox, but android phones not.
But if you use a resolver not of that list, last time i checked against 9.9.9.9 (they seem not to be present in that list back then), and the dns hijacking worked.
You can try and see what happens if you block access to 1.1.1.1
1 Like
I think it comes from the Experia box preceding the Flint 2 box. But even there I set the DNS to NextDNS. I have no other networking tools or software. I have also checked the DNS on my Mac for both ethernet and WIFI. Both are set to Flint 2's IP.
Does a other device give the same results?
I'm dutch too, but it is unusual for kpn to use cloudflare on their experiabox unless it is set, plus i would suspect that it is just 53 traffic, when it is expected nextdns to bypass it.
im aware of a change with the vpns dns handling this priorities higher than normal dns, but when you use a split tunnel to allow domains over wan or devices, then it unintentionally uses the dns of the vpn, could the cloudflare dns originate from there?
@xize11, I've done a full Reset Firmware. "Delete All and Reboot".
I then came back to the DNS settings, and set the mode to Encrypted DNS, over TLS, with NextDNS and my NextDNS ID.
This is setup in the Experia box:
Yes: Unconfigured.
I'm not sure how to check this. The port is set to WAN at the moment.
thanks :)!
Oh i see what you mean with this, i think experia uses dhcp option 6, and the flint 2 intercepts it as dns.
When it should be 192.168.2.254, that is kinda strange.
Other routers don't do this either 
I think gl needs to tune this, does the overview in luci show this data aswell?
Since kpn also comes with a domain resolution to access ui, for now you can do this:
Navigate to Network -> Dns -> Edit hosts.
Add:
mijnmodem.kpn 192.168.2.254
Oops try 192.168.2.254 mijnmodem.kpn
2 Likes
Will it work if you leave dns empty on the experiabox?, how it shows on wan on the flint 2?