Setting "Override DNS Settings for All Clients" not working?

Question: Is my GL-inet actually overriding the DNS settings for all clients?

On my long slow road to learning, I set the DNS setting to “Override DNS Settings for All Clients” and temporarily selected “Encrypted” and “DNS over HTTP” and then a Quad server.
Everything looks like it is set and running correctly.

BUT, back on the Mullvad Browser, I run https://dnscheck.tools and it returns the results of where every I point the Wireguard VPN as my DNS Resolver, but does not display the Quad server I set as the DNS server?

Note: I realize that my question lacks an understanding of how DNS resolvers work.

That’s the decision of the mullvad browser. So you can’t test with this.

1 Like

So I am confused on the selection of " “Override DNS Settings for All Clients”".

I thought that my PC is the client as well as Mullvad is the client browser, so with the Gl-inet router set to DNS encrypt and “Override DNS Settings for All Clients”, that it would force traffic through the Quad DNS server I chose.

Does that mean my Gl-router settings don’t do anything for my traffic from the client? (see how little I know?)

Depends on many different thing.

A program could bring its own DNS resolver (like Mullvad browser mostly do), a client could have a manual DNS server set, and so on, and so on.

I appreciate you talking with me, so thank you.

I guess I just took the selection of “Override DNS Settings for All Clients” at face value and believed that no matter what the client tried to use, it would be overrode as the Router handled the DNS requests.

This appears like like it doesn’t override all clients DNS settings.

It will try to override them - but it depends on the client config to accept this.

Mostly you would set this option while using Adguard for example and DHCP enabled on all clients. In that case mostly every DNS request will go through the router first.

DNS is talking over port 53 and unencrypted. So it is in theory easy for a router to change all outgoing traffic for any destination on port 53 to another destination.

For example I want to resolve Gl-Inet.com via Google (8.8.8.8). Then I open a command line and type nslookup gl-Inet.com 8.8.8.8.
In a normal configuration 8.8.8.8 should send the answer. If the router manipulating the destination, another DNS could answer…
You could try this with and without the option. I would expect the answering DNS server will be different.

But if you set another port or encrypted DNS, this won’t work. Even some anti malware tools would alert a change of the DNS resolver. But I’ve seen this only when the DNS is outside the LAN.

And most desktop OS prefer encrypted DNS. So sooner or later manipulating wont work.