Which DNS server is active on my router?

When you go to the DNS menu, “Automatic” mode is usually the default option, but which one is currently used ?

It seems dnsmasq is running on 127.0.0.1:53 and is the main server, but which DNS server is it currently using ?

root@router:~# cat /etc/resolv.conf
search lan
nameserver 127.0.0.1
nameserver ::1
root@router:~# nslookup google.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      google.com
Address 1: 142.250.179.206
Address 2: 2a00:1450:4001:82a::200e

On the router is a dns resolver which will forward all request to the server you choose. In automatic mode this is mostly the one provided by DHCP on WAN.

Machines connected to the modem will use the OpenVPN DNS. You can verify it though.

How can I verify this ?

Yeah this is the main problem. Normally, It SHOULD go through OpenVPN DNS, but for some reason it doesn’t. My OpenVPN DNS block ads and trackers and now it doesn’t

Run tcpdump over port 53 then browse to any website from a client connected to the modem.

Sounds good, though it will be a bit verbose since all clients are connected to it. Thanks

First find the client that you suspect its traffic not going through the vpn dns - since ads are not being blocked.

Run tcpdump and filter by port 53 and a specific domain/website. From that client try to resolve and see the tcpdump output at the modem shell.