DNS_PROBE_FINISHED_NXDOMAIN unless forwarding dns upstream

[Xsvrg]

Hey, using RT-AC68U router.
I'm using diversion and it has been fine so far. firmware is 384.18 because I couldnt get .19 to work (no internet no matter what I try).

Anyway I started getting DNS errors recently. Updated all the plugins I got on the router (Diversion, Skynet, YazFi, scribe, connmon, scMerlin, spdMerlin, uiDivStats, uiScribe, Entware) and still kept getting DNS error for certain websites (most work fine).
What should the WAN DNS settings in the web interface be for diversion to work? I ended up enabling " Forward local domain queries to upstream DNS " and the problem is gone but idk if Diversion is working anymore.
Also should DNS filter be on or off?

Appreciate if anyone can help me understand this better.

 

[dave14305]

The WAN DNS settings should either be your ISP, or your preferred third-party DNS service (Google, Cloudflare, Quad9, CleanBrowsing, NextDNS, etc.). Diversion doesn't really care what the upstream WAN DNS is.

There's no reason at all to enable "Forward local domain queries to upstream DNS". Disable it. The benefit was probably that dnsmasq was restarted.

DNS Filter can be on in "Router" Global mode, as long as you have no LAN DHCP DNS server 1 defined.

Enable logging in Diversion and see what's logged in /opt/var/log/dnsmasq.log when you get the DNS_PROBE_FINISHED_NXDOMAIN in the browser.

 

[Xsvrg]

Thanks for the help!
> /opt/var/log/dnsmasq.log
Is this where diversion puts its logs if you enable it?

 

[Fuechslein]

Do you have DNSSEC and a VPN client enabled by any chance? I had the same issue and looking at the dnsmasq logs i noticed that it tried to validate dns queries using a dns server coming from the vpn provider.

I only use the vpn client for a guest network with YAZFI.

Turning "Accept DNS Configuration" to "Disabled" in the VPN client settings seems to have solved it for me.