Use vpn for dns only

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Smokey613

Senior Member
How would I use a vpn to route ONLY DNS traffic and to bypass the vpn for all other traffic? I have a neighbor I am trying to setup because his isp intercepts and redirects dns traffic. He has a rt-ac86u and tor vpn setup already. The reason for directing only dns traffic is his FuboTV service gets messed up if he uses the vpn for all traffic. He loses his access to local channels. I hope this makes sense.
 

RMerlin

Asuswrt-Merlin dev
I would pick up the DNS server that you wish to use (for example 8.8.8.8), then setup a policy rule where the destination is 8.8.8.8.

Another option is to enable DNSPrivacy, and use DNS-over-TLS.
 

Smokey613

Senior Member
I would pick up the DNS server that you wish to use (for example 8.8.8.8), then setup a policy rule where the destination is 8.8.8.8.

Another option is to enable DNSPrivacy, and use DNS-over-TLS.
To give more info on this, the isp recently changed something on their side and dns lookups are horribly slow, often timing out even when specifying google dns on the client. After setting up the vpn, dns lookups are back to being very fast but that is when he ran into the FuboTV issues hence the need to redirect only dns lookups using the vpn. If we go to the dns leak test site it shows his isp’s ip as the dns server. On the vpn it correctly shows the clients configured google dns servers.
 

RMerlin

Asuswrt-Merlin dev
To give more info on this, the isp recently changed something on their side and dns lookups are horribly slow, often timing out even when specifying google dns on the client. After setting up the vpn, dns lookups are back to being very fast but that is when he ran into the FuboTV issues hence the need to redirect only dns lookups using the vpn. If we go to the dns leak test site it shows his isp’s ip as the dns server. On the vpn it correctly shows the clients configured google dns servers.
That's why I suggested using policy rules, but having just a policy to redirect DNS queries by specifying the DNS server's IP address, and no other rules. Any other traffic will still go through the ISP.
 

Smokey613

Senior Member
That's why I suggested using policy rules, but having just a policy to redirect DNS queries by specifying the DNS server's IP address, and no other rules. Any other traffic will still go through the ISP.
Thanks for the info RMerlin!!
 

Smokey613

Senior Member
Okay, I cannot seem to get this working.

network - 192.168.2.0/24
firetv - 192.168.2.175
I want to redirect dns requests from the firetv destined to 8.8.8.8 to use the vpn tunnel, all other traffic from this device needs to use the normal wan route. What entries do I need in my policy rules?
 

Authority

Senior Member
How would I use a vpn to route ONLY DNS traffic and to bypass the vpn for all other traffic? I have a neighbor I am trying to setup because his isp intercepts and redirects dns traffic. He has a rt-ac86u and tor vpn setup already. The reason for directing only dns traffic is his FuboTV service gets messed up if he uses the vpn for all traffic. He loses his access to local channels. I hope this makes sense.
Check out NextDNS which then routes the DNS over HTTPS (DoH). Not sure how it would work with FuboTV however.

 

qadhi

New Around Here
bumping the post as I am in the same boat. I will rephrase the issue again in an attempt to better explain the issue.

1. Running asus-merlin
2. DNSSEC, DoT, DOH, DNSCrypt, etc works fine
3. Have purchased smart DNS for online streaming which is just a standard DNS and does not support any features mentioned in item #2
4. ISP is blocking OpenDNS and smart DNS by only blocking requests sent to UDP port 53. Ping reply works fine but nslookup using this specific servers fails
5. Some clients using OpenDNS which is now working when used with DoT (DNS over TLS) but smart DNS still fails as it doesn't support this
6. Looking for a way to only send DNS queries via this smart DNS for some clients. Others will use OpenDNS over DoT. All other traffic will go through WAN.
7. Since this smart DNS does'nt support security features, looking for a way to use VPN for sending DNS queries only.

Summary: Looking for help to setup DNS over VPN using asus-merlin. DNS doesn't support any security/privacy features so configuring via WAN/DNS Filter is not an option as it is getting blocked.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top