Use vpn for dns only

[Smokey613]

How would I use a vpn to route ONLY DNS traffic and to bypass the vpn for all other traffic? I have a neighbor I am trying to setup because his isp intercepts and redirects dns traffic. He has a rt-ac86u and tor vpn setup already. The reason for directing only dns traffic is his FuboTV service gets messed up if he uses the vpn for all traffic. He loses his access to local channels. I hope this makes sense.

 

[RMerlin]

I would pick up the DNS server that you wish to use (for example 8.8.8.8), then setup a policy rule where the destination is 8.8.8.8.

Another option is to enable DNSPrivacy, and use DNS-over-TLS.

 

[Smokey613]

I would pick up the DNS server that you wish to use (for example 8.8.8.8), then setup a policy rule where the destination is 8.8.8.8.

Another option is to enable DNSPrivacy, and use DNS-over-TLS.

To give more info on this, the isp recently changed something on their side and dns lookups are horribly slow, often timing out even when specifying google dns on the client. After setting up the vpn, dns lookups are back to being very fast but that is when he ran into the FuboTV issues hence the need to redirect only dns lookups using the vpn. If we go to the dns leak test site it shows his isp’s ip as the dns server. On the vpn it correctly shows the clients configured google dns servers.

 

[RMerlin]

To give more info on this, the isp recently changed something on their side and dns lookups are horribly slow, often timing out even when specifying google dns on the client. After setting up the vpn, dns lookups are back to being very fast but that is when he ran into the FuboTV issues hence the need to redirect only dns lookups using the vpn. If we go to the dns leak test site it shows his isp’s ip as the dns server. On the vpn it correctly shows the clients configured google dns servers.

That's why I suggested using policy rules, but having just a policy to redirect DNS queries by specifying the DNS server's IP address, and no other rules. Any other traffic will still go through the ISP.

 

[Smokey613]

That's why I suggested using policy rules, but having just a policy to redirect DNS queries by specifying the DNS server's IP address, and no other rules. Any other traffic will still go through the ISP.

Thanks for the info RMerlin!!

 

[Smokey613]

Okay, I cannot seem to get this working.

network - 192.168.2.0/24
firetv - 192.168.2.175
I want to redirect dns requests from the firetv destined to 8.8.8.8 to use the vpn tunnel, all other traffic from this device needs to use the normal wan route. What entries do I need in my policy rules?

 

[Authority]

How would I use a vpn to route ONLY DNS traffic and to bypass the vpn for all other traffic? I have a neighbor I am trying to setup because his isp intercepts and redirects dns traffic. He has a rt-ac86u and tor vpn setup already. The reason for directing only dns traffic is his FuboTV service gets messed up if he uses the vpn for all traffic. He loses his access to local channels. I hope this makes sense.

Check out NextDNS which then routes the DNS over HTTPS (DoH). Not sure how it would work with FuboTV however.

NextDNS Installer

I'm proud to announce NextDNS is now officially supporting Merlin. You can find the installation procedure on our Github Wiki. We are also working with @RMerlin to add a UI to this integration. Stay tuned. You can post your questions or concerns to this thread or contact us directly through...

www.snbforums.com

 

[qadhi]

bumping the post as I am in the same boat. I will rephrase the issue again in an attempt to better explain the issue.

1. Running asus-merlin
2. DNSSEC, DoT, DOH, DNSCrypt, etc works fine
3. Have purchased smart DNS for online streaming which is just a standard DNS and does not support any features mentioned in item #2
4. ISP is blocking OpenDNS and smart DNS by only blocking requests sent to UDP port 53. Ping reply works fine but nslookup using this specific servers fails
5. Some clients using OpenDNS which is now working when used with DoT (DNS over TLS) but smart DNS still fails as it doesn't support this
6. Looking for a way to only send DNS queries via this smart DNS for some clients. Others will use OpenDNS over DoT. All other traffic will go through WAN.
7. Since this smart DNS does'nt support security features, looking for a way to use VPN for sending DNS queries only.

Summary: Looking for help to setup DNS over VPN using asus-merlin. DNS doesn't support any security/privacy features so configuring via WAN/DNS Filter is not an option as it is getting blocked.