Part of the Furniture
I'm still getting DNS leaks connecting to the majority of servers I've tried with this configuration - which is the same result I was getting with a prior configuration on 386.3 that had "Accept DNS configuration" to "strict", and no route entries in the custom config field.
As I understand it, when running a leak test the ISP should match the one displayed at the top of nord's homepage, and the IP address displayed in the leak test should closely match the IP displayed on nord's homepage (typically the last digit will be different when the ISPs are the same).
Therefore, I am describing a leak as when nord's homepage shows a protected status, and a leak test shows a different ISP and IP address.
I'm baffled at how, with identical configuration settings such as those eibgrad recommended for 386.4, some servers can be connected to without DNS leaks, while most others cannot.
You're still getting DNS leaks, as measured by what?
The point of that particular configuration if to bind your DNS to CloudFlare (22.214.171.124 and 126.96.36.199). If the OpenVPN client is NOT active, your DNS access is over the WAN. If the OpenVPN client is active, and you have the routing set to "Yes (all)", then your DNS will be directed over the VPN. So no matter the circumstances, your DNS access is always through CloudFlare, and all that differs is whether its over the WAN or VPN.
How does any of the above have anything to do w/ the NordVPN DNS servers? What difference does it make what the NordVPN webpage says? As I say all the time, *other* DNS leak testing tools routinely provide incorrect information. You can't rely on them. That's why you only need to concern yourself w/ what YOU can control, which means determining w/ local DNS monitoring, what DNS is being used, and where it's being directed. Once it leaves the router, all bets are off as to what happens to that DNS traffic since at that point you do NOT control it.