DNS leak test showing USA cloudflare addresses instead of local NextDNS?

losnad 

I'd love to learn how to use it. I was considering paying for its very fast local cdn service that I enjoy perhaps I can give the bog standard 45.90.28.0 & 45.90.30.0 services as I utilise all the dns blocking locally from my piholes. 

Just been seeing a few posts pop up surrounding and getting conflicting information like here - https://www.reddit.com/r/nextdns/comments/odnpia/dns_leak_question/?context=3 where they mention that after 300k queries dns results are rerouted to Google. Then I also saw this one yesterday as well - https://help.nextdns.io/t/83hkphc/connecting-to-a-bunch-of-google-dns-servers?r=h7hk5mt#h7hk5mt

NextDNS 

Thank you for clarifying! 
So for your paid service is it just the logging and blocking functionalities for infinite queries that are enabled? As I have PiHole blocking I was using cloudflare but my ISP gets crap routing using them as they are not a ECS dns provider. So I have been enjoying using the fast local NextDNS servers!

Greg B. 

Hi there Greg, Yes I have linked my public static IP from my ISP. I only have my pihole IP as DNS in my router settings and force all request through it. Running AsusWRT in DNSFilter mode so if it detects any devices trying to reach google dns etc outside my specified pihole dns in my router config it redirects it as a request through my router (if that makes sense.)

I have both ipv4 addresses provided by NextDNS in my custom ipv4 upstream dns entries in pihole. That is all, no other servers are used. One thing I did read in that earlier reddit thread is possibly having enabled 'Anonymized EDNS Client Subnet'

NextDNS 

So you can see the screenshot. I've got it locked down as hard as can be imo. Most times when I run an extended test I get those leaks, sometimes I get nothing which is weird. I am not sure what else could be causing it. I.e. if I change to both OpenDNS (208.67.222.222 · 208.67.220.220) I don't get those leaks perse and just see those 2x servers and nothing else. Sometimes I see a huge string of Google LLC / Cloudflare servers as pictured 

DynamicNotSlow 

Ok so I'll try and be as concise as possible.

PiHole's x2 I have one on ethernet, one on wifi at the other end at the house running in a master/slave config in high availbility with keepalived. I run a virtual ip dns (192.168.1.20) Both Piholes are configured to use custom ipv4 DNS which is listed above my linked IP in my NextDNS dashboard page. Setup for the HA pihole is found here - https://www.reddit.com/r/pihole/comments/czlynq/tutorial_how_to_run_2_pihole_servers_in_ha_high/

Running Asus Merlin software on RTAC68u router. My router is my dhcp server. Both WAN & LAN DNS is set to my virtual ip (192.168.1.20) meaning when master pihole dies or loses connection slave pihole kicks in and handles queries. This is due to having DNSFilter enabled with the mode set to the router with both piholes given a no filter exception. Essentially meaning that if a device were to try and reach outside dns the it will hit the router and be forced back through the pihole. More on that here but is very common on the snbforums - https://www.snbforums.com/threads/way-to-block-devices-from-reaching-out-to-google-dns-on-ac68u.73426/#post-698075

I don't seem to have the issue as previously mentioned when I use OpenDNS or Quad9 etc other DNS systems. In fact I went to great measures and even added a URL and IP filter to block out common dns and doh filters on my piholes as well.

https://raw.githubusercontent.com/Sekhan/TheGreatWall/master/TheGreatWall.txt
https://raw.githubusercontent.com/oneoffdallas/dohservers/master/iplist.txt

Hope that makes sense without being too confusing or technical. If you need clarification on anything let me know!

DynamicNotSlow Sorry I thought that was self explanatory. Everything is set to DHCP so router servers out the IP and DNS which points back to the PiHole using the 2 ipv4 adddresses provided in the nextdns dashboard

DynamicNotSlow I wouldn't get any result as they act as my lan dns servers. I may have resolved the issue by just flat out blocking those IP's in my router firewall as a preventative measure.