Unfortunately, as of EdgeOS v1.6.0, even if you specify custom DNS servers in the system settings, the default behavior is for DNS servers from your ISP to be added to /etc/resolv.conf where they’ll override your custom DNS settings.
New Post (updated with permanent solution)
This post used to describe a manual way to remove DNS servers from your ISP, but it wasn’t permanent and would occasionally need to be redone. After coming across this thread on the Ubiquiti forums, I think I might have finally found permanent solution to this “DNS hijacking” problem. The default behavior (as of EdgeOS v1.7.0) is still to override your DNS settings.
In the EdgeOS CLI, use the following commands to stop the DNS servers from populating in `
eth0 with whichever interface is connected to the WAN).
configure set interfaces ethernet eth0 dhcp-options name-server no-update commit save exit
That’s it! You can confirm which DNS servers you’re using with a dns leak test linked to in the references below.
user@ubnt:~$ cat /etc/resolv.conf nameserver 184.108.40.206 nameserver 220.127.116.11 nameserver 18.104.22.168 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl nameserver 22.214.171.124 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl search tds.net #line generated by /opt/vyatta/sbin/vyatta_update_resolv.pl
By commenting out the lines added by /opt/vyatta/sbin/vyatta_update_resolv.pl, devices connected to the router will start using the custom DNS servers specified in the GUI.
user@ubnt:~$ cat /etc/resolv.conf nameserver 126.96.36.199 nameserver 188.8.131.52 #nameserver 184.108.40.206 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl #nameserver 220.127.116.11 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl search tds.net #line generated by /opt/vyatta/sbin/vyatta_update_resolv.pl
To easily remove all of the nameservers added by vyatta_update_resolv.pl, the one liner is
sed '/nameserver written by/d' /etc/resolv.conf > /etc/temp && mv /etc/temp /etc/resolv.conf