Trying to force specific DNS for ordinary connection with NetworkManager fails

I have tried to force the eth0 hardwired connection under NetworkManager to use the designated DNS servers but whenever I check the DNS settings on the internet, say at dnsleaks.com, it always comes up with my ISP’s DNS #s, not the ones in the NetworkManager designated DNS line.

Any ideas on how these DNS’s are being hijacked and replaced by my ISP’s DNSs ??

VPN connections work great, they use the DNS attached to the connection but I am trying to use secure, un-logged, encrypted DNS for regular web surfing.

@American_Citizen I always set the DNS servers to use in the router, which point to my local pihole dns servers.

If you run a query, what server ip shows up… eg dig forums.opensuse.org

You can start with explaining what you did to

Show your connection profile. Show /etc/resolv.conf.

Currently the /etc/resolv.conf file shows (right while eth0 is live today Sat 14th Jan)

nameserver 10.26.0.1

Yesterday I had the resolv.conf file read

nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 10.19.0.1

and the last VPN DNS was auto inserted by the NetworkManager when I directed a VPN connection to be enforced upon the eth0 hardwire interface

I am using the following webpages to check for DNS leaks
https://dnsleaktest.com/
https://surfshark.com/dns-leak-test
https://dnsleak.com/
https://browserleaks.com/dns
https://www.expressvpn.com/dns-leak-test
https://ipleak.net/

I have gotten conflicting results from the third one above, dnsleak.com, hence checking using the other 5 sites.

In the clear, despite setting up the two DNS addresses in my Netgear C6300v2 router, as 208.67.222.222 and 208.67.220.220, instead the DNS comes up usually as 3 (sometimes 1) Comcast DNS server

Do I assume that I can run a local dns server on my linux system and redirect the DNS queries to what the server says? This would be nice, if possible.

Malcolm, have you checked for DNS leakage, when using the local pihole dns server? Just curious, as I was quite surprised to discover my Mozilla Firefox browser was using two Cloudflare DNS server addresses, then someone pointed out to me that the DNS over HTTP option (DoH) was being used. This option got set without my knowledge, and found out after I totally removed Firefox from my system and reinstalled fresh.

To all, I was able to force the IPV6 DNS to be manually assigned under the advanced settings IPV6 tab in the Netgear C6300v2 router, and I purposefully set a global unicast address into the two settings. Careful experimentation shows that the DNS queries are going via the ExpressVPN 208.67.222.222 or 208.67.220.220, but that CiscoOpenDNS is bouncing the requests to available DNS addresses in the 208.67 domain block, and that is fine with me. I have effectively shut off the IPV6 loophole in my NetGear Router and I am okay with CicsoOpenDNS being the DNS resolver for when my system connects in the clear mode.

I now consider this problem fixed, as it was NOT the Network Manager’s fault, but actually how the firmware in my NetGear C6300v2 cable modem/router was functioning.

@American_Citizen I have and just did, still the same openDNS ones set. I don’t use Firefox either, so can’t comment on that.