ISP Blocking Custom DNS on Router - Is This Allowed? Need Advice!

[sumant4ssm]

Hello everyone,

I recently encountered an issue with my Airtel Xstream Fiber 300 Mbps connection and Sercomm router that I hope someone here can help me with. Here’s the situation:

The Problem
I wanted to use custom DNS servers (like Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8) for better privacy and security. I can actually change the DNS settings on my Airtel Sercomm router, but as soon as I do this, all devices connected to the Wi-Fi show "Connected without Internet." When I revert back to the auto DNS settings and reboot the router, everything works fine again.

From this reddit thread it looks like they don't allow custom DNS.


My Setup
I use Adguard Home with Raspberry Pi which act as my DNS server. However, since the router blocks custom DNS settings, all devices on my network are still forced to use the ISP’s DNS servers and lose internet connectivity when set to my Adguard custom DNS.

My Questions

1. Has anyone else faced a similar issue with Airtel Xstream Fiber or any other ISP?
2. How did you resolve it?
3. Is it even allowed for ISPs to block the use of custom DNS servers?
4. What are the TRAI (Telecom Regulatory Authority of India) rules regarding DNS settings and user rights in this context?
5. Are there any effective workarounds to ensure that my network devices use my preferred DNS settings despite the router restrictions?

 

[Trex]

Use DoH or DoT as upstream DNS in adguard home.

 

[sumant4ssm]

@Trex The problem is, the internet stops working after inputting the Raspberry Pi IP into the router DNS address and rebooting. When I set it back to auto and reboot, it works.

 

[Trex]

first confirm if the RPi is listening port 53 and resolving queries.
On windows typed - nslookup google.com "your RPi IP"

 

[sumant4ssm]

Even if I use Cloudflare DNS 1.1.1.1 directly, it breaks the internet. They are not allowing custom DNS on the router.

 

[Soumil]

If you are really concerned about privacy, you should be using DoH, DoT, since DNS communication is NOT encrypted. It is highly unlikely that Airtel will be able to identify DoH/DoT as DNS traffic, since it looks identical to HTTPS.

If this still does not work, there could be some bug in the router firmware which doesn't allow changing the DNS servers handed out via DHCP. In this case, you could try running your own DHCP server from the RPi, and disable the one on the Sercomm.

As @Trex suggested, you should check if your RPi is even resolving DNS queries in the first place [after configuring the DoH/DoT as upstream on Adguard Home]

 

---