After having some DNS issues with 3.8. I spent a few hours fiddling with my Turris DNS configuration. I’m pretty technical but not very experienced with routers/network configurations. Please let me share some feedback and sources of confusion.
It was absolutely unclear to me that the knot resolver (aka kresd) was being used instead of dnsmasq for DNS. First few hours I was trying to enable DNS logging and troubleshoot why DNS resolving is not going through dnsmasq (being unaware of knot I suspected a different reason). I didn’t find any documentation from Turris team, except for a few hints in some forum posts. It would be great if you guys could put at least a note in the LuCi interface at /luci/admin/network/dhcp so that people like me who fiddle with Turris configuration once a year don’t have to bang heads against the wall.
I agree that it would be safe to completely disable DNS subsystem from dnsmasq so that it is clear that it is just DHCP and not being used under any circumstances as DNS resolver. But I was unable to find a way ho to do that through Foris or LuCi via a checkbox (as OP suggests). As of 3.8.1 there is definitely nothing about it in Foris. And LuCi has many checkboxes but no clear way how to disable dnsmasq’s DNS subsystem altogether. I googled for dnsmasq docs and it is a complex mess. A few people[1] wrote that setting --port to 0 should disable it. I can do that via luci/admin/network/dhcp → Advanced Settings → DNS server port, but this is far from being intuitive. Also I won’t remember this in a few days, so next time I return back, I will be puzzled again…