Your issue seems to me as related to unchecked DNS forwarding in Foris’s DNS tab, but keep in mind that DNSSEC should be enabled. Did you try to change DNS servers?
Why must DNSSEC be enabled? Why do you need it?
The answer is pretty simple - security.
If you understand Czech that we have a really cool website for DNSSEC, where you will also find short education video, which explains what is DNSSEC and why you need it, but if you don’t understand Czech don’t worry. I’ll give you a short explanation.
Technology DNSSEC protects against data spoofing and ensures that the content is authentic.
It’s been about a month since the attack to the site, which provides open-source client interface for generating Ethereum’s wallet was hijacked by using DNS Cache Poisoning if they were using DNSSEC/HSTS it’s possible that the attack would be avoided.
I know a very interesting article, unfortunately, in Czech, but I think you can also find some in English.
That’s why the DNSSEC is required by default on the Turris routers to avoid such of these problems.
If you’re interested in more details of DNSSEC you can look at this site.
Anyway, I really don’t get, why do you want to use dnsmasq, because dnsmasq doesn’t support DNS over TLS with many other things.
@paja is working to have support for DNS over TLS in Foris, which will be for Turris Omnia, which is using Knot Resolver and it is also used by Cloudflare and also for Turris 1.x, which because of the architecture using unbound, so it’s not really necessary to create issue on Gitlab for updating unbound.
We said here many times that the state with packages is just temporary. We’re doing our best to bring it to you faster, because it will help us, too. Well, we have only two people, which are maintaining a large number of packages. To bring you Turris OS 4.0 on the Turris Omnia it depends also on our kernel guys. Don’t forget that we need to have the smooth update from Turris OS 3.x. to Turris OS 4.0 or with minimal manual intervention. There is a really a lot of work before we’ll be able to bring it to you.
For advanced users, we will bring it sooner. We’re tweaking updater, so we could migrate e.g. from uClibc to musl on Turris 1.x. You can see what we’re doing on our Gitlab. We’re working on Sentinel, which was mention in our first Developer updater.
We’ll publish another update soon. E.g. since Turris OS 3.10 you can even boot from mSATA SSD.
But let’s focus on bright future, right? Don’t forget that we’re people and it doesn’t help us much, because we know about it. :’(