WARP not tunnelling my queries?

I’m paying for Warp+ to get some privacy from ISPs. I didn’t want anonymity, just privacy, which is the reason I’m using Warp instead of a proper VPN. It has been going okay but a couple moments back I found out it isn’t actually working.
So, I have my router set to use NextDNS with logging enabled. I was going through the log and found that some queries from my phone, which is connected to it on WiFi and using Warp+ as an always on VPN, are showing up on it. Then I opened some apps, visited some sites, and they were all popping up in there.
What’s going on over here? Is Warp doing absolutely nothing for me? Snake oil?

You have to use DoH in your WARP app if you’ve got NextDNS set up in your router. Manually flip on DNS over HTTPS instead of AUTO or DNS over TLS in the Warp app. Also be aware that NextDNS will be bypassed when you’re using DoH on your device no matter the provider (except, ofc, if you use the NextDNS app itself for DoH.) The best solution, really, is to use NextDNS as your DoT provider within your router. That way you’ve got every device connected to it automatically using NextDNS DoT. So it isn’t CloudFlare scamming you or Warp not working. It works. It’s the fact that tunneling DoT twice over doesn’t work. It’s just the way it is. And DoH will bypass DoT if DoH is in your device and DoT is setup in your router. DNS is DNS, it’s not a CloudFlare thing it is what it is.

I can’t find any options to control DNS on the app, but 1.1.1.1/help says I’m indeed using DoH. My router (will be changed next month) doesn’t support DoT and I’m only using the regular network settings, but yes, I’m using it on there so that it’s the default for all devices. Actually, I have my PC set to use 1.1.1.1 (again, network settings, no DoT or DoH) and all it’s queries skip NextDNS.

To summarize, I’m indeed using DoH on phone, and the router is using unsecured DNS. NextDNS shouldn’t be seeing my phone’s queries.

NextDNS sees all. Change your log settings to off or use Switzerland as your chosen country for your logging server. The queries cannot be bypassed with NextDNS set as your DNS in your router. For now it’s free anyway, and ~$2.99 a month for unlimited queries after the beta period is up. It’ll be ~300,000 queries a month for free.

Get yourself an ASUS RT-AX88U or a 58U and flash ASUSWRT-MERLIN to it. You’ll have native DoT in your router, AX & WPA3.

That should absolutely be impossible. You’re basically saying if every network in the world chose to use NextDNS then VPNs will cease to function… Your administrator, organization, government, and ad agencies can snoop on you irrespective of what you use just by changing their DNS?! >.>

And NextDNS isn’t the problem, I want the logs, and I want them in any specific country, it shouldn’t matter. Warp exists in a layer before it and hence shouldn’t be affected by it in anyway.

As I said, I’ll be changing it next month… Not going to get Asus, maybe Ubiquity… But the router should in no way affect the functions of a VPN either (other than, maybe blocking entire access).

It’s not impossible. It happens every day everywhere unless you are using a proper VPN such as ProtonVPN. Regarding your actual concern as I misinterpreted your previous reply: Using Warp bypasses NextDNS and thus NextDNS is no longer your DNS provider. It’s CloudFlare. Just as using a proper VPN will change your DNS provider to those chosen by the VPN in question. If you want to continue using Warp and benefit from logging and blocking of malware, phishing, and that of any resource you choose from within / when inspecting the logs, use CloudFlare’s Gateway service. It’s extremely functional, easy to setup, and it’s a free service for anyone with a CloudFlare account.

https://gateway.cloudflare.com

(Attachment publicKey - [email protected] - dc622ac9.asc is missing)

Any router with built in DoT and / or OpenVPN client / server functions are extremely beneficial. That’s what I was attempting to tell you. Ubiquity should have OpenVPN capabilities, though I doubt any of their offerings have DoT capabilities.

(Attachment publicKey - [email protected] - dc622ac9.asc is missing)

Isn’t WARP technically a proper VPN service, except for the fact that it passes along your IP and doesn’t let you choose a location? If it isn’t, what’s the purpose of WARP?

And no, you did understand right. I want NextDNS bypassed by my devices. I just use NextDNS to block things for the TV and IoT, so I don’t mind unsecured DNS on it, but I’ll take a look. Thanks.