See also: DNS hijacking using CLI
If you have set a custom DNS server and would like to enforce this across your network without clients being able to override it, then you'll need to force all DNS traffic through the router on the default port '53'.
Many Android devices are now being pre-programmed with the Google DNS servers (184.108.40.206 and 220.127.116.11) so they automatically bypass the DNS set on the router. It's unclear if any other devices are following this trend Android has, but if it's important that your client device(s) require a specific DNS then this guide will show you how to get around that.
A reason why you'd want to force all clients to a single DNS is if you have content filtering from a service such as OpenDNS that can block domains via URL's or through category filtering. OpenDNS can be setup with the DDNS Client using DNS-O-Matic When your WAN IP address updates it will also update OpenDNS so that your content filtering and URL blocking stay up-to-date.
To add this through the LuCI web interface:
* If you're unable to set the exact zones simply select anything from the list as you can change it in step 10
The OARC Reply size Test can validate that your DNS queries are being intercepted.
dig +short rs.dns-oarc.net TXT @18.104.22.168