Change or delete DNS settings (8.8.8.8 and 8.8.4.4) in AC68U (Merlin 378.55).

[Alex Tiedemann]

Hi,

I'm trying to figure out where to change or delete some DNS settings in my AC68U running Merlin 378.55.

Under LAN>DHCP Server i have set the DNS servers like this under DNS and WINS Server Setting:
DNS Server 1: 217.197.83.204
DNS Server 2: 77.66.108.93

And under WAN>Internet Connection i have set the same DNS servers under WAN DNS Settings:
DNS Server 1: 217.197.83.204
DNS Server 2: 77.66.108.93

So have set two DNS servers, two different places.

Where else can i define DNS servers?

I ask because i get these lines in my log file, and i have not set the DNS servers 8.8.8.8 and 8.8.4.4 anywhere, and i don't wish to use those servers, have no use for them.


Sep 4 21:33:25 dnsmasq[16651]: exiting on receipt of SIGTERM
Sep 4 21:33:25 dnsmasq[16682]: started, version 2.73rc9 cachesize 1500
Sep 4 21:33:25 dnsmasq[16682]: warning: interface ppp1* does not currently exist
Sep 4 21:33:25 dnsmasq[16682]: asynchronous logging enabled, queue limit is 5 messages
Sep 4 21:33:25 dnsmasq-dhcp[16682]: DHCP, IP range 10.0.1.65 -- 10.0.1.254, lease time 1d
Sep 4 21:33:25 dnsmasq[16682]: using local addresses only for domain LANBOX
Sep 4 21:33:25 dnsmasq[16682]: read /etc/hosts - 5 addresses
Sep 4 21:33:25 dnsmasq[16682]: read /etc/hosts.dnsmasq - 28 addresses
Sep 4 21:33:25 dnsmasq-dhcp[16682]: read /etc/ethers - 28 addresses
Sep 4 21:33:25 dnsmasq[16682]: using nameserver 77.66.108.93#53 for domain local
Sep 4 21:33:25 dnsmasq[16682]: using nameserver 217.197.83.204#53 for domain local
Sep 4 21:33:25 dnsmasq[16682]: using local addresses only for domain LANBOX
Sep 4 21:33:25 dnsmasq[16682]: using nameserver 8.8.8.8#53
Sep 4 21:33:25 dnsmasq[16682]: using nameserver 8.8.4.4#53
Sep 4 21:33:25 dnsmasq[16682]: using nameserver 217.197.83.204#53
Sep 4 21:33:25 dnsmasq[16682]: using nameserver 77.66.108.93#53

So far i have blocked them in the Firewall>Network Services Filter, so hope they will be blocked.

But how do i get rid of those servers in the GUI, have i missed a place where they are configured?

Kind regards,

Alex T.

 

[Alex Tiedemann]

Hi again,

I had a look at things in my router, and looks like the DNS setting for one of the OpenVPN clients was not set to Default in Accept DNS Configuration.

When Accept DNS Configuration is set to anything else than Default (Relaxed, Strict or Exclusive), DNS servers 8.8.8.8 and 8.8.4.4 are automaticly selected for local IP's set to connect to the internet via an OpenVPN client in the router?

Could that be it?

I don't use my ISP's DNS servers, since they appear to be a bit slow, so use the two mentioned in my original post.

Kind regards,

Alex T.

 

[sfx2000]

Have you checked all your client computers for local DNS settings on them?

dnsmasq is a caching DNS server, so that's why you're possibly seeing the google DNS entries in your syslog...

 

[MediaMan09]

I agree with sfx2000. Check those. Its actually handy sometimes to be able to use DNS's other than those specified in the router, but if you don't want them, look there to get rid of them, eg:

 

[Alex Tiedemann]

Have you checked all your client computers for local DNS settings on them?

dnsqmasq is a caching DNS server, so that's why you're possibly seeing the google DNS entries in your syslog...

Hi sfx2000,

Nope, that i did not check.

Thanks for replying.

All devices are set up with DHCP, so they have a manually assigned IP via LAN>DHCP Server>Manually Assigned IP around the DHCP list.

Mostly devices with Windows are connected, but also an iPhone and some Android devices.

When i check the Windows devices i see they are assigned the DNS servers i have configured in the router.

On the iPhone i see it has the two servers i have configured in the router as well.

Also the TV and SatBox have my assigned DNS servers.

When checking the Android devices i'm not sure how to check the DNS servers in use, when the IP is assigned via DHCP. But if i set the advanced setting on in Static IP, i see that the two DNS servers i configured in the router are pre-entered, so guess that should be ok as well?

So all looks ok from the clients.

Kind regards,

Alex T.

 

[john9527]

When Accept DNS Configuration is set to anything else than Default (Relaxed, Strict or Exclusive), DNS servers 8.8.8.8 and 8.8.4.4 are automaticly selected for local IP's set to connect to the internet via an OpenVPN client in the router?

What OpenVPN server are you connecting to? With anything other than the Default setting, the server will push a set of DNS servers to the client. Some VPN providers will use google for their servers.

 

[sfx2000]

I had a look at things in my router, and looks like the DNS setting for one of the OpenVPN clients was not set to Default in Accept DNS Configuration.

When Accept DNS Configuration is set to anything else than Default (Relaxed, Strict or Exclusive), DNS servers 8.8.8.8 and 8.8.4.4 are automaticly selected for local IP's set to connect to the internet via an OpenVPN client in the router?

Could that be it?

Yep, that's probably it - that's why you see google dns in the syslog...

 

[Alex Tiedemann]

I agree with sfx2000. Check those. Its actually handy sometimes to be able to use DNS's other than those specified in the router, but if you don't want them, look there to get rid of them, eg:

Thanks for replying MediaMan09,

Had a look at those settings as well, all clients, except our TV and SatBox are set up to automatically be assigned the DNS servers.

Will configure the Android devices manually to see if it changes anything. Never had issues with the Windows computers so will leave them as they are, at least for now.

Kind regards,

Alex T.

 

[Alex Tiedemann]

Yep, that's probably it - that's why you see google dns in the syslog...

Thanks again.

Kind regards,

Alex T.

 

[Alex Tiedemann]

What OpenVPN server are you connecting to? With anything other than the Default setting, the server will push a set of DNS servers to the client. Some VPN providers will use google for their servers.

Thanks for the info john9527.

Testing with at friend who's running an OpenVPN server at his place, and could very well be that he uses the two Google DNS servers.

Did not know what are the different settings for, except Exclusive, so had a look in this thread: http://www.snbforums.com/threads/openvpn-dns-leaking.25295/#post-188118

Otherwise, i have tried Citizen VPN - https://www.citizenvpn.com/
and something with af Frog VPN, don't remember the name and a couple of others i don't remember (my memory is not that great ).


Kind regards,

Alex T.

 

[sfx2000]

Under LAN>DHCP Server i have set the DNS servers like this under DNS and WINS Server Setting:
DNS Server 1: 217.197.83.204
DNS Server 2: 77.66.108.93

And under WAN>Internet Connection i have set the same DNS servers under WAN DNS Settings:
DNS Server 1: 217.197.83.204
DNS Server 2: 77.66.108.93

Little tip here...

dnsmasq is going to capture the DNS requests and cache them anyways (think of it as a proxy), so if you want to simplify things, you don't need to send down the servers from the DHCP - just set it to the router/AP gateway address.. (or leave them blank).

dnsmasq is doing the actual lookups on the internet/WAN side.

 

[Alex Tiedemann]

Little tip here...

dnsmasq is going to capture the DNS requests and cache them anyways (think of it as a proxy), so if you want to simplify things, you don't need to send down the servers from the DHCP - just set it to the router/AP gateway address.. (or leave them blank).

dnsmasq is doing the actual lookups on the internet/WAN side.

Hi sfx2000.

Thanks.

So actually i could leave both the WAN and DHCP empty, since I'm currently stuck with at cable-modem/router from my ISP, a Hitron CVE-30360 that i can't put into Bridge mode.
In the Hitron i have defined the same two DNS servers as mentioned earlier.

Had a cable modem before, but it made some interference with the cable-decoder for the telly, so got this Hitron instead, not super happy with that, since i was promised a new modem.

Any clue to how i can force the Hitron into Bridge mode?


Kind regards,

Alex T.

 

[sfx2000]

Any clue to how i can force the Hitron into Bridge mode?

Looking at section 2.1.6 of the Hitron CVE-30360, Routing Mode can only be set by the service provider, it not a user setting unfortunately..

So yeah, you probably could leave them blank on the LAN side, and just set them on the WAN side if you're using the RT-AC68U as a router behind the hitron CM-Gateway router, the only challenge you might face is anything on the WLAN or LAN ports might be a double-NAT...