In running GRC's DNS Benchmark, in Conclusions & Recommendations one result is:
-----------------------------------
How can you disable the router's provisioning of DNS services in Merlin? I have a RT-AC68U and running 380.63_2
-----------------------------------
System has only ONE (router based) nameserver configured.
It appears that only one local (router gateway) DNS nameserver, with the IP address of [192.168.1.1], is currently providing all DNS name resolution services to this system. This configuration is not recommended because most consumer-grade routers provide inefficient and under-powered DNS resolution services.
Unless the DNS resolvers your router is using is under your control, it may not be providing the best or complete name resolution services. For example, is it using multiple redundant DNS nameservers?
Users of GRC's DNS Spoofability system have determined that consumer-grade routers can be crashed by the receipt of specific DNS reply packets from the Internet. This opens the possibility that Internet-based criminals could acquire access to your router from the Internet as well as to the private network in controls.
Many consumer-grade routers fail to provide the full range of DNS lookup services. This may have been detected by the benchmark and noted below.
Recommended Actions:
Unless you have some specific reason not to, you should give serious thought to disabling your router's provisioning of DNS services (which it is providing for all computers on your local network). After this is done, a fresh reboot of your computers will likely reveal the multiple DNS nameservers provided by your ISP. This is a superior configuration, without an under-powered router acting as a incompetent middleman and impeding all DNS access.
Note that if you can determine the IP addresses of your ISP-provided nameservers (which may be visible in your router's web configuration) you could manually add them to the nameservers being tested by this benchmark, while also leaving your router providing DNS. This would allow you to compare the performance when running through your router versus "going direct".
-------------------------------It appears that only one local (router gateway) DNS nameserver, with the IP address of [192.168.1.1], is currently providing all DNS name resolution services to this system. This configuration is not recommended because most consumer-grade routers provide inefficient and under-powered DNS resolution services.
Unless the DNS resolvers your router is using is under your control, it may not be providing the best or complete name resolution services. For example, is it using multiple redundant DNS nameservers?
Users of GRC's DNS Spoofability system have determined that consumer-grade routers can be crashed by the receipt of specific DNS reply packets from the Internet. This opens the possibility that Internet-based criminals could acquire access to your router from the Internet as well as to the private network in controls.
Many consumer-grade routers fail to provide the full range of DNS lookup services. This may have been detected by the benchmark and noted below.
Recommended Actions:
Unless you have some specific reason not to, you should give serious thought to disabling your router's provisioning of DNS services (which it is providing for all computers on your local network). After this is done, a fresh reboot of your computers will likely reveal the multiple DNS nameservers provided by your ISP. This is a superior configuration, without an under-powered router acting as a incompetent middleman and impeding all DNS access.
Note that if you can determine the IP addresses of your ISP-provided nameservers (which may be visible in your router's web configuration) you could manually add them to the nameservers being tested by this benchmark, while also leaving your router providing DNS. This would allow you to compare the performance when running through your router versus "going direct".
How can you disable the router's provisioning of DNS services in Merlin? I have a RT-AC68U and running 380.63_2