RT-AC68U DNS Setup advice please.

[cliver]

Hi All,
I'm Running my AC68U on Rmerlin 380.63_2.
Just want a bit of advice on the best way to set up DNS.
I currently have my clients to auto detect DNS.
On the router I have setup 2 DNS servers that perform well for me. One is my ISP's and another independent one for redundancy.
I also have "Advertise router's IP in addition to user-specified DNS" set to "Yes".
My problem (if it ius a problem) is that the router appears last in the DNS server list (ipconfig /all from a windows PC).
Surely it must be faster if the router is first in the list, only going out to remote servers if the DNS query can't be answered locally?
Assuming my logic is correct, and I believe it is, how can I change the order so that my router appears as the first DNS server?
I have searched this and other resources but can't find anything of use.
Thanks for any pointers on this.
Regards
Clive

For completion I have:
"Forward local domain queries to upstream DNS" and "Enable DNSSEC support" set to "NO" (Defaults)
also WINS Server is blank.

 

[thelonelycoder]

Hi All,
I'm Running my AC68U on Rmerlin 380.63_2.
Just want a bit of advice on the best way to set up DNS.
I currently have my clients to auto detect DNS.
On the router I have setup 2 DNS servers that perform well for me. One is my ISP's and another independent one for redundancy.
I also have "Advertise router's IP in addition to user-specified DNS" set to "Yes".
My problem (if it ius a problem) is that the router appears last in the DNS server list (ipconfig /all from a windows PC).
Surely it must be faster if the router is first in the list, only going out to remote servers if the DNS query can't be answered locally?
Assuming my logic is correct, and I believe it is, how can I change the order so that my router appears as the first DNS server?
I have searched this and other resources but can't find anything of use.
Thanks for any pointers on this.
Regards
Clive

For completion I have:
"Forward local domain queries to upstream DNS" and "Enable DNSSEC support" set to "NO" (Defaults)
also WINS Server is blank.

If you have set your DNS Servers in LAN / DHCP Server then that is not surprising, the DNS Servers set there are sent out to the clients.
This is not what you normally do.
The proper setting is in Wan / Connect to DNS Server automatically --> set this to no and add your DNS Servers there.
And delete the DNS Servers in LAN / DHCP Server.

Then issue a ipconfig/renew in your Windows Clients.

 

[ColinTaylor]

There was a similar discussion about DNS here.

My view on this is that you are trying to solve a problem that is unlikely to ever happen. I follow you line of reasoning, but how likely is it that the router's DNS server (dnsmasq) will have stopped completely but you still have access to the internet.

As @thelonelycoder said, the better approach is the point the clients to only the router's DNS (the default setup) and then specify your 2 upstream DNS servers on the WAN page. You can then tune dnsmasq's behaviour on the router if you want to. There was a discussion of "all server" mode here.

 

[cliver]

If you have set your DNS Servers in LAN / DHCP Server then that is not surprising, the DNS Servers set there are sent out to the clients.
This is not what you normally do.
The proper setting is in Wan / Connect to DNS Server automatically --> set this to no and add your DNS Servers there.
And delete the DNS Servers in LAN / DHCP Server.

Then issue a ipconfig/renew in your Windows Clients.

Ah, right, thanks lonelycoder.
So in the LAN>DHCP Server>DNS and WINS Server settings I leave DNS Servder 1 & 2 blank?
And do I still need to set "Advertise router's IP in addition to user-specified DNS" to "YES"?

 

[ColinTaylor]

Ah, right, thanks lonelycoder.
So in the LAN>DHCP Server>DNS and WINS Server settings I leave DNS Servder 1 & 2 blank?
And do I still need to set "Advertise router's IP in addition to user-specified DNS" to "YES"?

Correct / yes.

 

[cliver]

Correct / yes.

Thanks Colin, works a treat

 

[thelonelycoder]

There was a similar discussion about DNS here.

My view on this is that you are trying to solve a problem that is unlikely to ever happen. I follow you line of reasoning, but how likely is it that the router's DNS server (dnsmasq) will have stopped completely but you still have access to the internet.

As @thelonelycoder said, the better approach is the point the clients to only the router's DNS (the default setup) and then specify your 2 upstream DNS servers on the WAN page. You can then tune dnsmasq's behaviour on the router if you want to. There was a discussion of "all server" mode here.

I believe it is best to leave the dnsmasq settings alone and only customize if you have a specific need or goal to achieve.
The default settings work best in almost all cases.

 

[cliver]

OK, I now have it setup as described; Remote DNS Servers in the WAN>WAN DNS Settings.
LAN>DHPC Server>DNS Servers blank, Advertise routers IP set to "YES"

ipconfig /all returns just the one DNS server (My Router)

Also, I am using DNS Benchmark to identify the best servers for my location which is where I got the addresses I entered into the WAN>WAN DNS Settings.
Now when I run the benchmark test it reports that I only have one nameserver configured. Is this right?
All is working well with a perceived improvement in response times (maybe wishful thinking

 

[thelonelycoder]

OK, I now have it setup as described; Remote DNS Servers in the WAN>WAN DNS Settings.
LAN>DHPC Server>DNS Servers blank, Advertise routers IP set to "YES"

ipconfig /all returns just the one DNS server (My Router)

Also, I am using DNS Benchmark to identify the best servers for my location which is where I got the addresses I entered into the WAN>WAN DNS Settings.
Now when I run the benchmark test it reports that I only have one nameserver configured. Is this right?
All is working well with a perceived improvement in response times (maybe wishful thinking

DNS Benchmark by GRC is an outdated tool. Only take it's advice if you know what it says, i.e. ignore and deinstall it.

 

[thelonelycoder]

Your best DNS Servers are generally your ISP's.

 

[ColinTaylor]

Now when I run the benchmark test it reports that I only have one nameserver configured. Is this right?

This is correct.

All is working well with a perceived improvement in response times (maybe wishful thinking

Your router provides the fastest response because it provides a local cache for your upstream servers.

See here for why GRC's advice is wrong.

 

[cliver]

As I understand it now all client DNS requests go to my router. If the router has the results cached then it responds itself. If it doesn't have a result cached then it goes to the first one set in my routers WAN settings (this I have set as my isp's DNS), if that fails it tries there second one set in my routers WAN page (this I have set to a 3rd party that respond well).
I did have it set to use Google's DNS.
I haven't done any accurate testing but it certainly seems to respond faster. Do hopefully I now have a decent set up and it'll be reliable.
Thanks all for the input. I learn something new ask the time on here.

Sent from my Nexus 6P using Tapatalk

 

[thelonelycoder]

As I understand it now all client DNS requests go to my router. If the router has the results cached then it responds itself. If it doesn't have a result cached then it goes to the first one set in my routers WAN settings (this I have set as my isp's DNS), if that fails it tries there second one set in my routers WAN page (this I have set to a 3rd party that respond well).
I did have it set to use Google's DNS.
I haven't done any accurate testing but it certainly seems to respond faster. Do hopefully I now have a decent set up and it'll be reliable.
Thanks all for the input. I learn something new ask the time on here.

Sent from my Nexus 6P using Tapatalk

It works exactly as you described it.
This is also the fastest and most economic way of doing it on a LAN.
Dnsmasq caches 1500 queries by default. This also seems to be a good setting for a residential LAN environment.

 

[Jay Culley]

If you do as you say @thelonelycoder and specify 2 DNS servers in the WAN settings under Connect to DNS Server automatically, won't that (or shouldn't that) break AB-solution 3? The dns server specified in the WAN settings can resolve the names in the backlist. For example: once I did all this, I used one of my isp's dns servers and google's public one under "Connect to DNS Server automatically" if I run nslookup googleadservices.com it resolves fine to 216.58.218.130. but if I put googleadservices.com it a browser url box then 404 not found. ??

 

[thelonelycoder]

If you do as you say @thelonelycoder and specify 2 DNS servers in the WAN settings under Connect to DNS Server automatically, won't that (or shouldn't that) break AB-solution 3? The dns server specified in the WAN settings can resolve the names in the backlist. For example: once I did all this, I used one of my isp's dns servers and google's public one under "Connect to DNS Server automatically" if I run nslookup googleadservices.com it resolves fine to 216.58.218.130. but if I put googleadservices.com it a browser url box then 404 not found. ??

If logging is enabled in AB, enter (f) with option 1 to follow the unfiltered output.
Now, in a second terminal enter
nslookup googleadservices.com

The logfile will report:

query[AAAA] googleadservices.com from 127.0.0.1
forwarded googleadservices.com to 192.168.2.1
query[A] googleadservices.com from 127.0.0.1
/tmp/mnt/absolution/adblocking/hosts-adblock googleadservices.com is 172.20.0.2
query[PTR] 2.0.20.172.in-addr.arpa from 127.0.0.1
/tmp/mnt/absolution/adblocking/blacklist.txt 172.20.0.2 is somedomain.blocked.com

This is exactly what nslookup does, probe the network for DNS.
- 127.0.0.1 being the device itself
- 192.168.2.1 the upstream router from the device
- 172.20.0.2 is the devices pixelserv-tls IP

Now, enter into your browser URL bar:
googleadservices.com

query[A] googleadservices.com from 172.20.0.16
/tmp/mnt/absolution/adblocking/hosts-adblock googleadservices.com is 172.20.0.2

- 172.20.0.16 is my workhorse I'm sittig at right now and do some coding
- 172.20.0.2 again the PS IP blocked it

Conclusion: All good, that's what nslookup is supposed to do.
Remark: ONLY fill in the DNS Server fields in WAN, NEVER in the LAN section of your router.
Else, AB will be unable to do it's job.

 

[eddiez]

Conclusion: All good, that's what nslookup is supposed to do.
Remark: ONLY fill in the DNS Server fields in WAN, NEVER in the LAN section of your router.
Else, AB will be unable to do it's job.

Unless you run a local DNS server...How would you need to get AB running in that scenario?

 

[thelonelycoder]

Unless you run a local DNS server...How would you need to get AB running in that scenario?

I don't, AB requires the local DNS Server (dnsmasq) to respond to queries for it work.

 

[Jay Culley]

I have never been able to get (f) follow the log to work in any of the 3 options. it does find an error in the install, says type 22, that returns many file or directory not found and some entries missing from dnsmasq.conf. I am going to reinstall.

 

[thelonelycoder]

I have never been able to get (f) follow the log to work in any of the 3 options. it does find an error in the install, says type 22, that returns many file or directory not found and some entries missing from dnsmasq.conf. I am going to reinstall.

You have a serious problem then. Install and get everything else you have working (Entware, swap, whatever).
THEN as the last thing, install AB-Solution. It will treat everything else with respect and not overwriting jffs files.
Let me know how it goes.

 

[thelonelycoder]

And please, use the 'official' thread for AB related issues. That keeps everything in one place:
https://www.snbforums.com/threads/release-ab-solution-3-the-ad-blocking-solution.35540/