What's new

A little help with Asus ZenWiFi XT8-A480 and OpenDNS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
I had my Asus router doling out IP addresses automatically using Google's DNSes. I decided to try OpenDNS. My Asus' WAN settings Basic Config WAN Connection type is set to Automatic IP. Enable WAN is set to yes. Enable NAT yes. Enable UPnP yes (I'm not sure I need the last two, actually, I'm not sure about all the settings, and that's why I'm here).

I then went over to the LAN settings, in the DHCP Server settings, enabled yes, I left the IP pool starting address that was set to and the ending address to

I changed the google DNSes in the DNS and WINS Server Setting to the OpenDNS main and alternate IPs.

I set Advertise router's IP in addition to user specified DNS to no, and left WINS server blank.

setting manual assignment to no

Back in the WAN page, I don't recall ever Assigning the DNS Server. Anyway, OpenDNS is not in the list. If I did so, I'm sure I used the manual assignment for the OpenDNS IP settings. Now they show as the assigned DNS Server in the WAN DNS Setting section of the Internet Connection tab in the router.

I flushed the dns and did an nslookup to confirm that opendns was set as the DNS server.

I went back to log in to the OpenDNS dashboard, and after some surfing I did a displaydns. A lot of stuff came in. Then finally I went to the OpenDNS dashboard (where I had set my local server using my ISP leased IP address.

I installed the IP address updater.

Everything seems to be working fine. I see my stats on the OpenDNS dashboard and am beginning to experiment with more granular settings.

What makes me worry is that message in the router about not being able to use the protection of the privacy servers.

Can anyone give me some help on this?
I then went over to the LAN settings

You don't have to do anything in LAN settings. Leave the DNS settings there at default and change WAN DNS settings only to OpenDNS servers.

What makes me worry is that message in the router about not being able to use the protection of the privacy servers.

Because you changed the LAN DNS settings and your router is no longer working as DNS proxy. Your LAN clients call OpenDNS servers directly.
Last edited:
So, I don't think I really did any changes in the LAN page. I thing what shows there in the DNS and WINS Server Setting was populated after I did the manual WAN DNS Setting in the WAN page. The instruction next to the Assign button says "Assign a DNS service to improve security, block advertisement and gain faster performance."

Once assigned, there it shows this:

Filter Mode: Fast DNS
Service Name: OpenDNS
DNS Server:,

Should the DHCP tab in the LAN settings page, where it reads DNS and WINS Server Setting be blank where it reads DNS Server 1 and DNS Server 2?

Thanks for your explanation. I get it. My LAN DNS settings and my router are no longer working as DNS proxy.

So is OpenDNS not providing those "DNS privacy servers." Those are provided only if I'm using the local DNS server IP address ip pool. Should I then disable the local DHCP server on the LAN page's Basic Configuration?
LAN settings:


WAN settings:


What you have in WAN DNS server is used by the router only. It doesn't matter, can be OpenDNS as well.

Or it can be as simple as:

I had already Assigned and set the OpenDNS servers manually there. Do I also need to do the DNS over TLS setting you're showing, or is it either or. And if I don't do the DNS-over-TLS, then do I ignore setting the forwarding, enable rebind, DNSSEC, DNS privacy protocol, and DNS-over-TLS Profile?

I deleted the settings from the LAN DHCP Server tab so they're blank, and applied the changes. So far my OpenDNS server is working.

I still don't get why my LAN is not working. I can connect from a wireless MacBook Pro or a wireless MacBook Air to each other and to the WIN11 PC on the main router AX unit. The WIN11 can connect to the MacBook air or to the MacBook Pro, but only by typing in their IP addresses. Otherwise, they don't show up on the WIN11's Network. All 4 are connecting to the internet OK. I want to be able to share folders across the LAN in between any of my Macs and the two PCs. The WIN10 can see and connect to all others (the Macs and the WIN11), but the WIN11 can't connect to the WIN10, and I can't figure out why.
Last edited:
Set it up as shown. If you don’t want DoT just set the OpenDNS servers in WAN. Don’t worry about the rest, leave at default.
Oh, I see, I missed that. So the Privacy Servers provided by the Asus router is what the DNS over TLS is all about. Sorry. Yes, I'll try that, and that is the alternative setup to what I did. It will still be using the OpenDNS server, but in a slightly different way. I really appreciate your guidance and explanation.
So the Privacy Servers provided by the Asus router

Some of the options are just made available in the GUI. You can use any DNS servers you want as long as they support DoT. OpenDNS for example is not one of the available DoT options in Asuswrt GUI, but it works properly. About privacy... not really, it may prevent eventual man in the middle altering of DNS resolution. It also may be slower due to extra processing. Your ISP still sees what you connect to by IP address and can recreate your online activity pretty accurately. OpenDNS is good though with free filtering categories and 100% uptime. Cisco owned and using Umbrella engine.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!