1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

    Dismiss Notice
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Advertise router DNS to VPN clients as 2nd DNS server

Discussion in 'Asuswrt-Merlin' started by JipHop, Oct 27, 2019.

  1. JipHop

    JipHop New Around Here

    Oct 10, 2019
    Hi all, I've got a TUN OpenVPN Server running fine on my RT-AC86U with Merlin 384.13.
    But I have a problem when specifying the DNS servers my VPN clients should use.

    For example: router IP is, primary DNS server is
    I want my VPN clients to use the primary DNS server (which isn't the router) by default, but fall back to the router.

    For example, I put this in custom configuration:

    push "dhcp-option DNS"
    push "dhcp-option DNS"

    However, now the router won't respond to DNS queries.

    When I check "Advertise DNS to clients", then the router will reply to DNS queries, but the result is that it will also add another push entry to the OpenVPN server conf. The result is:

    push "dhcp-option DNS"
    push "dhcp-option DNS"
    push "dhcp-option DNS"

    So now my router will be used as primary DNS, but I need to use it as a fall back DNS server when the primary one is offline.

    Since release 384.5 (13-May-2018), the option to respond to dns queries has been removed. But I think that option, to only respond to DNS queries without also adding the push entry to the server conf, would solve my problem...

    Does anyone have a suggestion how I can solve this? Changing the client config isn't an option.