Menu
What's new
By:
Filters Better Search

Change dns ip

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

G

GoNzCiD

Occasional Visitor
Hi, is it possible to change the dns ip (in this case i'm interested in change the secondary dns ip) from shell?

Thanks in advance
 
You can changes that by using the nvram command.

This variable is the first DNS of WAN:
Code: 
wan0_dns
Set it like:
Code: 
nvram set wan0_dns="8.8.8.8"
Don't forget to enable that DNS for WAN:
Code: 
nvram set wan0_dnsenable_x="1"
If you enable the DNS filter, it may be invalid, you can use this one to disable the DNS filter:
Code: 
nvram set dnsfilter_enable_x="0"
And when any nvram change is completed, you need enter this command to save your changes:
Code: 
nvram commit
There are a lot of DNS variable, if you want to know more please enter it in SSH:
Code: 
nvram show | grep -i "dns"

DO NOT change any settings you don't know about it, as this may cause your router to become a brick. finally, please always remember that good habit of disable the SSH after use.
 
Last edited:
Yota said:
DO NOT change any settings you don't know about it, as this may cause your router to become a brick. finally, please always remember that good habit of disable the SSH after use.
Click to expand...

No disrepect intended but do you really disable SSH after each use? Do you not use it regularly? I know that was something said a lot about Telnet in the past but is it still necessary today when using SSH? Again, no disrespect intended and I am just curious what others are doing these days.
 
bluzfanmr1 said:
No disrepect intended but do you really disable SSH after each use? Do you not use it regularly? I know that was something said a lot about Telnet in the past but is it still necessary today when using SSH? Again, no disrespect intended and I am just curious what others are doing these days.
Click to expand...
The issue with telnet (and ftp for that matter) is that it sends all data in plain text over the wire, including user names and passwords.

As for SSH I'd say that's probably one of the most secure components on the router, more so than the web interface, media server, etc. So personally I have absolutely no issue leaving that enabled (for LAN only) as it's something I use most days. I get the philosophy of "if you aren't using it, disable it", but disabling SSH is unnecessary IMHO.

If I thought there was a realistic chance of a targeted SSH attack on my router from within my LAN I think I'd have bigger problems to address.
 
Yota said:
You can changes that by using the nvram command.

This variable is the first DNS of WAN:
Code: 
wan0_dns
Set it like:
Code: 
nvram set wan0_dns="8.8.8.8"
Don't forget to enable that DNS for WAN:
Code: 
nvram set wan0_dnsenable_x="1"
If you enable the DNS filter, it may be invalid, you can use this one to disable the DNS filter:
Code: 
nvram set dnsfilter_enable_x="0"
And when any nvram change is completed, you need enter this command to save your changes:
Code: 
nvram commit
There are a lot of DNS variable, if you want to know more please enter it in SSH:
Code: 
nvram show | grep -i "dns"

DO NOT change any settings you don't know about it, as this may cause your router to become a brick. finally, please always remember that good habit of disable the SSH after use.
Click to expand...
Hi, I have been regarding at vars that are affected when changing the dns in the web UI.
Code: 
wan0_dns1_x=8.8.8.8
wan0_dns2_x=8.8.4.4
wan0_dns=8.8.8.8 8.8.4.4
wan0_dnsenable_x=0
wan0_xdns=8.8.8.8 8.8.4.4
wan1_dns1_x=
wan1_dns2_x=
wan1_dns=
wan1_dnsenable_x=0
wan_dns1_x=8.8.8.8
wan_dns2_x=8.8.4.4
wan_dns=8.8.8.8 8.8.4.4
wan_dnsenable_x=0

I can see that wan0_* and wan_* are affected. I have disabled dns filtering and the interested thing is that all *enable* are always disabled (0), it's correct? I suppose that yes, because it works. But make no sense...

It's normal to that it change wan0_* and wan_* vars?
 
GoNzCiD said:
I can see that wan0_* and wan_* are affected. I have disabled dns filtering and the interested thing is that all *enable* are always disabled (0), it's correct? I suppose that yes, because it works. But make no sense...

It's normal to that it change wan0_* and wan_* vars?
Click to expand...
The dnsenable_x settings reflect whether you’re enabling WAN DHCP DNS servers or not. If you select No on the WAN page, this setting will be 0.

The wan0 and wan1 settings are related to the dual-WAN support. Most of us do not have 2 ISPs so we only ever see the wan0 settings populated. I think the corresponding wan_ settings reflect the currently active wan interface (0 or 1).
 
ColinTaylor said:
As for SSH I'd say that's probably one of the most secure components on the router, more so than the web interface, media server, etc.
Click to expand...

Note I'm commenting on only this part of what you've written. As well as the LAN only part.
Telnet - released as a standard in 1968. Secure enough for IBM to use.
Telnet - STILL being updated by IETF proposals. Now it's called "Virtual Telnet". I wouldn't even think of using it. Except maybe if it's in my LAN only... No, I wouldn't.

SSH - released as a standard in 2006.
SSH - Most recently updated in 2018. By including the use of SHA 256/512 RSA KEYS.

2066 - SSTVMS (super secure tunneling virtual machine shell). It's so secure I don't need to worry about using it. It's not like SSH used to be... I can't believe people even used it...

Pardon me if it sounds sarcastic. It's not meant to be at all. It's just the way these things go.
 
GoNzCiD said:
I can see that wan0_* and wan_* are affected.
Click to expand...
The WAN and WAN0 may be a duplicate variable caused by a variable added to nvram at different times, they do not want to remove it as perhaps to ensure backward compatibility.

GoNzCiD said:
I have disabled dns filtering and the interested thing is that all *enable* are always disabled (0),
Click to expand...
It should be enabled. I don’t know if they recently changed the enabled variable or used new variables.



intr0 said:
Note I'm commenting on only this part of what you've written. As well as the LAN only part.
Telnet - released as a standard in 1968. Secure enough for IBM to use.
Telnet - STILL being updated by IETF proposals. Now it's called "Virtual Telnet". I wouldn't even think of using it. Except maybe if it's in my LAN only... No, I wouldn't.

SSH - released as a standard in 2006.
SSH - Most recently updated in 2018. By including the use of SHA 256/512 RSA KEYS.

2066 - SSTVMS (super secure tunneling virtual machine shell). It's so secure I don't need to worry about using it. It's not like SSH used to be... I can't believe people even used it...

Pardon me if it sounds sarcastic. It's not meant to be at all. It's just the way these things go.
Click to expand...
I agree that nothing is the safest, and should be kept closed if not used, as this can reduce the attack surface.
 
Last edited:
Yota said:
The WAN and WAN0 may be a duplicate variable caused by a variable added to nvram at different times, they do not want to remove it as perhaps to ensure backward compatibility.
Click to expand...
No, the wan_ variable is used by the gui. The gui then reads/writes to either wan0_ or wan1_ depending on which one you are configuring. That's how the same page can be used to configure either wan in a dual wan config.
 
Yota said:
I agree that nothing is the safest, and should be kept closed if not used, as this can reduce the attack surface.
Click to expand...
Yesterday I was reading an article regarding using a Raspberry Pi combined with a reverse proxy (such as what CloudFlare provides) to host a website. It's all fully locked down in the setup instructions, in the detailed graphics used to visually explain how it's setup, etc. However, the author uses SSH to log in to the Pi to do most of the setup. It's a good, explanatory article. Expect for the fact that no where does it instruct the reader/s to a) use the strongest SSH key possible (password encrypted or not, depending on the capability of the system being logged into; 4096bit RSA / 512bit Elliptic Curve key / SHA512 hashed password etc (despite the fact that it takes a single command or any one of multiple online tools to reverse any hash)). And the author never states to even use key based auth. And they state that they access the remotely via SSH over port 22. Remotely. I wanted to ask the domain name, but there was nowhere to leave comments.
 
You must log in or register to reply here.

Similar threads

A
Dual WAN DNS issue on
Replies
3
Views
576
Asmer
A
R
Would any of this make my browsing more secure? (WAN DNS settings)
2
Replies
20
Views
1K
aru
aru
icanfly
DNS fails for local devices when there is no WAN!
Replies
2
Views
464
icanfly
icanfly
TanyaC
Possible DNS-Rebind attack detected and unresponsive router plus one more
Replies
3
Views
693
TanyaC
TanyaC
url004
NXDOMAIN on server but the router can resolve queries
Replies
1
Views
162
url004
url004
Similar threads
Thread starter Title Forum Replies Date
J DDNS, AX86U-PRO, inadyn isn't called after wan IP change ? Asuswrt-Merlin 3
J Change the name of the guest network in network map? Asuswrt-Merlin 1
M What Firmware Version Did Killswitch Change? Asuswrt-Merlin 1
M Should I Change From Router Mode to Something Else? Asuswrt-Merlin 4
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
H Wireguard server…. Can I change my IP? Asuswrt-Merlin 4
K _ecc Certificate Folder change Asuswrt-Merlin 0
L Mtu change doesnt work on 386.11 via connection automatic ip. Asuswrt-Merlin 4
M How to change MTU of Wireguard Client Asuswrt-Merlin 1
demokedes How to change /opt path Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 845 (members: 18, guests: 827)
Top