DHCP server - how to specify the 2nd DNS Server?

[Rici]

Because you still don't understand what Optional is for. It doesn't append to DNS1 and DNS2. It replaces them.

Where to find any description of that "Optional" you highlight?

It's not about appending it (I never said this), but replacing DNS Server #1 - that's how I anticipated it is, what is fine. Of course, I still want clients to get a 2nd DNS Server - and that's exactly what Asus DHCP Server does not do, so it's a weird bug.

 

[Rici]

This is not a bug, it's a design choice. This limitation is exactly the same in stock Asus firmware. In fact the "DNS Server (Optional)" field didn't even exist in older firmwares.

https://demoui.asus.com/Advanced_DHCP_Content.asp

If you want to assign more than one DNS server to specific clients you would have to use Merlin's custom config files.

"If you want to assign more than one DNS server to specific clients": THAT is exactly what I am looking for!
What a pity Asus firmware does not offer such basic functionality. Another miss, after VLANs, which are also not supported :-(

Where to find those "Merlin's custom config files"? And where to enter those two DNS Servers in the DHCP configuration? Any hints?

 

[drinkingbird]

While I fully understand that DHCP clients geht both configured DNS Server: This is ONLY the case when there is no Manually assigned DNS Server, meaning that the "DNS Server (optional)" field is empty or filled with the entry "Default".

But when I ENTER a DNS Server there, so that it is not default, then the bug is there: In that case, only 1 single DNS Server is handed out to clients, so not two. Try for yourself.
Every client should get two DNS servers - but a client gets only one DNS Server when I manually configure a DNS Server and by doing so turn off the "default" setting.

In my understanding, this is clearly another bug in the Asus firmware.

That is by design, not a bug. A limitation at most. The manual assignment overrides, it doesn't append (same for hostname etc).

There is absolutely no rule that every client should get 2 DNS servers. I use my router for DNS and every client just gets that one.

You can also (with other DHCP servers) give clients 10 DNS servers. There is no rule.

If you absolutely must have 2 DNS servers for your manual assignments you will need to SSH in and create a dnsmasq.postconf script to update the config file.

 

[drinkingbird]

Where to find any description of that "Optional" you highlight?

It's not about appending it (I never said this), but replacing DNS Server #1 - that's how I anticipated it is, what is fine. Of course, I still want clients to get a 2nd DNS Server - and that's exactly what Asus DHCP Server does not do, so it's a weird bug.

It completely overrides the default settings. Both DNS1 and 2 are default settings, you lose both if you add the optional manual DNS.

The top part of the screen is default. The bottom (manual assignments) part is overriding everything up there. You can even assign an IP that is outside of your DHCP scope.

 

[drinkingbird]

Where to find any description of that "Optional" you highlight?

It's not about appending it (I never said this), but replacing DNS Server #1 - that's how I anticipated it is, what is fine. Of course, I still want clients to get a 2nd DNS Server - and that's exactly what Asus DHCP Server does not do, so it's a weird bug.

Optional is listed right there where you're filling in the DNS server

DNS Server (Optional)

 

[Rici]

@drinkingbird thank you for confirming this behavior of the Asus FW/DHCP server.

This is a stupid design decision from Asus (it's 2023, and this function doesn't eat much CPU or memory). What's even more annoying is that it is not stated "if you manually put in a DNS Server, then NO SECOND DNS Server info is sent to DHCP clients".
As I said, another "design flaw" from Asus in a growing list of design flaws of Asus in their routers. No VLAN support is another one, not to mention the often-reported WiFi problems (some clients just can't connect, no matter what you do) or the privacy-invasive TrendMicro stuff (at least that's optional).

After years of wrestling with Asus to get what it should do, and buying several routers from them, this is it for me, the nail in the coffin. I'll only use Asus for secondary or tertiary stuff, but no longer as my primary router.
EAP670 got my WiFi issues fixed, and OpenWRT-based stuff (or OPNsense) will to the routing/firewall. So sad, Asus :-(

 

[drinkingbird]

"If you want to assign more than one DNS server to specific clients": THAT is exactly what I am looking for!
What a pity Asus firmware does not offer such basic functionality. Another miss, after VLANs, which are also not supported :-(

Where to find those "Merlin's custom config files"? And where to enter those two DNS Servers in the DHCP configuration? Any hints?

You would create the script yourself. Check the merlin wiki on creating scripts, dnsmasq.postconf would be the sensible one to use. Pretty easy to do a find/replace in the config file using the script.

Just tested it out and it worked fine

First set your manual assignments to use a dummy IP that will never be used anywhere in the settings of your router. 1.1.1.1 or 99.99.99.99, whatever. Just a dummy that will get replaced.

Then create a script in /jffs/scripts called dnsmasq.postconf
do a "chmod a+rx /jffs/scripts/*" to make it executable

If you don't know how to use vi, better to create the script on your PC in notepad then transfer it using USB or SFTP etc.

Contents of the script:
#!/bin/sh
sed -i "s/1.1.1.1/10.1.1.1,10.1.1.2/g" "/etc/dnsmasq.conf"

Where 1.1.1.1 is the dummy DNS you specified in the GUI, and 10.1.1.1 and 10.1.1.2 are the DNS you actually want (make sure you have the comma in between and no extra spaces). Do not use 1.1.1.1 or the dummy Ip you used anywhere else.

That will replace every instance of the dummy IP with both real IPs.

Then either reboot or do a "service restart_dnsmasq" and renew your client leases. Reboot should renew them all automatically. Going forward, any changes you make to anything to do with DNS or DHCP via the GUI will issue a service restart for dnsmasq every time which will fire off your script automatically. GUI will still only show 1.1.1.1 because that is stored in NVRAM, but your clients will receive the two real IPs. If you wanted the GUI to show the correct values then you need to mess around with scripting modifications to NVRAM and I just tried and it does not seem to accept two DNS IPs on the reservations there, but may be able to find a way.

Note if you have this DNS specified up above in the default settings it will also replace it there, (though if you were willing to do it up there, we wouldn't be having this discussion, so I'm assuming you aren't doing that). That's why I say to use a dummy IP in the manual bindings to avoid conflicts like that.

 

[drinkingbird]

@drinkingbird thank you for confirming this behavior of the Asus FW/DHCP server.

This is a stupid design decision from Asus (it's 2023, and this function doesn't eat much CPU or memory). What's even more annoying is that it is not stated "if you manually put in a DNS Server, then NO SECOND DNS Server info is sent to DHCP clients".
As I said, another "design flaw" from Asus in a growing list of design flaws of Asus in their routers. No VLAN support is another one, not to mention the often-reported WiFi problems (some clients just can't connect, no matter what you do) or the privacy-invasive TrendMicro stuff (at least that's optional).

After years of wrestling with Asus to get what it should do, and buying several routers from them, this is it for me, the nail in the coffin. I'll only use Asus for secondary or tertiary stuff, but no longer as my primary router.
EAP670 got my WiFi issues fixed, and OpenWRT-based stuff (or OPNsense) will to the routing/firewall. So sad, Asus :-(

Asus pro series support VLAN. You can also get VLAN support via a script, I have VLANs and tagged/trunking configured on my AC-1900 through a simple script.

If you want those advanced features in GUI format, get yourself an edgerouter and an AP that supports VLANs. Cheap and simple solution.

These are not design flaws, they are just not things needed by the target audience.

 

[Rici]

If you want those advanced features in GUI format, get yourself an edgerouter and an AP that supports VLANs. Cheap and simple solution.

TBD is VLAN is an advanced feature that only should be available in a "Pro series" router. Personally, I disagree with your portrait.

Asius routers costing $300 should have good WiFi (not one you need to turn off for replacing it e.g. with a $150 EAP670 WiFi-AP). That brings me to the $400+ range.

Being able to send two DNS server IPs to DHCP clients is far from being "advanced", it's basic functionality for 20+ years.

Edgerouter seem to have many flaws and errors, getting worse with each FW update. Ubiquiti was good a few years ago but is being dropped increasingly, in favor of better/less faulty/more intuitive/not outdated solutions such as Omada.
Reading through several forums, it seems that Ubiquity stuff and Asus router are being dropped at high rates in favor of better, more modern and (most importantly) _working_ solutions, such as Omada. They are successful for a reason.

Sorry, I tried that stuff and it's way worse than Asus, so a clear No from me for that one.

 

[drinkingbird]

TBD is VLAN is an advanced feature that only should be available in a "Pro series" router. Personally, I disagree with your portrait.

Asius routers costing $300 should have good WiFi (not one you need to turn off for replacing it e.g. with a $150 EAP670 WiFi-AP). That brings me to the $400+ range.

Being able to send two DNS server IPs to DHCP clients is far from being "advanced", it's basic functionality for 20+ years.

Edgerouter seem to have many flaws and errors, getting worse with each FW update. Ubiquiti was good a few years ago but is being dropped increasingly, in favor of better/less faulty/more intuitive/not outdated solutions such as Omada.
Reading through several forums, it seems that Ubiquity stuff and Asus router are being dropped at high rates in favor of better, more modern and (most importantly) _working_ solutions, such as Omada. They are successful for a reason.

Sorry, I tried that stuff and it's way worse than Asus, so a clear No from me for that one.

Asus does send 2 DNS IPs to clients just fine, in fact it can send 3 if you include the router IP. Just not when you want to override the default DNS with a replacement one for specific clients, at least not without using the script that I wrote and tested for you which you can implement quite easily and get what you want.

If you hate Asus, throw it away and stop asking for help here. Get some semi-pro kit and go to town. Very few home routers support VLAN on the LAN with stock firmware, and the ones that do are typically "pro" models in the higher end price range.

My $25 RT-AC1900 performs excellent is and is leaps and bounds over Netgear or TP-Link. And with the help of Merlin's code and some simple scripts, I have VLANs and 802.1q trunking.

If you don't like edgerouter, there's plenty of similar options available.

Sounds like you're just here to complain about how terrible Asus is, so stop wasting people's time pretending you want help.

 

[Tech9]

Asius routers costing $300

What you get for $300 is Router, Switch and Access Point in All-in-One device. The hardware is perhaps less than $100 for all three. Asus has more than needed options for a home router. If you want better - split it on components and use the ones you like or perform better. It will cost you more though.

 

[bennor]

Lets step back a bit and look at the initial post made. OP used an example:

For example, I have two Pi-Holes, and if the primary goes down my DHCP clients should use the secondary Pi-Hole instead. For doing so, I need to let DHCP clients of my Asus router know what the 2nd DNS Server is.

In that example, using the Asus-Merlin DNS and WINS Server Setting's DNS Server 1 and DNS Server 2 fields WILL accomplish this, which has been shown in subsequent replies. Many people use two Pi-Holes for precisely the reason the OP indicated in their example, incase one Pi-Hole goes down the second is there to resolve DNS queries.

The OP, in later posts, indicates for their use case they want to manually assign two DNS servers to each manually assigned IP address client. The Asus router GUI as designed does not support the option to use more than one manually assigned DNS Server (Optional) value per client in the manually assigned IP section. As subsequently indicated, using the DNS Server (Optional) value does not append that optional DNS Server value to the existing DNS Server 1 and DNS Server 2 list, rather it replaces DNS Server 1 and DNS Server 2 values for that specific manual client. As has been pointed out there is no rule that mandates how many DNS servers one should use when manually assigning an IP address to network clients. The current Asus firmware GUI interface is what it is. As also indicated one can use scripting to accomplish what the OP seeks by using a dnsmasq.postconf file.

A wild guess is the OP's use case is on the edge and as such Asus didn't design their consumer grade router GUI to deal with such an edge use case. It is simply a design decision not a bug. Because of the versatility of the Asus/Asus-Merlin firmware one has a way to go beyond the designed GUI to script things to meet their edge use case (in this instance).

One also has the option of bypassing the Asus router by manually assigning the DNS Servers to each network client manually, if the network client supports manually assigning DNS servers on the network device itself.