DNS Director or DNS WAN

[Zaka7]

Hi All,

I set up my BE86u yesterday and am running the latest Merlin software for it. Everything seems to be working flawlessly.

I have however been lurking these forums as usual, and see that a few people have the same set up as me, i.e. using Quad9 for their DNS.

My question is I have simply set DNS Director to direct all devices on my main network and guest network to the defauly Quad9 selection built into Merlin software. Is this the right thing to do? My WAN DNS settings do not look like others, this is not set to Quad9 as well, I assumed DNS director overrode this setting (unless set to router) Is this understanding correct or do I need to do the WAN DNS also?

Thanks in advance!

 

[ColinTaylor]

Set your WAN DNS Server to Quad9. Set DNS Director > Global Redirection to Router.

 

[Zaka7]

Set your WAN DNS Server to Quad9. Set DNS Director > Global Redirection to Router.

Thanks, I'll do that and then change global to Router on both the main network and guest network.

Just for my understanding, Is there a reason for this? I just assumed DNS director's built in lists would override any other setting anyway?

 

[ColinTaylor]

I just assumed DNS director's built in lists would override any other setting anyway?

DNS Director is a standalone feature. Changing DNS Director's settings doesn't change any of the other router settings.

The purpose of DNS Director is to silently intercept and redirect DNS queries from devices that ignore or try to circumvent the router's suggested DNS servers (LAN - DHCP Server). Ideally you want your LAN clients to use the router as their DNS server. Then if the router cannot resolve the query it is forwarded to the WAN DNS servers.

 

[Zaka7]

DNS Director is a standalone feature. Changing DNS Director's settings doesn't change any of the other router settings.

The purpose of DNS Director is to silently intercept and redirect DNS queries from devices that ignore or try to circumvent the router's suggested DNS servers (LAN - DHCP Server). Ideally you want your LAN clients to use the router as their DNS server. Then if the router cannot resolve the query it is forwarded to the WAN DNS servers.

Thank you. I shall set that up when home this evening then!

 

[Zaka7]

DNS Director is a standalone feature. Changing DNS Director's settings doesn't change any of the other router settings.

The purpose of DNS Director is to silently intercept and redirect DNS queries from devices that ignore or try to circumvent the router's suggested DNS servers (LAN - DHCP Server). Ideally you want your LAN clients to use the router as their DNS server. Then if the router cannot resolve the query it is forwarded to the WAN DNS servers.

I have set this up and it's working flawlessly. Thank you!

One more quick one if I may? What would you recommend for the other DNS related settings below the assigned server? I have left them all as default with NO selected in general and DoT is not enabled either? - Is there a recommended setting for all of these too?

 

[ColinTaylor]

One more quick one if I may? What would you recommend for the other DNS related settings below the assigned server? I have left them all as default with NO selected in general and DoT is not enabled either? - Is there a recommended setting for all of these too?

I would leave them at their default values unless you have a specific reason to change them. DoT isn't that useful IMHO unless you think your ISP (or government) is intercepting and monitoring your DNS queries (and you care about that), otherwise it just slows things down in my experience.

 

[Zaka7]

I would leave them at their default values unless you have a specific reason to change them. DoT isn't that useful IMHO unless you think your ISP (or government) is intercepting and monitoring your DNS queries (and you care about that), otherwise it just slows things down in my experience.

Thank you for the advice!

 

[Natty]

Set your WAN DNS Server to Quad9. Set DNS Director > Global Redirection to Router.

I counted five areas of DNS settings around the WAN, LAN and Guest Network Pro sections. What would be the merits/demerits/results of the following DNS settings for LAN clients and guest clients?..

• WAN DNS Server: set to Quad9,
• LAN DHCP Server -> DNS Server 1 and DNS Server 2: left blank,
• LAN DNS Director -> global redirection: set to Quad9,
• DNS Director Guest Profiles: all individually set to Quad9,
• Guest Network Pro -> Advanced ->DNS Server: each one set to Default.

Asking for a friend who is quite confused but keen to learn more about DNS settings ...

Is there a better set of the above DNS settings to get all internet using clients to use Quad9?

 

[ColinTaylor]

Personally I would always set the LAN global redirection to "router" so that you get the benefit of faster lookups and local name resolution. Without the latter you wouldn't be able to access the router using "asusrouter.com". Whether you do the same for guest networks is your own choice. I can see an argument for not allowing local name resolution (e.g. myserver.home.lan) for untrusted guests and just forcing them to go directly to Quad9. But that's just security through obscurity (i.e. no security at all).