DNS server on LAN DCHP settings page

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

McRookie

New Around Here
Hi SNB

I would like to use DNS-over-HTTPS which Firefox and chrome supports. To avoid setting the DNS to cloudflare (1.1.1.1) manually on all clients browser settings I would like to set it on the Asus AC66U (not B1) router. If this is done on the WAN settings page the DoH does not work since Asus have DSN caching(dsnmasq) which does not support it (as far as I have heard)

But I can set the DNS server on the LAN DCHP settings page which bypasses this caching as far as I can read in posts by Merlin.

WiIl this have any negative consequences or disadvantages ?

I apologize in advance if my English is bad- it is not my primary language :)
 

bbunge

Very Senior Member
You should set the router to use Cloudflare on the WAN - Internet Connection page. That way all your clients will use the router for a DNS server which will send its queries to Cloudflare. DNS over HTTPS on most browsers relies on an initial connection over conventional DNS and thus is not very secure in my opinion. DNS over TLS is much more secure. I have DoH disabled on all my browsers.
With your older RT-AC66U may I recommend you switch firmware to John's fork as it supports DoT and supports your router. See: https://www.snbforums.com/threads/fork-asuswrt-merlin-374-lts-overview.67510/

Your English is no worse than mine and I have been trying to use it for a long time!
 

McRookie

New Around Here
You should set the router to use Cloudflare on the WAN - Internet Connection page. That way all your clients will use the router for a DNS server which will send its queries to Cloudflare. DNS over HTTPS on most browsers relies on an initial connection over conventional DNS and thus is not very secure in my opinion. DNS over TLS is much more secure. I have DoH disabled on all my browsers.
With your older RT-AC66U may I recommend you switch firmware to John's fork as it supports DoT and supports your router. See: https://www.snbforums.com/threads/fork-asuswrt-merlin-374-lts-overview.67510/

Your English is no worse than mine and I have been trying to use it for a long time!
Thank you for your reply.
I am more interested in privacy than security which is why I would use the DoH.
I of course already have cloudflare as DSN in the WAN tab.

But would setting the DNS on the LAN DHCP site and bypassing the dns chain in the router have any adverse effects?

I am not sur eI am read yto tak the plunge into installing a custom FW since - as I understand - the AC66U is no longeradequately supported ?
 

L&LD

Part of the Furniture
Yes, @john9527's RMerlin fork is current and does support your router.

Click and that link @bbunge provided and bring your router to 2021 networking levels.
 

McRookie

New Around Here
Yes, @john9527's RMerlin fork is current and does support your router.

Click and that link @bbunge provided and bring your router to 2021 networking levels.
Thank you for the reply :)

I am not sure though i am ready or have the abilities to spend 1 hour using a firmware restoration tool to update to a custom firmware. The router is placed in a hard to get area on an attic so it will probably not be realistic.

But I thank you for your replies :)
 

dave14305

Part of the Furniture
So you want Chrome to discover 1.1.1.1 as your operating system DNS resolver so that it auto-configures DoH with Cloudflare? If so, then yes you have to put Cloudflare in the LAN DHCP Server DNS field. But I think it will give both 1.1.1.1 and 192.168.1.1 (router IP) as DNS servers using stock ASUS firmware. The common downside is not being able to resolve hostnames of your local LAN devices when directly using an external DNS server.
 

McRookie

New Around Here
So you want Chrome to discover 1.1.1.1 as your operating system DNS resolver so that it auto-configures DoH with Cloudflare? If so, then yes you have to put Cloudflare in the LAN DHCP Server DNS field. But I think it will give both 1.1.1.1 and 192.168.1.1 (router IP) as DNS servers using stock ASUS firmware. The common downside is not being able to resolve hostnames of your local LAN devices when directly using an external DNS server.
Oh, ok I see. I did not think about this issue. WOuld make it problematic for all LAN devices needing to talk to each other like printers and such
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top