What's new

DNS server on LAN DCHP settings page

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

McRookie

Occasional Visitor
Hi SNB

I would like to use DNS-over-HTTPS which Firefox and chrome supports. To avoid setting the DNS to cloudflare (1.1.1.1) manually on all clients browser settings I would like to set it on the Asus AC66U (not B1) router. If this is done on the WAN settings page the DoH does not work since Asus have DSN caching(dsnmasq) which does not support it (as far as I have heard)

But I can set the DNS server on the LAN DCHP settings page which bypasses this caching as far as I can read in posts by Merlin.

WiIl this have any negative consequences or disadvantages ?

I apologize in advance if my English is bad- it is not my primary language :)
 
You should set the router to use Cloudflare on the WAN - Internet Connection page. That way all your clients will use the router for a DNS server which will send its queries to Cloudflare. DNS over HTTPS on most browsers relies on an initial connection over conventional DNS and thus is not very secure in my opinion. DNS over TLS is much more secure. I have DoH disabled on all my browsers.
With your older RT-AC66U may I recommend you switch firmware to John's fork as it supports DoT and supports your router. See: https://www.snbforums.com/threads/fork-asuswrt-merlin-374-lts-overview.67510/

Your English is no worse than mine and I have been trying to use it for a long time!
 
You should set the router to use Cloudflare on the WAN - Internet Connection page. That way all your clients will use the router for a DNS server which will send its queries to Cloudflare. DNS over HTTPS on most browsers relies on an initial connection over conventional DNS and thus is not very secure in my opinion. DNS over TLS is much more secure. I have DoH disabled on all my browsers.
With your older RT-AC66U may I recommend you switch firmware to John's fork as it supports DoT and supports your router. See: https://www.snbforums.com/threads/fork-asuswrt-merlin-374-lts-overview.67510/

Your English is no worse than mine and I have been trying to use it for a long time!
Thank you for your reply.
I am more interested in privacy than security which is why I would use the DoH.
I of course already have cloudflare as DSN in the WAN tab.

But would setting the DNS on the LAN DHCP site and bypassing the dns chain in the router have any adverse effects?

I am not sur eI am read yto tak the plunge into installing a custom FW since - as I understand - the AC66U is no longeradequately supported ?
 
Yes, @john9527's RMerlin fork is current and does support your router.

Click and that link @bbunge provided and bring your router to 2021 networking levels.
 
Yes, @john9527's RMerlin fork is current and does support your router.

Click and that link @bbunge provided and bring your router to 2021 networking levels.
Thank you for the reply :)

I am not sure though i am ready or have the abilities to spend 1 hour using a firmware restoration tool to update to a custom firmware. The router is placed in a hard to get area on an attic so it will probably not be realistic.

But I thank you for your replies :)
 
So you want Chrome to discover 1.1.1.1 as your operating system DNS resolver so that it auto-configures DoH with Cloudflare? If so, then yes you have to put Cloudflare in the LAN DHCP Server DNS field. But I think it will give both 1.1.1.1 and 192.168.1.1 (router IP) as DNS servers using stock ASUS firmware. The common downside is not being able to resolve hostnames of your local LAN devices when directly using an external DNS server.
 
So you want Chrome to discover 1.1.1.1 as your operating system DNS resolver so that it auto-configures DoH with Cloudflare? If so, then yes you have to put Cloudflare in the LAN DHCP Server DNS field. But I think it will give both 1.1.1.1 and 192.168.1.1 (router IP) as DNS servers using stock ASUS firmware. The common downside is not being able to resolve hostnames of your local LAN devices when directly using an external DNS server.
Oh, ok I see. I did not think about this issue. WOuld make it problematic for all LAN devices needing to talk to each other like printers and such
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top