Help RT AC5300 & Merlin V RT-AC5300_386.3_2, WAN DNS Settings not working.

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Dsquared

New Around Here
Hello:
I have a RT-AC5300 router loaded with the latest Merlin firmware (RT-AC5300_386.3_2). The WAN DNS Settings are not responding to my configuration. I have the "Forward local domain queries to upstream DNS", "Enable DNS Rebind protection", and "Enable DNSSEC support" all set to "NO." I am unable to PING, SSH or SFTP with local devices. When I run tracert - the response indicates that the router is forwarding this local traffic to the outside DNS servers.

I have found that if I reset the settings back to "NO" the router will correctly handle the local traffic, however, the router soon reverts back to forwarding this communication to the outside DNS server. I have done a hard rest of the router and reflashed the firmware but the results are always the same. Is there a bug in this firmware?

Thanks in advance.




)
 

ColinTaylor

Part of the Furniture
I have found that if I reset the settings back to "NO" the router will correctly handle the local traffic, however, the router soon reverts back to forwarding this communication to the outside DNS server.
But you just said in the previous paragraph that these are already set at No. :confused: WAN DNS settings don't effect local name resolution. :confused:

Have you defined the local domain name on your router (LAN - DHCP Server)? Are you testing using FQDNs or short names to access your local devices?

Check that you have not set any DNS server addresses under LAN - DHCP Server. Also, make sure you are not using DNSFilter.
 
Last edited:

Dsquared

New Around Here
WAN DNS settings don't effect(sic) local name resolution.

Then what is the "Forward local domain queries to upstream DNS" setting for? It seems to me, you are given a choice here of letting the router or the regular DNS handle the local traffic.


Have you defined the local domain name on your router (LAN - DHCP Server)?

Yes.
Are you testing using FQDNs or short names to access your local devices?

No

Check that you have not set any DNS server addresses under LAN - DHCP Server.

I have not set any DNS server addresses in this area.

Also, make sure you are not using DNSFilter.

DNSFilter is turned off
 
Last edited:

ColinTaylor

Part of the Furniture
Then what is the "Forward local domain queries to upstream DNS" setting for? It seems to me, you are given a choice here of letting the router or the regular DNS handle the local traffic.
Yes, sorry I should have been more precise. Unless you are running your local DNS server elsewhere this option should always be set to No. Obviously Google's DNS servers (for example) don't know anything about your local clients host names so there's no point forwarding those queries outside your LAN.

From the command prompt of your PC issue nslookup commands for one of the DHCP clients on your network. e.g.
Code:
C:\Users\Colin>nslookup zen
Server:  RT-AX86U.home.lan
Address:  192.168.1.1

Name:    zen.home.lan
Address:  192.168.1.49
Code:
C:\Users\Colin>nslookup zen.home.lan
Server:  RT-AX86U.home.lan
Address:  192.168.1.1

Name:    zen.home.lan
Address:  192.168.1.49
 

Dsquared

New Around Here
Spoke too soon. The Router has reverted back to its old behaviour.


Here is the nslookup from the ASUS firmware.

C:\Users\David>nslookup 351ELEC
Server: RT-AC5300-4050
Address: 192.168.1.1

Name: 351ELEC
Address: 192.168.1.113


Here is the nslookup from the Merlin firmware:

C:\Users\David>nslookup 351ELEC
Server: dcb8a72bbac4
Address: 10.0.0.241

*** dcb8a72bbac4 can't find 351ELEC: Non-existent domain
 

ColinTaylor

Part of the Furniture
You appear to have another DHCP/DNS server active on your LAN. Probably with a MAC address of dc:b8:a7:2b:ba:c4.

What other equipment do you have connected to your network? e.g. servers, repeaters, access points, switches, etc.

Do you have any other network interfaces on this PC, e.g. VPNs or virtual machines?
 

Dsquared

New Around Here
What other equipment do you have connected to your network? e.g. servers, repeaters, access points, switches, etc.
See network map - No devices with that MAC address.

Network Map.png
Do you have any other network interfaces on this PC, e.g. VPNs or virtual machines?
'

As the Russians would say nyet (no)
 

ColinTaylor

Part of the Furniture
See network map - No devices with that MAC address.
I wouldn't particularly expect the router to be seeing this device as it is in a completely different subnet (10.x.y.z). Although I note that you appear to have rebooted the router anyway.

So as it stands there's nothing to indicate this is an issue with the router, but rather a problem with the PC or a device elsewhere on your LAN.

Do you have the same problem with other devices on your network?

When the problem occurs what happens if you go to http://10.0.0.241 , or https://10.0.0.241 , or ssh to that address?
 

Dsquared

New Around Here
So as it stands there's nothing to indicate this is an issue with the router, but rather a problem with the PC or a device elsewhere on your LAN.

I beg to differ as none of the other devices(PC's) on my network can communicate with 351ELEC.



Do you have the same problem with other devices on your network?

Some of them yes - but I do not see a common trait amongst them.

I have reinstalled the ASUS firmware and everything is working as it should.

When the problem occurs what happens if you go to http://10.0.0.241 , or https://10.0.0.241 ,

"The connection has timed out"

or ssh to that address?

"The host does not exist"
 

ColinTaylor

Part of the Furniture
Well the only solid piece of information we have is that your PC thinks that it's DNS server is at 10.0.0.241. As that address is not coming from your router (unless you have configured its VPN client, even then it shouldn't show up on the PC) it must be coming from somewhere else.
 
Last edited:

ColinTaylor

Part of the Furniture
Have you ever used PIA as a VPN provider? There were some issues experienced earlier this year when PIA started using 10.0.0.241 as their DNS server for clients.
 

Dsquared

New Around Here
Have you ever used PIA as a VPN provider? There were some issues experienced earlier this year when PIA started using 10.0.0.241 as their DNS server for clients.
Yes my VPN provider is PIA. I have never configured the router for VPN. (I only have PIA configured on individual PC's) I find it weird that the ASUS firmware behaves properly and the Merlin doesn't.
 

john9527

Part of the Furniture
Make sure the state of the PIA app is the same in both cases. If you have the PIA VPN active on the PC, it will use the PIA DNS servers which have no knowledge of your local network (you can configure the app to use your existing nameservers instead of the PIA ones if you want).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top