How to setup Quad9 on my router

[barutchiev]

Hello. Why when testing in dnsleaktest and using DNS Quad9, my connection goes through www.bix.bg? Is this normal? Is there something I haven't done properly in the settings?My ISP is COOOLBOX,and when i dont use Quard9 i see COOOLBOX

 

[bbunge]

Your WAN setup looks OK. May I suggest you enable LAN/DNSFilter Enable DNS-based Filtering On set to Router. Also enable WAN DNS Privacy Protocol DNS-over-TLS with the Quad9 resolvers. Cloudflare 1.1.1.2/1.0.0.2 also works well to filter malware sites but you will have to edit the DoT settings (change 1.1.1.1 to 1.1.1.2 and 1.0.0.1 to 1.0.0.2)

 

[barutchiev]

Your WAN setup looks OK. May I suggest you enable LAN/DNSFilter Enable DNS-based Filtering On set to Router. Also enable WAN DNS Privacy Protocol DNS-over-TLS with the Quad9 resolvers. Cloudflare 1.1.1.2/1.0.0.2 also works well to filter malware sites but you will have to edit the DoT settings (change 1.1.1.1 to 1.1.1.2 and 1.0.0.1 to 1.0.0.2)

Hi, thanks for the reply. You save me for the second time. My DNS filter settings are as you say. Do I have to apply separate settings for "1" and "2"?

 

[barutchiev]

I'm sorry, but now I see that I have previously copied the Google translation. I fixed it in English

 

[bbunge]

Hi, thanks for the reply. You save me for the second time. My DNS filter settings are as you say. Do I have to apply separate settings for "1" and "2"?

Yes. the WAN/DNS Server1 and DNS Server2 settings will be used by the router when booting to set the time. The DNS over TLS Server settings will be used once the router has booted and is acting as the LAN DNS server. If you are using IPV6 it may be a good idea to alternate IPV4 DoT resolvers with IPV6 DoT resolvers.

 

[barutchiev]

Yes. the WAN/DNS Server1 and DNS Server2 settings will be used by the router when booting to set the time. The DNS over TLS Server settings will be used once the router has booted and is acting as the LAN DNS server. If you are using IPV6 it may be a good idea to alternate IPV4 DoT resolvers with IPV6 DoT resolvers.

Which settings do you suggest I set to "1" and which to "2"? I am a complete novice in the settings for DNS.

 

[lepa71]

This is what I have

On DHCP page

 

[barutchiev]

Thank you @bbunge , @lepa71 . I will try.

 

[Bill Woodcock]

Why when testing in dnsleaktest and using DNS Quad9, my connection goes through www.bix.bg? Is this normal?

Yep, that's normal. If you send a cache-busting query to Quad9, Quad9 has to resolve it by sending a new query to the authoritative server for the zone you're querying. That query has to originate on a unicast peering or transit interface of a Quad9 router (as opposed to the public-facing service interface, which is anycast). In this case, your ISP is connecting you to a Quad9 server cluster in Sofia, Bulgaria, presumably because that's close to you, and the Quad9 server is using one of its unicast addresses there to perform the necessary query.

So, you're seeing normal operation.