Is it possible to change a routers settings via ssh?

[AppleBag]

I'm thinking of trying to write up a script to change my ASUS RT-AC68U's DNS setting via SSH and wondering if it's possible? Or can that only be done via the WEB UI?

 

[Greg72]

Yes, SSH is available.

 

[AppleBag]

Yes, SSH is available.

So, say I wanted to change the DNS1 setting (as shown in this post) via SSH; how would I do it? i.e. which command(s) would I use?

 

[ColinTaylor]

So, say I wanted to change the DNS1 setting (as shown in this post) via SSH; how would I do it? i.e. which command(s) would I use?

Which one WAN or LAN?

 

[AppleBag]

Which one WAN or LAN?

Under DNS and WINS settings

 

[AppleBag]

I think I got it sorted out, does this look right?

nvram set dhcp_dns1_x=192.168.0.234 | nvram commit

 

[AppleBag]

And before I spend a lot of time on a new project, does anyone know if this already exists?

What I plan to do is write a small app that:

• Pings the DNS server on my LAN at something like 5 minute intervals, indefinitely. (I run Pi-hole, which also forwards to DNSCrypt Proxy)
• If it finds that the DNS server on my LAN is down, it'll SSH into my Router, and change the DNS to a regular public one, like 8.8.8.8
• It'll keep pinging the local DNS to see if it's back up. If it comes back up, it'll SSH back into the router, and set that DNS back to the local DNS IP.

It'll just keep doing all of this forever, as a task or service. Idea is, if the DNS server on my LAN goes down, (i.e. a reboot of the machine, Docker crash, etc.), I won't ever be out of access to the net for more than the 5 minutes it might take for my app to update the DNS IP on my router.

Seems I'm stuck having to do this, because there's no other way that I've found to have a 'backup' DNS IP so that I'm never stuck being off the internet. Adding a second DNS IP to the "DNS 2" settings anywhere just causes the software to use both DNS's, bypassing Pi-hole half the time. The other option I've seen is to run an entirely second Pi-hole container, and use it as a backup IP. This seems like a hassle to me.

I'd love to be able to NOT have to write this app (I'm sooooo busy with other projects), if anyone knows a better idea?

 

[ColinTaylor]

I think I got it sorted out, does this look right?

nvram set dhcp_dns1_x=192.168.0.234 | nvram commit

Yes. You also need this for it to take effect for new clients.

service restart_dnsmasq

 

[ColinTaylor]

Adding a second DNS IP to the "DNS 2" settings anywhere just causes the software to use both DNS's, bypassing Pi-hole half the time.

What OS are you using? The behaviour you want is exactly what Windows does, it only uses the 1st DNS server and will only use the second if it doesn't get a response within 1 second from the first.

 

[AppleBag]

What OS are you using? The behaviour you want is exactly what Windows does, it only uses the 1st DNS server and will only use the second if it doesn't get a response within 1 second from the first.

Well, I have the DNS set on my router, so that all devices on my LAN go through my Pi-hole + DNSCrypt; so Linux I guess is my OS in this case.

I've already tried using LAN IP as DNS1 and a regular public IP (like 1.1.1.1) as DNS2 in the router, but when I checked with a leaktest site, it was showing me that about half of the requests were still using the DNS2 IP, bypassing my pihole setup.

 

[ColinTaylor]

Well, I have the DNS set on my router, so that all devices on my LAN go through my Pi-hole + DNSCrypt; so Linux I guess is my OS in this case.

No, I mean the OS of the DHCP client. e.g. Windows 7, MacOS, etc.

I've already tried using LAN IP as DNS1 and a regular public IP (like 1.1.1.1) as DNS2 in the router, but when I checked with a leaktest site, it was showing me that about half of the requests were still using the DNS2 IP, bypassing my pihole setup.

I've just checked this with a Windows 7 client and dnsleaktest.com and it's working as expected, i.e. only using DNS1 when both are DNS1 and DNS2 are defined.

EDIT: I don't use DNSCrypt so it's possible that that is slowing down your DNS responses to such and extent that it's failing over to the second DNS server.

EDIT 2: Just checked from an Ubuntu 18.04 client and that's working as expected as well.

 

[AppleBag]

No, I mean the OS of the DHCP client. e.g. Windows 7, MacOS, etc.

I have all kinds of devices as clients on this LAN; Windows, Mac, Androids, iPhones, Nooks, Kindles, Amazon Fire sticks, Chromecasts, Rokus ....

I've just checked this with a Windows 7 client and dnsleaktest.com and it's working as expected, i.e. only using DNS1 when both are DNS1 and DNS2 are defined.

EDIT: I don't use DNSCrypt so it's possible that that is slowing down your DNS responses to such and extent that it's failing over to the second DNS server.

EDIT 2: Just checked from an Ubuntu 18.04 client and that's working as expected as well.

Weird, I tried it and got a different result. It's also what I've read in a lot of posts while researching the issue. While I did my tests, I didn't have DNSCrytpt running yet; just Pihole, but they're both super fast when running as far as returning responses. DNSCrypt also has built-in testing and chooses from the fastest of a list of DNS servers. I have about 5 of them in my list, including Google's and CloudFlare's.

 

[Greg72]

So, say I wanted to change the DNS1 setting (as shown in this post) via SSH; how would I do it? i.e. which command(s) would I use?

WinSCP, Putty, SSH in a CLI for Linux. Just have to enable it but not the WAN button and enable Brute Force, then you are in like Flynn.

 

[AppleBag]

Yes. You also need this for it to take effect for new clients.

service restart_dnsmasq

Me again, Colin!

SO I've gotten back around to playing with this and some weird things are happening. First Let me just describe my desired behavior:

I simply want to be able to run the command:

 nvram set dhcp_dns1_x=123.123.123.123 | nvram set dhcp_dns2_x=321.321.321.321 | nvram commit | service restart_dnsmasq

And had the router just start using those new DNS's without a restart/reboot.

Using that code so far does change the DNS's properly, however, it's very squirrly whether any device will instantly start using the new DNS's. For example, on a Windows 10 machine, I have the NIC adapters set to 'automatically get DNS', and if I do a ipconfig /all sometimes it'll show the DNS switch properly, other times it'll still show the old one, even after doing a ipconfig /flushdns.

Other times it seems to work right away.

Last night, all devices on the LAN behind the router stopped working, even after reboots (of the devices). The only fix was to hard reboot the router via power cycle. Very confusing.

Anyone with more expertise in this area than I (which is near zero ) have any idea what's happening?

 

[dave14305]

Me again, Colin!

SO I've gotten back around to playing with this and some weird things are happening. First Let me just describe my desired behavior:

I simply want to be able to run the command:

 nvram set dhcp_dns1_x=123.123.123.123 | nvram set dhcp_dns2_x=321.321.321.321 | nvram commit | service restart_dnsmasq

And had the router just start using those new DNS's without a restart/reboot.

Using that code so far does change the DNS's properly, however, it's very squirrly whether any device will instantly start using the new DNS's. For example, on a Windows 10 machine, I have the NIC adapters set to 'automatically get DNS', and if I do a ipconfig /all sometimes it'll show the DNS switch properly, other times it'll still show the old one, even after doing a ipconfig /flushdns.

Other times it seems to work right away.

Last night, all devices on the LAN behind the router stopped working, even after reboots (of the devices). The only fix was to hard reboot the router via power cycle. Very confusing.

Anyone with more expertise in this area than I (which is near zero ) have any idea what's happening?

Clients won’t get the new DNS settings until they renew their DHCP leases, and that is up to the client.

 

[ColinTaylor]

I simply want to be able to run the command:

 nvram set dhcp_dns1_x=123.123.123.123 | nvram set dhcp_dns2_x=321.321.321.321 | nvram commit | service restart_dnsmasq

Using pipes (|) for the above code would be bad practice. I suggest you change "|" to ";"

 

[AppleBag]

Clients won’t get the new DNS settings until they renew their DHCP leases, and that is up to the client.

Hi Dave

So just so I'm clear, that means doing a /flushdns is pointless as well?

Also, is there some way in the router that I can force an instant DHCP lease renew via another variable setting that would automatically force all clients to get a new lease?

 

[AppleBag]

Using pipes (|) for the above code would be bad practice. I suggest you change "|" to ";"

Thanks, I was wondering that myself last night after I posted, and saw a post on stack that also said that.

Should I also add one to the last command as well, or does that one not matter? i.e.

nvram set dhcp_dns1_x=123.123.123.123; nvram set dhcp_dns2_x=321.321.321.321; nvram commit; service restart_dnsmasq;

 

[AppleBag]

ok, sorry for the thread spam guys, lol, but I'm working on this as we speak.

Currently I'm trying some other methods to make all devices on the lan "instantly" use the DHCP DNS switches I do via the commands. If I include a "reboot" command like this, it seems to work:

nvram set dhcp_dns1_x=123.123.123.123; nvram set dhcp_dns2_x=321.321.321.321; nvram commit; service restart_dnsmasq; reboot

But, as you can imagine, a full router reboot can take like 5 minutes or more, and any users trying to access the internet during that time will be angered with that wait.

So I'm trying (I guess "hacky"(?)) methods to accomplish the same effect. I thought that if I disable and then renable DHCP on the router, it might have the same effect, so I did like this:

 nvram set dhcp_dns1_x=123.123.123.123; nvram set dhcp_dns2_x=321.321.321.321; dhcp_enable_x=0; nvram commit; dhcp_enable_x=1; nvram commit; service restart_dnsmasq

And from what I can tell, it *somewhat* works? I say somewhat, because I have 2 NICs on my Win10 machine that I need to use the net, one is the NIC card itself, and the other is a bridge that Hyper-V uses. After issuing the above command, the Hyper-V "NIC" immediately gets the new DNS settings, but the LAN is still using the old one:

In the above pic, the CloudFlare DNSs (1.1.1.1, etc.) were just switched, and the 192.168.0.194 DNS's were the previous ones. They both should've been switched to the CF DNSs.

Does anyone have any other ideas for this? A better workaround, or anything at all? Also, is there some sort of "soft" reboot command available that sort of "fast boots" the router rather than a full, slow reboot?

 

[dave14305]

Does anyone have any other ideas for this? A better workaround, or anything at all? Also, is there some sort of "soft" reboot command available that sort of "fast boots" the router rather than a full, slow reboot?

You could try either of these network restart commands to force clients to disconnect and maybe renew their leases. Not sure it will work, and I haven’t tested it before suggesting it.

No /etc/init.d

If you were only relying on external DNS servers you’d be able to just manipulate DNSFilter on the router. But since one of the DNS servers is on the lan, the router won’t see that traffic to intercept it.

Thinking out loud, what if you also advertised the router IP as a secondary dns server, and used DNSFilter to redirect to Router mode (LAN DHCP DNS 1). Any clients that send to the router IP when PiHole is still available will be redirected to it. Then if PiHole isn’t pingable, change DNSFilter to 1.1.1.1 and restart the firewall. Clients might then timeout on the PiHole ip and then switch to router ip.

There’s probably a gotcha in here somewhere, but I haven’t had coffee yet.