RAX200 DNS configuration guidance needed

bob123456

Regular Contributor
Hi there,
So I have made this topic a while ago trying to configure my LAN: old topic about my LAN configuration.

Things changed and.... I have a fiber router now (Zyxel, which this guide: Zyxel guide).

The problem is I can not change the DNS on that Zyxel router, it does not work. I have seeked help and confirmation on "pi-hole" forums. They confirm I am using the ISP DNS:
nslookup pi-hole
Server: sunrise.box
Address: 192.168.2.1

There is in the interface of that Zyxel some DNS entries, but none seems to be effective even after router reboot, clients reboots and ipconfig /flushdns...

So I went to the RAX200 config, and there is in Setup/Internet Setup: Domain Name Server (DNS) Address/Use these DNS Server Address:
So I configured 192.168.2.3 (which is my pi-hole ip address on the LAN). The configuration took some time to be applied. Then I tested again:

It did not work, the DNS was still from the ISP.

See:
Capture4.PNG


I am suspecting for that entry to work, I also need to use it with the other setting, the DHCP server, from the RAX200. Am I correct?
if so, it's somehow dumb because that setting would be ineffective "on its own".

See, what I mean:
Capture5.PNG


At the moment the DHCP server is coming from the Zyxel Fiber Modem.



PS: for the context, I still can not set that Zyxel Router/modem as bridge*, so I am suffering to configure it. It's new and the provider interface awfully limited and buggy.
*(theoretically I could but the ISP firmware/software does not offer any option to do that, I saw on the official Zyxel guide the device can work as bridge).

Any hint?
I was not to keen on disabling DHCP from Zyxel router and reconfigure everything on RAX200 but maybe I have no choice if I want to change DNS/Use pi-hole.

Tx in advance,
 

eibgrad

Part of the Furniture
Given your current configuration, telling the RAX200 to use specific local DNS servers other than those of the ISP is *only* going to affect the RAX200. Those changes only get propagated to the LAN clients if the RAX200 is in fact the DHCP server.
 

bob123456

Regular Contributor
Given your current configuration, telling the RAX200 to use specific local DNS servers other than those of the ISP is *only* going to affect the RAX200. Those changes only get propagated to the LAN clients if the RAX200 is in fact the DHCP server.
Thanks, I see. I would have tried that by pinging from the RAX200, like google or something but I don't have that possibility.

Fair enough only the router RAX200's DNS would be changed then (makes sense).

Since I have device A (Zyxel Fiber) and device B (RAX200), does it makes sense to actually configure DHCP on device B (RAX200)?

My previous network layout, when the ISP device could have DNS changed was:
Device A; 192.168.2.1 (DHCP, DNS changed to 192.168.2.3)
Device B: 192.168.2.2
I had changed the DNS at Device B level, I would have to reconfigure Static ips, etc and... anything from device A would not use the DNS I want, right?
 

eibgrad

Part of the Furniture
Well ideally you would have the Zyxel acting as only a modem, and the RAX200 as your primary router, and it would be the DHCP server. But if the Zyxel is still acting as your primary router, then I assume the RAX200 is *bridged* to the Zyxel (i.e., the two are connected LAN to LAN).

Given the above, could you make the RAX200 the DHCP server instead? Probably, assuming you can disable the DHCP server on the Zyxel, and you do NOT configure the RAX200 w/ AP mode, but leave it in Router mode (I'm unfamiliar w/ the RAX200, and I fear the use of AP mode would completely disable the DHCP server). Then configure the DHCP server normally, except specify the Zyxel's LAN ip as the default gateway (I assume you can change this in the GUI).

At least it should work in theory. It always difficult to provide 100% assurance when dealing w/ oem/stock firmware.
 

bob123456

Regular Contributor
Well ideally you would have the Zyxel acting as only a modem, and the RAX200 as your primary router, and it would be the DHCP server.

But if the Zyxel is still acting as your primary router, then I assume the RAX200 is *bridged* to the Zyxel (i.e., the two are connected LAN to LAN).

Given the above, could you make the RAX200 the DHCP server instead? Probably, assuming you can disable the DHCP server on the Zyxel, and you do NOT configure the RAX200 w/ AP mode, but leave it in Router mode (I'm unfamiliar w/ the RAX200, and I fear the use of AP mode would completely disable the DHCP server). Then configure the DHCP server normally, except specify the Zyxel's LAN ip as the default gateway (I assume you can change this in the GUI).

At least it should work in theory. It always difficult to provide 100% assurance when dealing w/ oem/stock firmware.
Thanks for your interest and help, fully appreciated! Yes, indeed, the ISP customizing firmware/software is rather annoying. Especially here some features are not working well (bugs, 100% verified by myself), and some part of the documentation is incorrect (I saw they simply duplicated from OEM's instructions, not mentioning they modified the feature).

1) Yes, I wish I could only turn the device A (Zyxel Fiber) into basic modem, bridge it and configure everything from Device B (RAX200). Due to ISP changes I can not set device A into bridge mode. Visibly, I also can't modify DNS; some of the applied changes are ineffective, some other not possible from the greyed out GUI.

2) At the moment I have a "LAN to LAN" RJ45 cat6 cable going from port "10G Lan" of the modem to port 1 of the RAX200.

183063290_xxl3[1].jpg





Device A has DHCP, and 192.168.2.1 ip. The DHCP range is set from x.10 to x.250 or similar, the first 10 ips are reserved, some have static ip.
Device B has no DHCP, and 192.168.2.2.
Device C (pi-hole, a raspberry pi) has 192.168.2.3.


3) It seems, as you suggested, that I might have to change and set device B to be DHCP. I'm a bit reluctant because before, I had set the device A for that (in addition to redoing static config in device B, I had other limitations). Also, I had managed to configure before with device A the dhcp server (using discontinued modem), and thanks to that, I could see the IP of every clients in pi-hole list of queries. I remember it was not straight forward. Also, device C, was/is physically connected using cat5 cable to device A. So I'd have to move that one to device B (which is doable).

4) Regarding the gateway, the only config I see that could be remotely related would be "internet IP address" in the Internet Section. I looked other sections like LAN setup, WAN setup... I don't see that I can change that anywhere:

Capture6.PNG


I have to put more thoughts into that and do some trials, see how pi-hole behave when I configure like you suggested.
I'm still waiting for the ISP to contact me regarding the fact the DNS options can't be changed-or I should say are not effective after change. It would be easier to simply have that working. I have very little faith in them contacting me back.
 

bob123456

Regular Contributor
Quick update, I phoned them again (harassement is the only way :rolleyes:).That worked, they are listening and I had someone willing to help but discussing with a 3rd party team. We have started email exchange, with the information about the DNS related issues.

In the meantime I did a lot of reading about the topic, and I have basically 3 options:

  1. Router 1 (DHCP server) -> Router 2. That was/is my current setup, one big subnet. At the moment I can't change DNS from router1 due to limitations/bugs, currently investigated by the ISP.
  2. Router 1 -> Router 2 (DHCP server). I would have to change the WAN ip of router 2 to be router 1 local IP. That is still using 2 routers on a LAN and is not that efficient... Unfortunately device A is not a modem only, so I can not have a proper WAN ip address, I have a local ip. Also, it will force me to reconfigure the static ips on router2.
  3. Router 1/Router 2/ Pi-hole on raspberry pi 3 (DHCP server). <-- I'm not keen on that option. Especially when I have 2 expensive devices...and I would have to reconfigure static IP also...
 

papypaprika

Occasional Visitor
Hi @bob123456

Kindly keep us posted with respect to your exchange with the ISP (Sunrise correct?).

I just subscribed to a 10Gb offer from Sunrise (for $42 / month, I couldn’t resist!) which uses the same Zyxel modem/router and I understand that they are locking the DNS settings and one cannot use the modem/router in bridge mode.

But I’d love to hear if they actually change their stance or offer a way around to “power users”.

Otherwise it looks like we’ll have to be double-NATed.
 

bob123456

Regular Contributor
Hi @bob123456

Kindly keep us posted with respect to your exchange with the ISP (Sunrise correct?).

I just subscribed to a 10Gb offer from Sunrise (for $42 / month, I couldn’t resist!) which uses the same Zyxel modem/router and I understand that they are locking the DNS settings and one cannot use the modem/router in bridge mode.

But I’d love to hear if they actually change their stance or offer a way around to “power users”.

Otherwise it looks like we’ll have to be double-NATed.
Hi,
Well, officially, for now they have not said DNS settings are locked. In fact, in previous "Sunrise Live internet Box", I was able to change DNS settings.
Here there is also the option to do it but it does not work (the setting applied and visible is not taken into consideration). That looks more a bug to me...

Also according to the doc of the manufacturer (zyxel) vs the one from Sunrise (Doc Sunrise) (which is almost similar, beside branding) and VS the actual interface, I see they made some mess and the gui is not matching the doc. For example, page 92 of the guide it claims to be a button named "DNS Server 1/2", but in the gui it's called "From ISP" (and it's greyed out).

I explained all that to ISP, I haven't heard from them in 5 business days, the latest guy seems to have listened and received my email, so maybe they will come back with an answer at some point. If not, I'll harass them again middle of next week, around 15th December 2021.

PS: Nice offer by the way, good price!
 

bob123456

Regular Contributor
By the way, I have issues with " AX7501-B0 Firmware Version: V5.15(ABWW.2)C0".

I'm harassing them on the phone now, since I did not have any answer since 03rd December 2021, it's now 14th December.
So far 26 minutes waiting for the ISP support to pick up...
I will update when/if they pick up, and if they say anything useful.

Edit: after over 40minutes waiting, finally someone picked up. Bottom line, their "expert" has to call me back because their explanation attempt that "one can not change DNS for security reasons now that we have fiber and it's somehow shared connection" is not going well with me.

1) It's on my LAN
2) It's not about security
3) It's documented and I could make the change anyway (which was not really active).

I have to wait for a call back.

Edit: Well, the expert does not want to talk to me obviously (typical Swiss arrogance, based from my 12 years experience working in IT in Switzerland), they made the call center calling me back. They claim it's not possible with the 10GB* technology (despite the fact the DNS is my LAN/DHCP). Then they said they don't provide "device support" but only internet as they are ISP. To what I responded why they are customizing their device software/firmware/interfaces then? (no relevant replies received to that).
They also did not reply to my email about the fact the Sunrise doc mention DNS config, and the same for their SW implementation customized by Sunrise let you change DNS.

I told them I'm not satisfied with that, they are not consistent, they should align their doc and product. So I asked that someone reply officially by email, or explain more. They will escalate.


*I'm not even supposed to have 10GB line, I'm paying for 1GB download/upload max, it seems to be some weird shared connection I have never heard about.

I think I'm going to give up and make a lan with dual router, and local DHCP with custom LAN......
 
Last edited:

papypaprika

Occasional Visitor
By the way, I have issues with " AX7501-B0 Firmware Version: V5.15(ABWW.2)C0".

I'm harassing them on the phone now, since I did not have any answer since 03rd December 2021, it's now 14th December.
So far 26 minutes waiting for the ISP support to pick up...
I will update when/if they pick up, and if they say anything useful.

Edit: after over 40minutes waiting, finally someone picked up. Bottom line, their "expert" has to call me back because their explanation attempt that "one can not change DNS for security reasons now that we have fiber and it's somehow shared connection" is not going well with me.

1) It's on my LAN
2) It's not about security
3) It's documented and I could make the change anyway (which was not really active).

I have to wait for a call back.
Thanks for the update. These hotlines are a pain with so many people not knowing what they are taking about.

It would be good to have an official solution/feedback from them, but I’m getting ready to check out the command of the last post of the following link as soon as I receive my connection 31.01.2022):

 

bob123456

Regular Contributor
Thanks for the update. These hotlines are a pain with so many people not knowing what they are taking about.

It would be good to have an official solution/feedback from them, but I’m getting ready to check out the command of the last post of the following link as soon as I receive my connection 31.01.2022):

Is it the command about "var x = $ .xmo;"? It seems to be for voip, no?
I'll have a look tomorrow.

Edit:
I did this in Chrome Developer console:
var x = $ .xmo;
$ .xmo.init ();
$ .xmo.login ("admin", "mypassword");

$ .xmo.getValuesTree ('Device')

It returns:
VM204:2 Uncaught TypeError: Cannot read properties of undefined (reading 'init')
at <anonymous>:2:8
 
Last edited:

papypaprika

Occasional Visitor
Is it the command about "var x = $ .xmo;"? It seems to be for voip, no?
I'll have a look tomorrow.

Edit:
I did this in Chrome Developer console:
var x = $ .xmo;
$ .xmo.init ();
$ .xmo.login ("admin", "mypassword");

$ .xmo.getValuesTree ('Device')

It returns:
VM204:2 Uncaught TypeError: Cannot read properties of undefined (reading 'init')
at <anonymous>:2:8
Indeed the original post was to deal with VOIP issues, but the command may work to access broader settings.

Did you try to change “admin” and “password” by the login and password you use to log through the GUI ?
 

bob123456

Regular Contributor
Indeed the original post was to deal with VOIP issues, but the command may work to access broader settings.

Did you try to change “admin” and “password” by the login and password you use to log through the GUI ?
Well, that is exactly what I did, (it says "mypassword")... Maybe I'm not doing it on the right place?
After more reading, it seems the person on galaxus/digitec gave bad information, this commands are specifically for "router firmware used by (Sagemcom)[email protected] Version 3.43.2".
I doubt it will work on a zyxel device...
 
Last edited:

papypaprika

Occasional Visitor
Well, that is exactly what I did, (it says "mypassword")... Maybe I'm not doing it on the right place?
After more reading, it seems the person on galaxus/digitec gave bad information, this commands are specifically for "router firmware used by (Sagemcom)[email protected] Version 3.43.2".
I doubt it will work on a zyxel device...
We’ll, it was worth a shot, as it is provided by the same ISP.

Let’s see if they come back with an official answer then!
 

bob123456

Regular Contributor
Well I emailed s
We’ll, it was worth a shot, as it is provided by the same ISP.

Let’s see if they come back with an official answer then!
Haha, they won't. Last time they did the same, it's over 1-2 year they have not answered.
The last topic was setting the previous router (Sunrise internet box) in bridge mode. Their motto is they don't provide device support, and here and then they pretend they will contact you back to make you stop calling.
It's really a shame, Sunrise have improve their service quality significantly over the past few years, and they were much better than it used to be. Unfortunately some of the [Swiss local] employees are ruining their global efforts by behaving like arrogant know-it-all precious things who can't discuss/reply to their advanced customers.
Well fair enough, unfortunately, their documentation and implementation of the firmware is letting the user configure something they claim is not allowed, therefore it's overall very bad.


I have also emailed [email protected] (not telling I have a custom firmware from Sunrise), hoping they can provide more information than their doc and/or an expert page.

I have invited here the user on digitec who posted the voip commands, that person claims to have been able to ssh to that device (I haven't yet). Maybe we can work together.

We'll see... a lot of time wasted.
 

B_Rabbit

New Around Here
Hi all
I am the initial question starter from the digitec link.

The last official reply I got from Sunrise was on 8th June. The technician told me that the DNS function was greyed out intentionally because of the 10gbit technology.
They have no plans to change it in future. His advice was, to change back to a 1gbit connection and use a FritzBox. (great isnt it?).

Further I already asked Zyxel for an original firmware. They told me, that they dont support ISP Routers and I have to ask Sunrise.

This is no fun at all.

I hope I could help you guys in any way.
 

bob123456

Regular Contributor
Hi all
I am the initial question starter from the digitec link.

1) The last official reply I got from Sunrise was on 8th June. The technician told me that the DNS function was greyed out intentionally because of the 10gbit technology.
They have no plans to change it in future. His advice was, to change back to a 1gbit connection and use a FritzBox. (great isnt it?).

2) Further I already asked Zyxel for an original firmware. They told me, that they dont support ISP Routers and I have to ask Sunrise.

This is no fun at all.

I hope I could help you guys in any way.
Hi, thanks for joining us here!

1) I heard similar, but Sunrise should have updated their documentation then.
Sunrise Doc for that Zyxel
Especially when it's documented one can modify.
Saying that, I'm curious about that 10G thing, from a technological point of view, where the local LAN would be impacted???
I never heard about that technology and in fact, it seems worrying if all traffic is visible by other customers...

2) Yes, it's usual Zyxel won't provide ISP support. The key is to get some information without saying it's ISP customized firmware...in our case, I have asked them about the famous DNS feature, and tell them it's not making any change (without going into Sunrise details). In fact that's true, and it's a feature present in their Zyxel documentation...

Yes it's not fun at all, they are time wasters, release a device limitating its features, not modifying the doc well enough, etc... All that at the expense of the customer(s).
 

bob123456

Regular Contributor
Hi, I almost made it o_O

I tried to sneak the page using developer, and modifying the code. So far I was able to suppress the "disabled" settings.

(I had to right click, Inspect, and then simply delete the disabled="disabled" property/value):
DDNBe.PNG




Then I was able to do that for the radio button (Static) and for each relevant boxes (where we input the ip).
DNSre.PNG


The problem is at saving (=clicking Apply), it complains it's empty.
DNS22.PNG

Notes:
- I had try first with only 1 line for DNS Server 1 then apply: it gives DNS address is empty!
- I had try then with only 1 line for DNS Server 1 and the same for DNS server 2 then apply: it gives complain it's same IP
- I had try then with only 1 line for DNS Server 1 and 1.1.1.1 for DNS server 2 then apply: it gives DNS address is empty!


Maybe we can sneak this way...

Edit:
Actually, I had to disable IPV6 below, then it allowed me to save.
Unfortunately, it seems to make it buggy, after that I was not getting any DNS answers from my windows client:
nslookup www.google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1


I had to set back "DNS Proxy" and hit apply, for the dns to resume working:
nslookup www.google.com
Server: sunrise.box
Address: 192.168.2.1

Non-authoritative answer:
Name: www.google.com
Addresses: 2a00:1450:400a:808::2004
172.217.168.4


Bottom line, so far, I was able to actually set a static DNS server ip, but it's not working, the dns is not responding when doing that...
I don't think it's linked to my local DNS server (pi-hole) because that works...

I'm also not sure if that's from my client, because on the router page, diagnostic mode, I tried to nslookup for www.google.com, that also did not work...


When it works (ie, with DNS set to DNS proxy):
Server: 127.0.0.1
Address 1: 127.0.0.1 wpad.sunrise.box

Name: www.google.com
Address 1: 172.217.168.4 zrh11s03-in-f4.1e100.net
Address 2: 2a00:1450:400a:808::2004 zrh04s16-in-x04.1e100.net
iplist: 172.217.168.4,2a00:1450:400a:808::2004


Maybe if we find a way to sneak that and configure that localhost 127.0.0.1 is raspberrypi.local (my hostname for the dns server)??


Edit 2: After many trials and errors, when I have set a static ip for my local dns server, it's barely working, I can resolve google.com once every few attempts.
From the router, it still replies on nslookup:
Server: 127.0.0.1
Address 1: 127.0.0.1 wpad.sunrise.box

Name: www.gazeta.pl
Address 1: 80.252.0.145 host-80-252-0-145.gazeta.pl
iplist: 80.252.0.145

There also works intermittently.


So it really seems that setting a local DNS is impacting the connection and/or that something is not working well.
I made many tries with the content of Network Settings/DNS (there was sunrise.box 192.168.2.1, I replaced with raspberrypi.local 192.168.2.3; I tried again with one value only, then none, then both...).

No luck.

So I reverted back to Network Settings/DNS (sunrise.box) and in Network Settings/Home Networking /LAN setup/DNS Values, DNS/DNS Proxy. After clicking apply, it's all stable again.
Only that, obviously, it's not using pi-hole. (in fact based on the queries logs, it seems I never used that DNS server with that Zyxel configuration/router.


I'm starting to suspect that IPV6 is forced also, and disabling it is not really active. So maybe it is not working because I don't use a IPV6 DNS server on pi-hole...

I'm bored of that topic already.
 
Last edited:

B_Rabbit

New Around Here
Hi, I almost made it o_O

I tried to sneak the page using developer, and modifying the code. So far I was able to suppress the "disabled" settings.

(I had to right click, Inspect, and then simply delete the disabled="disabled" property/value):
View attachment 37821
I tried the same thing yesterday also without success.
Partly the whole router freezes or (like your situation) I cant resolve any websites.

I think I will just replace the router. I already spent too much time on this useless box :)
 
Similar threads
Thread starter Title Forum Replies Date
M DNS filter by MAC address possible? NETGEAR AX Wireless 2

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top