RT-AX88u DNS problem

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Mr. Nightsea

Occasional Visitor
Hi all,

I really need some advise here.
I'm banging my head against the wall trying to solve this issue.

So, I got the Asus RT-AX88u, satisfied with it but...it is giving me headaches regarding the DNS server settings.

I don't want to use my ISP DNS server so I changed it to the DNS.Watch servers, as I've always been using without problems on my AC68u.
Now here's where the problem starts. Set the DNS config to receive automatically the DNS servers config from my ISP works. I'm getting the local DNS server belonging to my ISP. As soon as I manually configure a different DNS server, testing it on IPLeak.net and DNS Leak Test, the config I'm getting good to a DNS server in Germany. I've tried various DNS servers but every test I do, goes to the server in Germany (IP: 195.181.174.168 - DataCamp Limited and also de Watch.Dog IP: 84.200.70.40 appears to be in Germany). I did a full reset of the router, same result.

I've now also configured the VPN Client on the Router, tried fiddling with that...no result either. Not even getting the DNS of my VPN provider....

So, with or without VPN, every time it's the German DNS servers I'm seeing on these test sites as soon as I step away from my horrible ISP DNS server.

I hope anybody can help me out here... :(
 
Last edited:

ColinTaylor

Part of the Furniture
Make sure you don't have DNSFilter enabled and that you don't have any DNS servers set on LAN > DHCP Server.
 

Mr. Nightsea

Occasional Visitor
Make sure you don't have DNSFilter enabled and that you don't have any DNS servers set on LAN > DHCP Server.
Yes, DNSFilter is off, DHCP Servers configured in the LAN and WAN. But even if I remove the LAN... same result.
It's almost if something is stuck in the router or the firmware isn't correct or something.... It's a router from Europe (Channels aren't unlocked) but so is my AC68u and here there are no problems.
 

ColinTaylor

Part of the Furniture
Have you done a factory reset on the router?
 

ColinTaylor

Part of the Furniture
Yes, within the router's portal i did a reset. Not sure if that's what I had to do nor if it's the same as the reset switch at the back of the router?
Suggestions what's the best option?
That's fine.

Do you have any addon scripts installed?
 

Mr. Nightsea

Occasional Visitor
That's fine.

Do you have any addon scripts installed?
No, neither this.

Actually, when I did the reset I immediately tried if it worked, configuring a different DNS and no...didn't work.
Could it also be a bug in Merlin? I don't think so, but at this point...wouldn't want to rule this out as being an option.
 

RMerlin

Asuswrt-Merlin dev
Check the DNS configured on the computer itself, and also try a different browser - Firefox for instance loves to screw with whatever DNS server you want to use by silently overriding it.
 

Mr. Nightsea

Occasional Visitor
Check the DNS configured on the computer itself, and also try a different browser - Firefox for instance loves to screw with whatever DNS server you want to use by silently overriding it.
I'm using Safari (MacBook pro) and just tried Brave.
Both are giving me the same German servers. ‍♂️

On my phone I get: 195.181.174.168 - Germany - Hesse and IPv6: 2a02:6ea0:c728:100 also Germany Hesse
Brave and Safari mention: 84.200.69.80 in Germany (it's the address from DNS.Watch but should it be in Germany???) and IPv6: 2001:1608:10:25::1c04:b12f (Germany)

I still have the router (DHCP server) configured to give the clients the following DNS servers: 84.200.69.80 and 84.200.40.70 (DNS.Watch) I actually changed it to these today. A couple of days back I've tried again with the cloud flare servers but had the same results as with these servers from DNS.Watch...

I'm NOT living in Germany or Europe, by the way..not even near.
 
Last edited:

ColinTaylor

Part of the Furniture
What is "Watch.Dog"? I've searched but can find no information about it.

EDIT: Do you mean "dns.watch"?
 

Mr. Nightsea

Occasional Visitor
What is "Watch.Dog"? I've searched but can find no information about it.

EDIT: Do you mean "dns.watch"?
You are absolutely right, I meant DNS.Watch. No idea how I come to Watch.Dog....
Sorry for the confusion, I've changed all my posts from Watch.Dog to DNS.Watch.
 

ColinTaylor

Part of the Furniture
I still have the router (DHCP server) configured to give the clients the following DNS servers: 84.200.69.80 and 84.200.40.70
The second address should be 84.200.70.40.

Both those servers are located in Germany so it is correct that dnsleak is showing that country.
 

Tech9

Very Senior Member
Ja, natürlich. DNS.watch is a service located in Germany. I don't know if they have any servers in other countries. Fast (locally), Free (probably), Uncensored (like many) + all the logging as per regulations in Germany, member of so called "14 eyes" intelligence alliance. What's so special about DNS.watch?
 

Mr. Nightsea

Occasional Visitor
Ok, feel a bit foolish about that... Did not check this detail..

So what I did now is:
- Removed all DNS server config from the LAN config page and set it to advise the routers IP to the clients.
- On the WAN config page, I've chosen the OpenDNS Servers.

Rebooted the router, Cleared my browsers cache and...

IPLeak shows DNS IP: 195.181.174.168 in Germany - Hesse

Now, Have really no Idea what happened, I've removed only my mac from the VPN Director tab and added it again. IPLeak now shows the DNS from the VPN server I'm connected to, in the country I'm connected to.

Just to try if all works, I disabled the DNS selection from Strict to Disabled and added the Quad9 DNS. Now getting a different DNS server (XXX.121.98.178 but have no idea if this is a Quad9 server or not. :) I've e-mailed them to check.

I also just now reverted to the DNS servers of my VPN provider and guess what....got those as result on IPLeak and DNSLeaktest.


Plausible solution:
I think removing my Mac from the VPN Director and adding it again did some sort of reset on the router's configuration... no idea but I think it's working now.
Wouldn't want to close this threat yet, I'll keep doing some tests to see if it's really solved. I'll update this threat in a day or two, suppose that will be enough time to test it. :)


Thank you all for the help/suggestions.
 

Mr. Nightsea

Occasional Visitor
Ja, natürlich. DNS.watch is a service located in Germany. I don't know if they have any servers in other countries. Fast (locally), Free (probably), Uncensored (like many) + all the logging as per regulations in Germany, member of so called "14 eyes" intelligence alliance. What's so special about DNS.watch?

Regarding DNS.Watch, Well, I was looking for alternative, perhaps faster DNS servers and found this one as being a good one...I guess I should've checked it's location first. Haha!

I you have better suggestions, I'm open for it to try these also.
 

Tech9

Very Senior Member
It's your own DNS resolver connecting to root servers. No one has your entire browsing history. Once Unbound builds it's cache it's lightning fast. Run AiProtection on your Asus, gives some protection in exchange of stats data. From public filtering DNS services some folks like Quad9, OpenDNS, Cleanbrowsing, Cloudflare. There are many to choose from. My choices are different because my hardware/software is also different. I prefer to run everything in house - DNS resolver, IP/DNS filtering, intrusion detection/prevention, etc.
 

RMerlin

Asuswrt-Merlin dev
No one has your entire browsing history.
But any malicious actor can find your public IP just by having you resolve something on a DNS server which they control...

Running your own recursive resolver within your local network is not a good idea if privacy and security is what you're after.
 

Tech9

Very Senior Member
Please, explain with more details. Recursive resolver responds with cached data or sends a request to root nameservers. Dnsmasq responds with cached data or sends a request to someone else's resolver. Since I'm using pfSense with Unbound, I would like to know exactly where the privacy/security issue is.

From Unbound developers - https://www.nlnetlabs.nl/downloads/publications/privacy-analysis-of-dns-vanheugten.pdf
I see now what do you mean, but it doesn't look like there is a perfect solution.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top