What's new
By:

Use router as (external) DNS server

Shira

Shira

Occasional Visitor
I have an RT-AC68U with Merlin and Diversion installed, is there any way I can use the router as a DNS server for other devices outside of my LAN? (i.e mobile phone on data)
 
Why couldn't you just port forward 53 to the RT-68U and set your clients' DNS servers to your WAN IP?
 
ColinTaylor said:
Because running a publicly accessible DNS server would be a magnet for bots/people wanting to abuse it. e.g. DNS amplification attacks. Same reason you don't host a publicly accessible email server.
Click to expand...
I agree it's a bad idea. It's not as difficult as it might sound to set up a VPN server and keep your mobile devices connected to the LAN via VPN at all times. That's how I operate.
 
sbsnb said:
I agree it's a bad idea. It's not as difficult as it might sound to set up a VPN server and keep your mobile devices connected to the LAN via VPN at all times. That's how I operate.
Click to expand...

I tried that but Diversion doesn't seem to work through VPN.
 
Two things:

1. Is your VPN server advertising your router as the DNS server for clients to use?
sSurmh9.png


2. Are your VPN clients are using the DNS server advertised by your VPN server (which should be the same as regular LAN clients use)?
 
https://www.aaflalo.me/2019/03/dns-over-tls/ there are instructions to setup your own DNS server, but you would have to adapt it to your setup ALOT, and you would have to have the skills and know how to do it. It is not something as simple as forwarding a port and exposing your connection to attack.

VPN is the better option, Let the DNS server gurus be the dns server gurus, while you be the regular home user is usually the better option.
 
Just reading about DNS amplification attacks. Is it safe to assume that Merlin default settings would not expose our routers to such an attack?
I did the dig test outlined on this page: http://openresolver.com/ using the WAN IP of my router and got
";; connection timed out; no servers could be reached"
so I guess I'm okay?
 
You must log in or register to reply here.

Similar threads

D
Solved Device not respecting DNS Director or (Yaz)DHCP Server settings
Replies
11
Views
668
bennor
B
NonAlex
Solved Local DHCPv6/DNS6 server, similar to DHCP/DNS for IPv4
Replies
11
Views
1K
NonAlex
NonAlex
128bit
WAN vs LAN DNS use with a VPN kicker.
Replies
12
Views
732
Tech9
Tech9
M
VPN Server - Advertise DNS to Clients not Working
Replies
1
Views
435
ColinTaylor
C
F
Unable to set a fixed dns entry for a particular client because router IPV6 address is always added as first dns choice
Replies
6
Views
1K
fededim
F
Similar threads
Thread starter Title Forum Replies Date
A DNS Director not properly redirecting DNS traffic to router Asuswrt-Merlin 18
L group key rotation every hour on one router not the other? Asuswrt-Merlin 12
R New software update Display of Asus software in the RT-BE88U router Asuswrt-Merlin 11
RMerlin My two router nurseries (November 2025) Asuswrt-Merlin 26
J Missing IP Address in System Log, Wireless Log for a Device attached to Primary Router, with a Static IP? Asuswrt-Merlin 4
L bug in 3006.105.0 newly configured gt-axe16000 dns not working on router in ap mode/static ip Asuswrt-Merlin 1
pedeb04 AX86U Pro Problem logging into router Asuswrt-Merlin 3
L i have a public ip block with dns names but when set domain router does not resolve them Asuswrt-Merlin 1
L strange problem router not passing packets when connect via secondary access points Asuswrt-Merlin 2
Shazb0t OpenVPN Wi-Fi 7 Router Recommendation Asuswrt-Merlin 24

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,798 (members: 15, guests: 2,783)
Back
Top