WAN DNS or LAN DNS - Asus Router

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

gspannu

Regular Contributor
Query on WAN DNS Server vs LAN DNS Server.

I have tried searching the forums but could not get a clear answer; hence asking it here. This is my first ASUS router; hence maybe a NOOB question.

My setup:
  • VDSL Modem - for connection to Broadband ISP
  • ASUS RT-AX88U - as router (192.168.1.1), serving DHCP
  • A RaspBerry Pi (192.168.1.10) on latest Raspbian Buster - this is wired ethernet to the router with a static IP address. The Raspberry is running a cached recursive DNS Server (Unbound, Anonymised DNSCrypt and a few more bells whistles)
  • Client devices on wireless, and some wired up

What I wish to do:
I want all my client devices (wired, wireless) to use the Recursive DNS Server running on the Raspberry (192.168.1.10) instead of the default ISP.

Questions:
The ASUS router has 2 places for making the specific DNS Server (192.168.1.10) entry.
LAN section and WAN section.
I think I can put the DNS entry in either of the 2 locations, and it should work. However,
  1. What is the preferred location to set DNS Server (LAN section or WAN section)? Why?
  2. Any particular benefits or problems with one over the other?
Thanks.

(Long term: I will run Anonymised DNSCrypt from the ASUS router itself; as I am aware that it is possible with Merlin, Entware and some scripting, but that project is for next month)
 

ColinTaylor

Part of the Furniture
The WAN DNS is what the router uses for itself. The LAN DNS is the address(es) given out to DHCP clients.
 

ColinTaylor

Part of the Furniture
For the sake of reliability I suggest you leave the WAN DNS on automatic, or some other external DNS (like 1.1.1.1 for example) if you prefer. Then set the LAN DHCP/DNS server to 192.168.1.10.

There are some other options with Merlin's firmware but it doesn't sound like you're using that at the moment.
 

gspannu

Regular Contributor
For the sake of reliability I suggest you leave the WAN DNS on automatic, or some other external DNS (like 1.1.1.1 for example) if you prefer. Then set the LAN DHCP/DNS server to 192.168.1.10.

There are some other options with Merlin's firmware but it doesn't sound like you're using that at the moment.

If I set the DNS Server in LAN (as advised) and leave WAN automatic; then the clients requests are being serviced by the router and not by the RPi. Very strange behaviour !

1. Checking DNS Servers
% cat /etc/resolv.conf
nameserver 192.68.1.10
nameserver 192.168.1.1

2. Using nslookup (default)
% nslookup bbc.co.uk
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: bbc.co.uk
Address: 151.101.64.81


It appears that the DNS is serviced by 192.168.1.1 (i.e the router rather than the RPi); although 192.168.1.10 appears in the name servers ahead of 192.168.1.1
I also confirmed this by looking into the logs in the RPi - and no such DNS request reached the RPi. I looked at the DNSCrypt logs by enabling the query logs.


3. Using nslookup (force using the RPi)
~ % nslookup bbc.co.uk 192.168.1.10
Server: 192.168.1.10
Address: 192.168.1.10#53
Non-authoritative answer:
Name: bbc.co.uk
Address: 151.101.64.81


However, if I use nslookup and force using the 192.168.1.10, the DNS request is serviced by the RPi and there is an immediate entry in the DNSCrypt query log as well.

‹› ‹› ‹› ‹› ‹› ‹› ‹› ‹› ‹› ‹› ‹› ‹› ‹› ‹› ‹›
However, if I set the DNS Server in the WAN section; then everything always goes through the RPi.

I do like your idea that setting it in LAN section and it will be more reliable; as if the RPi was to ever fail, the DNS queries would still be executed by the router. This would definitely be the preferred method.

However, setting the DNS server setting in the LAN section does not seem to use the RPi DNS Server at all.

Any other ideas; or what I am doing wrong?
 

ColinTaylor

Part of the Furniture
1. Checking DNS Servers
% cat /etc/resolv.conf
nameserver 192.68.1.10
nameserver 192.168.1.1
It looks like you have mistyped the IP address of the Pi.

This is where Merlin's firmware is better because it has an option to not include the router's own IP address in the list of DNS servers pushed out to the DHCP clients.
 

gspannu

Regular Contributor
It looks like you have mistyped the IP address of the Pi.

This is where Merlin's firmware is better because it has an option to not include the router's own IP address in the list of DNS servers pushed out to the DHCP clients.

I can't believe what an idiot :mad: I have been... Thanks, all working now :)
 

gspannu

Regular Contributor
It looks like you have mistyped the IP address of the Pi.

This is where Merlin's firmware is better because it has an option to not include the router's own IP address in the list of DNS servers pushed out to the DHCP clients.
I intend to eventually host the Anonymous DNSCrypt on the Router itself; and will switch over to Merlin shortly....
Thanks, for your help.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top