WAN DNS question

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Rama

New Around Here
Hi networking noob here running Asus Merlin on ac-86u router and also homeassitant on Rpi4 with adguard add-on. I don't understand the difference between all the different DNS server options and was hoping someone can help me. How does the WAN DNS server setting differ from the upstream DNS server set in the adguard settings menu? Whenever I change the WAN DNS to anything other than Google (8.8.8.8) my internet becomes so slow and unreliable but I was under the impression that all the clients were using adguard home as a DNS server so don't understand why this is happening. Also to complicate things, I was required to set a static external DNS server on the Rpi 4 as part of the adguard add-on installation on hassio. How does this differ from the other DNS server settings? Sorry if my question is basic but I'm horribly confused by it all and was hoping someone could help clear the fog. TIA
 

Crimliar

Occasional Visitor
Okay, so I prefer PiHole (with Unbound), but I can probably point you in the right direction on a few things.

Router: WAN>Internet Connection>WAN DNS setting
The DNS the router uses for itself.

Router: LAN>DHCP Server DNS and WINS Server Setting>DNS server 1 & DNS server 2
The target DNS server addresses handed to LAN clients by DHCP, which clients then contact directly. If both of these are empty then LAN clients are issued with the LAN address of the router, causing them to query the router, which then queries the DNS servers in it's WAN settings (ie chained - but all DNS is anyway).

AdGuard Home Upstream DNS:
AdGuard will not use the DNS query end target provided by the router, but instead asks you to select which you wish to use directly.

So once you have AdGuard set up and pointing to the DNS servers you want it to query you then change the LAN settings on the router so that when a local DHCP request is received by the router, it instructs your clients to directly send their DNS queries to AdGuard on the Rpi. AdGuard on the Rpi then queries it's targetted DNS servers, before filtering and sending the result back to your local client devices.

If everything is properly set up with the router LAN DNS settings pointing to the Rpi, the WAN DNS settings should never be coming into play for your clients

In the AdGuard upstream DNS settings the difference between using Google, Cloudflare, Quad9, or an ISP provided DNS should be imperceptible, and should not be causing any errors.

*If nothing else, the roasting I'll get for this explanation should get some additional replies!
 

bennor

Senior Member
Crimliar post pretty much nailed it for a simple/simplistic explanation.

Generally, if one is using the Asus-Merlin router for DHCP assignments and one has input the DNS/Ad Filtering Raspberry Pi IP Address into the DNS Server 1 (and 2) field(s) on the LAN > DHCP Server > DNS and WINS Server Settings section AND this is the important part - one sets Advertise router's IP in addition to user-specified DNS to No in that section, the LAN clients should only use the DNS values from the DNS Server fields. If one does not set Advertise router's IP in addition to user-specified DNS setting to No, what happens is LAN clients will include the router itself as a DNS server which can bypass the user specified DNS Server field servers. This means LAN client requests can potentially go through the WAN DNS Servers bypassing any ad filtering one is attempting to perform by using local DNS ad filtering programs/servers.

Generally it is not advisable to enter or use any local network DNS Servers into the Asus-Merlin WAN DNS server fields. Doing so may create a feedback DNS request loop that can potentially flood the network with requests there by rendering the network unstable and unusable. Generally one would use public DNS servers or their ISP DNS servers in the WAN DNS server fields.
 

Xrsenal

Senior Member
Okay, so I prefer PiHole (with Unbound), but I can probably point you in the right direction on a few things.

Router: WAN>Internet Connection>WAN DNS setting
The DNS the router uses for itself.

Router: LAN>DHCP Server DNS and WINS Server Setting>DNS server 1 & DNS server 2
The target DNS server addresses handed to LAN clients by DHCP, which clients then contact directly. If both of these are empty then LAN clients are issued with the LAN address of the router, causing them to query the router, which then queries the DNS servers in it's WAN settings (ie chained - but all DNS is anyway).

AdGuard Home Upstream DNS:
AdGuard will not use the DNS query end target provided by the router, but instead asks you to select which you wish to use directly.

So once you have AdGuard set up and pointing to the DNS servers you want it to query you then change the LAN settings on the router so that when a local DHCP request is received by the router, it instructs your clients to directly send their DNS queries to AdGuard on the Rpi. AdGuard on the Rpi then queries it's targetted DNS servers, before filtering and sending the result back to your local client devices.

If everything is properly set up with the router LAN DNS settings pointing to the Rpi, the WAN DNS settings should never be coming into play for your clients

In the AdGuard upstream DNS settings the difference between using Google, Cloudflare, Quad9, or an ISP provided DNS should be imperceptible, and should not be causing any errors.

*If nothing else, the roasting I'll get for this explanation should get some additional replies!
As far as gaming goes, what would be the most effective / fastest query for dns settings for asus?

would it be, wan, lan and Input dns In device?

or wan only?
 

Crimliar

Occasional Visitor
DNS has an extremely low impact on gaming. It's used to take a text web address and convert that address into a four-byte IPv4 or sixteen byte IPv6 address (that's the basics). But if you are just accessing data from the same site, you'll not be constantly making the same DNS query request for every single data packet.

So, I use Pi-Hole as an advert filter, and unbound because I'm a geek and my ISP (Vodafone UK) has flakey DNS servers!
 
Last edited:

Crimliar

Occasional Visitor
As far as gaming goes there is nothing in it! For simplicities sake, I'd leave the LAN DNS settings blank which will mean the router will advertise itself as the DNS server to clients and it'll then submit client requests to the DNS servers it uses (also caching the results) for itself.

*The exception to this basic set-up would be if you are in a country such as the UK, and are using xDSL that relies on a LLU (Local Loop unbundling) connection. In that circumstance, it can be beneficial to set your WAN DNS to those provided by the ISP, and then use a different DNS (Google, Cloudflare, Quad9, whatever works for you) on the LAN>DHCP page.

**Beyond that, I'd then start looking at Diversion, Pi-Hole, Adguard, and possibly Unbound!
 

Xrsenal

Senior Member
As far as gaming goes there is nothing in it! For simplicities sake, I'd leave the LAN DNS settings blank which will mean the router will advertise itself as the DNS server to clients and it'll then submit client requests to the DNS servers it uses (also caching the results) for itself.

*The exception to this basic set-up would be if you are in a country such as the UK, and are using xDSL that relies on a LLU (Local Loop unbundling) connection. In that circumstance, it can be beneficial to set your WAN DNS to those provided by the ISP, and then use a different DNS (Google, Cloudflare, Quad9, whatever works for you) on the LAN>DHCP page.

**Beyond that, I'd then start looking at Diversion, Pi-Hole, Adguard, and possibly Unbound!
Should I leave “Advertise Routers IP in addition to user specified DNS” Enabled or disabled..? Any why ;)
 

dave14305

Part of the Furniture
Should I leave “Advertise Routers IP in addition to user specified DNS” Enabled or disabled..? Any why ;)
It has no effect unless you’ve specified either of the LAN DNS fields. Note the phrase “in addition to user specified DNS.” If you didn’t specify the DNS, there is nothing to do.
 

Xrsenal

Senior Member
It has no effect unless you’ve specified either of the LAN DNS fields. Note the phrase “in addition to user specified DNS.” If you didn’t specify the DNS, there is nothing to do.
Got it ; as far as local domain queries to upstream , does that do anything?
 

Crimliar

Occasional Visitor
A good place to start is: If you move your cursor over the text to the left of the selection, and a pointer with a question mark comes up, you can click and it'll give you more info.

In this case, unless there is a DNS server within your organization that takes local device names and converts them to IP addresses you really want this set to no. On a normal network, you will not be submitting DNS requests for device names that don't exist, so you should be safe. But it is still safer not to send out requests to internet DNS servers for local devices as it exposes your device names, and potentially opens up the possibility of you receiving IP addresses of external devices and the (slim) chance of data sent being used maliciously.

Also, regarding gaming, speeding up your DNS requests is really going to have a very minimal benefit. When you connect to a game server, you are not constantly making DNS requests for the same server information. Your game queries the DNS server, gets the server IP address and connects to the server using that IP (and a couple of other bits of info), and then stays connected to that server, multiple DNS queries are simply not required!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top