WAN vs LAN DNS use with a VPN kicker.

[128bit]

i could use some help confirming what i've learned from an ai app.
my ax-88u pro setup:

• some clients have manually assigned (static) ip's
• lan dns fields are blank (per ai recommendation)
• wan dns is assigned to quad9.

this setup allows me to ping my lan clients by hostname. when i look at a specific lan client's stack, the router is listed as the gateway and the dns server.

since everything seems to work, can i assume that when a client sends a dns request to the router, the router forwards that request to the dns (quad9) defined in the wan fields and not my isp?

now where it gets funky is with my openvpn iot clients. i use nord and some iot cleints are directed through the vpn. not sure, but my guess is that they use nord's dns and there's no way to redirect them to quad9. mind you, using nord's dns is ok, i just want to understand how it works.

 

[ColinTaylor]

The VPN client's Settings page has its own DNS option.

 

[bennor]

now where it gets funky is with my openvpn iot clients. i use nord and some iot cleints are directed through the vpn. not sure, but my guess is that they use nord's dns and there's no way to redirect them to quad9. mind you, using nord's dns is ok, i just want to understand how it works.

Note your Router's GUI VPN > OpenVPN > Network Settings > Accept DNS Configuration setting. That may determine which DNS servers (yours or the VPN service host's) are used and in which order. You can see an explanation of the Accept DNS Configuration option by clicking on it's text. Example of the text's tool tip:

 

[128bit]

Note your Router's GUI VPN > OpenVPN > Network Settings > Accept DNS Configuration setting. That may determine which DNS servers (yours or the VPN service host's) are used and in which order. You can see an explanation of the Accept DNS Configuration option by clicking on it's text. Example of the text's tool tip:

interesting! if i'm understanding the description, in my use case, disabled equates to not using the nord dns server and likely using quad9. where as, relaxed allows for all of them, likely including my isp but in some ordered fashion. fwiw, the ai recommended "relaxed." prior to that i had strict. i'm good now.

commentary: folks, i'm truly humbled by the knowledge on snb. i started goofing around with routers post retirement just to keep the wheels turning. graduated from linksys to asus and am truly amazed with how gracious u folks are on this board! mind you, i had formal tcp/ip training and was a software engineer for what was once a fortune 1, company. with the exception of a rude encounter or 2 with an "insect" variety, this forum has been exceptional. i have to thank all of u for the global support u provide to all of us.

 

[Tech9]

this forum has been exceptional

the ai recommended

Why wasting time with AI then?

 

[128bit]

Why wasting time with AI then?

you of all people, know better! you've helped hundreds over the years from what i've seen. you're one hell of a tech! you don't even know how you've helped me, cause often times all i had to do was read your responses - quite thorough. indeed, you're one of the stars.

still, and to answer your question, knowledge is power. in my sw development world, you didn't get a lot of respect or help, if you didn't do some problem determination (pd) or research. the bots have helped broaden my perspective but while they'll be the future, some complex sw problems can put them in a loop.

. . . that's my way of getting revenge. humans still rule!

 

[Tech9]

You perhaps know AI engines are based on search engines with results aggregator. They browse SNB Forums as well. You basically get machine translation and interpretation of multiple human opinions on the subject, but often with missing context. Someone asked VPN DNS related question, someone else recommended specific settings for the specific case, the AI picked it up and offers the answer to you no matter if it's right or wrong for your specific case. So humans are the source of information. Ask humans first.

To answer your IoT question - some IoTs may refuse to work if they don't have access to specific hardcoded DNS server. Setting manually DNS servers with interception and redirection (I don't know your full configuration) may break things immediately or over time.

 

[128bit]

To answer your IoT question - some IoTs may refuse to work if they don't have access to specific hardcoded DNS server. Setting manually DNS servers with interception and redirection (I don't know your full configuration) may break things immediately or over time.

i will double check that but they seem to be working again, for the longest time, i could only get them to work in legacy mode. something happened with 3006 or i got lucky and all's well on the 2.4 where they reside. still, thanks for that.

 

[Tech9]

As far as I remember Legacy turns 2.4GHz band into B/G only. You and your neighbours don't want this. Most IoT devices are N and perhaps they don't like some other setting. This can be WPA2/3 Mixed, PMF enabled, the non-standard Broadcom Universal Beamforming, AX enabled, Airtime Fairness, etc. Multiple threads around about IoT compatibility.

 

[jksmurf]

Most IoT devices are N and perhaps they don't like some other setting. This can be WPA2/3 Mixed

@Tech9 is correct, IoT threads abound )because they’re really finicky.

My own 3-odd IoT devices (many of them Shelly Devices) work well with WPA2 only, 2.4GHz (no legacy or other changes) and SSD NOT hidden (if they fall off they happily reconnect), but there’s so many people finding so many settings (or combinations thereof) that work for them, it’s simply impossible and unrealistic to say “do this and it will work for you”.

 

[Tech9]

ASUS have FAQ for IoT compatibility. It was written with examples for Wi-Fi 6 routers, but applicable to Wi-Fi 7 models as well.

 

[bennor]

ASUS have FAQ for IoT compatibility. It was written with examples for Wi-Fi 6 routers, but applicable to Wi-Fi 7 models as well.

To that end, people can read that Asus support doc here:

[Wireless Router] How to improve compatibility of IoT device with ASUS WiFi 6(802.11 ax) router? | Official Support | ASUS Global

And there is this Asus support link for WiFi 7 (BE) routers:

[Wireless Router] IoT devices can't connect to WiFi 7 (BE) router's WiFi signal? | Official Support | ASUS Global

 

[Tech9]

The AI did not suggest reading ASUS FAQ for some reason.