What's new

What is the best way to configure DNS?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

CoreAI

New Around Here
So I plan to use Cloudflare DNS : 1.1.1.1 as the DNS for my router in router mode. However I can see 3 places I can do that. I use PPPoE and there is a way to set DNS in the WAN section by selecting 'no' in automatically getting DNS. The other option is in the DHCP server section under Lan. And lastly you could set DNS filter in the DNSFilter section under LAN. I have an AC68U and a Ubiquiti EdgeRouterX. On the Edgerouter X the setting the nameserver gives me best performance wheras using the DNS field in the DHCP server gives me the worst performance and even had issues sometimes. On the AC68U setting DNS in the DNS filter section seems to perform slightly better for me than in the WAN section. What is the best and fastest (performance) way to do this ? My ISP DNS are terrible.
 
So I plan to use Cloudflare DNS : 1.1.1.1 as the DNS for my router in router mode. However I can see 3 places I can do that. I use PPPoE and there is a way to set DNS in the WAN section by selecting 'no' in automatically getting DNS. The other option is in the DHCP server section under Lan. And lastly you could set DNS filter in the DNSFilter section under LAN. I have an AC68U and a Ubiquiti EdgeRouterX. On the Edgerouter X the setting the nameserver gives me best performance wheras using the DNS field in the DHCP server gives me the worst performance and even had issues sometimes. On the AC68U setting DNS in the DNS filter section seems to perform slightly better for me than in the WAN section. What is the best and fastest (performance) way to do this ? My ISP DNS are terrible.

I am using the latest Merlin 384.7_2
 
I am using the latest Merlin 384.7_2

What I did, your mileage may vary:

Wan:
Connect dns auto = no
Enter your Cloudflare servers @ dns1 & dns2

LAN dhcp:
Dnssec = yes
Dnssec strict = yes
DNS rebind = yes

DNS filter:
= on
Global filter mode = router
Leave dns fields blank.

Works for me.
 
What I did, your mileage may vary:

Wan:
Connect dns auto = no
Enter your Cloudflare servers @ dns1 & dns2

LAN dhcp:
Dnssec = yes
Dnssec strict = yes
DNS rebind = yes

DNS filter:
= on
Global filter mode = router
Leave dns fields blank.

Works for me.

Hmm ... the difference I see between the two routers (connected via ethernet) is that page loads are instantaneous on the ERX with cloudflare but comparitively on the AC68U there is a small pause before loading webpages. I want to know if I am doing something that is not using hwnat on the AC68U with custom DNS and if that is the difference. Otherwise I am completely aware of different hardware capabilities of both which is obvious. If I can get the AC68U to perform the same then I don't have to use both the devices.
 
So I plan to use Cloudflare DNS : 1.1.1.1 as the DNS for my router in router mode. However I can see 3 places I can do that. I use PPPoE and there is a way to set DNS in the WAN section by selecting 'no' in automatically getting DNS. The other option is in the DHCP server section under Lan. And lastly you could set DNS filter in the DNSFilter section under LAN. I have an AC68U and a Ubiquiti EdgeRouterX. On the Edgerouter X the setting the nameserver gives me best performance wheras using the DNS field in the DHCP server gives me the worst performance and even had issues sometimes. On the AC68U setting DNS in the DNS filter section seems to perform slightly better for me than in the WAN section. What is the best and fastest (performance) way to do this ? My ISP DNS are terrible.

Also in the sysinfo tab under 'tools' the wan port shows VLAN as 2 and then 'last seen device' has a bunch of Mac Addresses that are changing within a second or two. Are these the Mac Addresses connected to my ISPs of other customers ? Sounds like a security issue. The Macs belong to devices like TPLink Huawei Dell etc which sound like customer devices.
 
Also in the sysinfo tab under 'tools' the wan port shows VLAN as 2 and then 'last seen device' has a bunch of Mac Addresses that are changing within a second or two. Are these the Mac Addresses connected to my ISPs of other customers ? Sounds like a security issue. The Macs belong to devices like TPLink Huawei Dell etc which sound like customer devices.


Try turning on your AiProtect, (if not already on) & doing a router security assessment > scan.
Fix anything that needs fixing, that should eliminate at least some possibilities?

(If you needed to amend anything, reboot the router when done).
 
Last edited:
What is the purpose of these settings?
Setting global filter to router will make sure all dns requests go through the router. Even if the device is hard coded to use something else as dns. ;):)
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top