Which DNS Do You Use? And other newb queries.

Luciferikass

Occasional Visitor
Hi y'all. I was referred from reddit. I am a new to merlin and not a very advanced user. I bought a AC86u and install merlin. I will eventually install diversion when I find a 2GB usb stick. I was wondering what DNS you all use? I was looking at the list at privacytools.io, and tried one of the free ones, but I am having lookup issues. Also, since I have your ear, do many of you run a VPN on your routers as well?

Thanks very much!

PS--I tried to search for DNS but the search isn't working for me.
 

heysoundude

Part of the Furniture
Your own - with unbound.
If you're privacy-minded, that's the DNS you want to use. look for details in the Asus-Merlin AddOns subforum.
(You'll want a bigger USB drive than 2GB...4-8 is big enough, with a swap...amtm will take you where you need to go)
 

Luciferikass

Occasional Visitor
Your own - with unbound.
If you're privacy-minded, that's the DNS you want to use. look for details in the Asus-Merlin AddOns subforum.
(You'll want a bigger USB drive than 2GB...4-8 is big enough, with a swap...amtm will take you where you need to go)
Thank you very much. Will the new big drives, like 128 or 256 be total overkill or will it use it?
 

bbunge

Part of the Furniture
Use a small thumbdrive. 2 to 8 GB will work if you want it to. I find a swap partition to be more reliable than a swap file. I also recommend using the USB2 setting. Some say you need a monster swap to run Diversion and etc. I did run diversion for a while and a swap equal to the router RAM was good enough. But, I got too many complaints from the family about things being blocked so now I use uBlock Origin in Firefox.
AS for DNS, Cloudflare Secure (1.1.1.2, 1.0.0.2) works well for me. I had used Quad9 but the Cloudflare resolvers are closer and work as well as Quad9. I also use DNSSEC and DoT (again 1.1.1.2 and 1.0.0.2 with TLS Hostname of security.cloudflare-dns.com).
As for VPN Client, I run those on the PC if needed.
 

heysoundude

Part of the Furniture
Thank you very much. Will the new big drives, like 128 or 256 be total overkill or will it use it?
overkill for entware/blocking/dns. you'll want to set up a swap file when the amtm/diversion process asks you, so 2Gb is a little small for the drive but 4 or 8 is plenty. 16 is even too large unless you're into saving your logs for the long term for some reason, so unless you're compelled to or are into that kind of maintenance, stay on the smaller side.
while I'm at it, let me recommend ntpMerlin as well
 

heysoundude

Part of the Furniture
Use a small thumbdrive. 2 to 8 GB will work if you want it to. I find a swap partition to be more reliable than a swap file. I also recommend using the USB2 setting. Some say you need a monster swap to run Diversion and etc. I did run diversion for a while and a swap equal to the router RAM was good enough. But, I got too many complaints from the family about things being blocked so now I use uBlock Origin in Firefox.
AS for DNS, Cloudflare Secure (1.1.1.2, 1.0.0.2) works well for me. I had used Quad9 but the Cloudflare resolvers are closer and work as well as Quad9. I also use DNSSEC and DoT (again 1.1.1.2 and 1.0.0.2 with TLS Hostname of security.cloudflare-dns.com).
As for VPN Client, I run those on the PC if needed.
I think you missed the OP's self declaration of being a "not technically advanced newb..." lol.
They'll get there, maybe, if they need/want to, but that's a tad bit much for now - let's watch how they go, shall we? they need a little hand and maybe a nudge, not blueprints to build a Taj Mahal ;-)
 

Luciferikass

Occasional Visitor
overkill for entware/blocking/dns. you'll want to set up a swap file when the amtm/diversion process asks you, so 2Gb is a little small for the drive but 4 or 8 is plenty. 16 is even too large unless you're into saving your logs for the long term for some reason, so unless you're compelled to or are into that kind of maintenance, stay on the smaller side.
while I'm at it, let me recommend ntpMerlin as well
Cool. Thanks, I was thinking about that ntp. What about skynet? You ever try that?
 

ColinTaylor

Part of the Furniture
I think you missed the OP's self declaration of being a "not technically advanced newb..." lol.
In which case I'd suggest that in the first instance the OP doesn't install any add-on scripts (like Unbound or Diversion). He can just stick to the DNS options available in the GUI as @bbunge suggested.
 

noah way

Regular Contributor
Merlin has a list of DNS servers built-in. I use Cloudflare.

Diversion is the reason I installed Asus-Merlin. Highly effective ad-blocking transforms the internet experience.
 

cptnoblivious

Senior Member
OP, since you say you're very new (and to echo what ColinTaylor said) I'd suggest you start with simply setting up DNS servers on the router, not installing add-ons.
I'd recommend malware-blocking DNS (I use the Canadian Shield servers, if you're not in Canada, Quad9 and Cloudflare also have options for this).
And then to get the add blocking, use uBlock on your browser together with Disconnect and maybe add Privacy Badger.

This would be a more 'new user friendly' setup IMO. In addition, even when you add DNS based blocking, there are many services that use their own Domain for service the ad (like youtube) which can't be blocked with DNS based ad blockers effectively, so you'll still want the browser based blocking.

Good luck!
 

fryedchikin

Occasional Visitor
OP, I don't know what features you are looking for/needing but I've been using NextDNS for quite a while. Been very reliable, easy to setup, option to log and download logs if needed, good choice of blocklists for ad filtering, ability to configure different profiles if needed and some good analytics.
 

BreakingDad

Very Senior Member
I use quad 9 on my pc, the family use the isp one with filters on, through adguard
 

shabbs

Very Senior Member
My DNS Config:
- WAN side uses Quad9
- LAN side points to my dual Pihole's with OpenDNS Family Shield as upstream provider
 

Morris

Very Senior Member
Verizon FIOS DNS for my TiVo devices to get the closest Content Distribution Network (CDN)
AddGuard DNS for mosts users. Does a super job of blocking malware sites, web based adds, and tracking
Open DNS for those that need some of the "advertising" sites that are blocked by AddGuard. Superb malware blocking
 

jata

Senior Member
OP, I don't know what features you are looking for/needing but I've been using NextDNS for quite a while. Been very reliable, easy to setup, option to log and download logs if needed, good choice of blocklists for ad filtering, ability to configure different profiles if needed and some good analytics.
I'm also really impressed by NextDNS. Installed on my router. Set and forget.
 

heysoundude

Part of the Furniture
Cool. Thanks, I was thinking about that ntp. What about skynet? You ever try that?
A pleasure, and yes, SkyNet is a good firewall that compliments diversion's activities.

AMTM makes installing the scripts very easy, and they all play well with each other, BUT depending on your use case you can find yourself in fast, deep water quite easily as @ColinTaylor reminded me.

(Just out of personal curiosity, does your ISP offer native IPv6 at this point in time? Are you using it; do you have the router set to use it? A foray into DDNS/tunnelling might be a good way to lay something of a foundation for moving deeper into some of the intricacies and advanced functionalities of some of the scripts, or at the very least get a better idea of how some of this "internet stuff" works, to better understand how cool the scripts are beyond blocking ads and keeping users of your network more private from companies who collect data on you and sell it ...if you're so inclined, that is)

So IF you're feeling confident, most people wade into these waters with diversion. unbound for DNS is one to move on to IF you feel confident with editing config files...which can lead to ntpMerlin, and then SkyNet. I think a better way for you to start might be installing spdMerlin, because then you can have some baseline speeds to use for cakeQoS (if your ISP package speed is below about 300Mbps down - it's built into Merlin and with a GUI implementation) or FlexQoS, then you can set up diversion, ntpMerlin, unbound...

sorry for my rambling...hope something I've written helps
 

redsandvb

Occasional Visitor
Any drawback (or benefit) to setting a bunch of DNS servers in the GUI? For example setting up Cloudflare secure (1&2), Quad9 (1&2), and Adguard (1&2) all for DoT...

Thanks!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top