What's new

Which DNS Do You Use? And other newb queries.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Luciferikass

Occasional Visitor
Hi y'all. I was referred from reddit. I am a new to merlin and not a very advanced user. I bought a AC86u and install merlin. I will eventually install diversion when I find a 2GB usb stick. I was wondering what DNS you all use? I was looking at the list at privacytools.io, and tried one of the free ones, but I am having lookup issues. Also, since I have your ear, do many of you run a VPN on your routers as well?

Thanks very much!

PS--I tried to search for DNS but the search isn't working for me.
 
Your own - with unbound.
If you're privacy-minded, that's the DNS you want to use. look for details in the Asus-Merlin AddOns subforum.
(You'll want a bigger USB drive than 2GB...4-8 is big enough, with a swap...amtm will take you where you need to go)
 
Your own - with unbound.
If you're privacy-minded, that's the DNS you want to use. look for details in the Asus-Merlin AddOns subforum.
(You'll want a bigger USB drive than 2GB...4-8 is big enough, with a swap...amtm will take you where you need to go)
Thank you very much. Will the new big drives, like 128 or 256 be total overkill or will it use it?
 
Use a small thumbdrive. 2 to 8 GB will work if you want it to. I find a swap partition to be more reliable than a swap file. I also recommend using the USB2 setting. Some say you need a monster swap to run Diversion and etc. I did run diversion for a while and a swap equal to the router RAM was good enough. But, I got too many complaints from the family about things being blocked so now I use uBlock Origin in Firefox.
AS for DNS, Cloudflare Secure (1.1.1.2, 1.0.0.2) works well for me. I had used Quad9 but the Cloudflare resolvers are closer and work as well as Quad9. I also use DNSSEC and DoT (again 1.1.1.2 and 1.0.0.2 with TLS Hostname of security.cloudflare-dns.com).
As for VPN Client, I run those on the PC if needed.
 
Thank you very much. Will the new big drives, like 128 or 256 be total overkill or will it use it?
overkill for entware/blocking/dns. you'll want to set up a swap file when the amtm/diversion process asks you, so 2Gb is a little small for the drive but 4 or 8 is plenty. 16 is even too large unless you're into saving your logs for the long term for some reason, so unless you're compelled to or are into that kind of maintenance, stay on the smaller side.
while I'm at it, let me recommend ntpMerlin as well
 
Use a small thumbdrive. 2 to 8 GB will work if you want it to. I find a swap partition to be more reliable than a swap file. I also recommend using the USB2 setting. Some say you need a monster swap to run Diversion and etc. I did run diversion for a while and a swap equal to the router RAM was good enough. But, I got too many complaints from the family about things being blocked so now I use uBlock Origin in Firefox.
AS for DNS, Cloudflare Secure (1.1.1.2, 1.0.0.2) works well for me. I had used Quad9 but the Cloudflare resolvers are closer and work as well as Quad9. I also use DNSSEC and DoT (again 1.1.1.2 and 1.0.0.2 with TLS Hostname of security.cloudflare-dns.com).
As for VPN Client, I run those on the PC if needed.
I think you missed the OP's self declaration of being a "not technically advanced newb..." lol.
They'll get there, maybe, if they need/want to, but that's a tad bit much for now - let's watch how they go, shall we? they need a little hand and maybe a nudge, not blueprints to build a Taj Mahal ;-)
 
overkill for entware/blocking/dns. you'll want to set up a swap file when the amtm/diversion process asks you, so 2Gb is a little small for the drive but 4 or 8 is plenty. 16 is even too large unless you're into saving your logs for the long term for some reason, so unless you're compelled to or are into that kind of maintenance, stay on the smaller side.
while I'm at it, let me recommend ntpMerlin as well
Cool. Thanks, I was thinking about that ntp. What about skynet? You ever try that?
 
Merlin has a list of DNS servers built-in. I use Cloudflare.

Diversion is the reason I installed Asus-Merlin. Highly effective ad-blocking transforms the internet experience.
 
OP, since you say you're very new (and to echo what ColinTaylor said) I'd suggest you start with simply setting up DNS servers on the router, not installing add-ons.
I'd recommend malware-blocking DNS (I use the Canadian Shield servers, if you're not in Canada, Quad9 and Cloudflare also have options for this).
And then to get the add blocking, use uBlock on your browser together with Disconnect and maybe add Privacy Badger.

This would be a more 'new user friendly' setup IMO. In addition, even when you add DNS based blocking, there are many services that use their own Domain for service the ad (like youtube) which can't be blocked with DNS based ad blockers effectively, so you'll still want the browser based blocking.

Good luck!
 
OP, I don't know what features you are looking for/needing but I've been using NextDNS for quite a while. Been very reliable, easy to setup, option to log and download logs if needed, good choice of blocklists for ad filtering, ability to configure different profiles if needed and some good analytics.
 
I use quad 9 on my pc, the family use the isp one with filters on, through adguard
 
My DNS Config:
- WAN side uses Quad9
- LAN side points to my dual Pihole's with OpenDNS Family Shield as upstream provider
 
Verizon FIOS DNS for my TiVo devices to get the closest Content Distribution Network (CDN)
AddGuard DNS for mosts users. Does a super job of blocking malware sites, web based adds, and tracking
Open DNS for those that need some of the "advertising" sites that are blocked by AddGuard. Superb malware blocking
 
OP, I don't know what features you are looking for/needing but I've been using NextDNS for quite a while. Been very reliable, easy to setup, option to log and download logs if needed, good choice of blocklists for ad filtering, ability to configure different profiles if needed and some good analytics.
I'm also really impressed by NextDNS. Installed on my router. Set and forget.
 
Cool. Thanks, I was thinking about that ntp. What about skynet? You ever try that?
A pleasure, and yes, SkyNet is a good firewall that compliments diversion's activities.

AMTM makes installing the scripts very easy, and they all play well with each other, BUT depending on your use case you can find yourself in fast, deep water quite easily as @ColinTaylor reminded me.

(Just out of personal curiosity, does your ISP offer native IPv6 at this point in time? Are you using it; do you have the router set to use it? A foray into DDNS/tunnelling might be a good way to lay something of a foundation for moving deeper into some of the intricacies and advanced functionalities of some of the scripts, or at the very least get a better idea of how some of this "internet stuff" works, to better understand how cool the scripts are beyond blocking ads and keeping users of your network more private from companies who collect data on you and sell it ...if you're so inclined, that is)

So IF you're feeling confident, most people wade into these waters with diversion. unbound for DNS is one to move on to IF you feel confident with editing config files...which can lead to ntpMerlin, and then SkyNet. I think a better way for you to start might be installing spdMerlin, because then you can have some baseline speeds to use for cakeQoS (if your ISP package speed is below about 300Mbps down - it's built into Merlin and with a GUI implementation) or FlexQoS, then you can set up diversion, ntpMerlin, unbound...

sorry for my rambling...hope something I've written helps
 
Any drawback (or benefit) to setting a bunch of DNS servers in the GUI? For example setting up Cloudflare secure (1&2), Quad9 (1&2), and Adguard (1&2) all for DoT...

Thanks!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top