Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
Posted: Sat Feb 20, 2021 14:22 Post subject:
in general DNSmasq uses those specified in the x3 boxes..but better way to make them work is in strict order, so if the first fails than next one is queried...
Per Yngve Berg wrote:
smart dns do query all servers and return the best answer.
and because of that it's not a good practice to use mixed DNS resolvers with packet filtering/ad-blocking and without...as they will concurrent each other...
Best practice if you use just DNSmasq, is to put them in advanced DNSmasq config box...
Do keep in mind if you select strict order, the last becomes first...
Other ways to use DNS enhanced services are, via Unbound, Stubby, DNScrypt or SmartDNS via jffs..
for few of those you can check red and the green links in my signature and for SmartDNS and Unbound there are good dedicated threads in the forum, check them too..
Best bet is DNScrypt via entware, than SmartDNS via jffs, Unbound and Stubby via entware...Stubby is the lightest option and works on most of the routers...as well SmartDNS embedded option or full version via jffs ...all those above offer encrypted DNS services and more versatile DNS handling... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Sat Feb 20, 2021 18:32; edited 1 time in total
By default, it will initially query *all* available servers and determine which is fastest, making it the preferred server. From time to time, at its own discretion, it may reevaluate all the available servers and perhaps change the preferred server.
One way to prevent the above is to specify strict-order, which as its name implies, will try the servers in order. If the current server responds (whether the name resolves or NOT), the process stops. The only way any other server is accessed is if the prior server literally can't be reached (I know that surprises some ppl; they mistakenly believe that a "not found" condition will result in DNSMasq accessing additional servers, but it won't).