Joined: 16 Nov 2015 Posts: 4166 Location: UK, London, just across the river..
Posted: Sat Feb 20, 2021 14:22 Post subject:
in general DNSmasq uses those specified in the x3 boxes..but better way to make them work is in strict order, so if the first fails than next one is queried...
Per Yngve Berg wrote:
smart dns do query all servers and return the best answer.
and because of that it's not a good practice to use mixed DNS resolvers with packet filtering/ad-blocking and without...as they will concurrent each other...
Best practice if you use just DNSmasq, is to put them in advanced DNSmasq config box...
Do in mind if you select strict order, the last becomes first...
Other ways to use DNS enhanced services are, via Unbound, Stubby, DNScrypt or SmartDNS via jffs..
for few of those you can check red and the green links in my signature and for SmartDNS and Unbound there are good dedicated threads in the forum, check them too..
Best bet is DNScrypt via entware, than SmartDNS via jffs, Unbound and Stubby via entware...Stubby is the lightest option and works on most of the routers...as well SmartDNS embedded option or full version via jffs ...all those above offer encrypted DNS services and more versatile DNS handling... _________________ Atheros
TP-Link WR740Nv1 -----DD-WRT 45711 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 45820 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 45711 BS AP,NAT,AD/Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -----DD-WRT 45735 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -----DD-WRT 45735 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
-----------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Sat Feb 20, 2021 18:32; edited 1 time in total
By default, it will initially query *all* available servers and determine which is fastest, making it the preferred server. From time to time, at its own discretion, it may reevaluate all the available servers and perhaps change the preferred server.
One way to prevent the above is to specify strict-order, which as its name implies, will try the servers in order. If the current server responds (whether the name resolves or NOT), the process stops. The only way any other server is accessed is if the prior server literally can't be reached (I know that surprises some ppl; they mistakenly believe that a "not found" condition will result in DNSMasq accessing additional servers, but it won't).
Finally, there's the all-servers directive, which accesses *all* available servers w/ each query. Whichever server returns a valid response first is the one reported back to the client (again, including "not found"). As you might imagine, this isn't used all that often given the additional overhead. But at least in theory, you're always getting the fastest response possible from DNS. _________________ ddwrt-ovpn-split-basic.sh ddwrt-ovpn-split-advanced.sh ddwrt-ovpn-remote-access.sh ddwrt-ovpn-client-backup.sh ddwrt-mount-usb-drives.sh
