Posted: Sun Nov 04, 2018 11:33 Post subject: How to change ISP DNS servers to Quad9 in DD-WRT
I am using v3.0-r36070M on my R7000 and would like to change the DNS servers from the ISP defaults to Quad9. I went to Setup>Basic Setup and scrolled down to "Static DNS 1" where I changed the 0.0.0.0 to 9.9.9.9. After applying, I tested with https://www.dnsleaktest.com but found that I was still using the ISP's DNS servers. What am I doing wrong? Thanks.
Joined: 16 Nov 2015 Posts: 6440 Location: UK, London, just across the river..
Posted: Sun Nov 04, 2018 13:52 Post subject:
ok follow those rules
add 3 entries to static DNS
9.9.9.9
149.112.112.9
149.112.112.112
than use force DNS redirection on set up page
so no other DNS servers will be permitted only your selected and all the client devices will use only those
then go to services and select
use DNSmasq
Local DNS
No DNS Rebind
Query DNS in Strict Order
I don't think so. it will probably combine this two files.
From Man page of Dnsmasq:
Quote:
-r, --resolv-file=<file>
Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. For the format of this file see resolv.conf(5). The only lines relevant to dnsmasq are nameserver ones. Dnsmasq can be told to poll more than one resolv.conf file, the first file name specified overrides the default, subsequent ones add to the list. This is only allowed when polling; the file with the currently latest modification time is the one used.
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Tue Nov 06, 2018 10:14 Post subject:
@grc is absolutely right in his assessment (as far as my knowledge goes )
IF you want to stick to using resolve.dsnmasq (I am doing exactly as @grc use no-resolv, server=xxx, in additional options)you can also try the following to rewrite it, add to Commands/Startup:
Joined: 16 Nov 2015 Posts: 6440 Location: UK, London, just across the river..
Posted: Tue Nov 06, 2018 11:05 Post subject:
you don't need this code it just another messy thing
just use no-resolv, server=xxx its fair enough
the only shait i see is if i use FFx with quad9 via DoH, or my other routers with DNScrypt
it works great and secure using DoH and tls 1.2/1.3 or DNScrypt...
but if i use Chrome it only uses my routers DNS resolver and its settings...but on the low level
units its less secure no DNSSEC validation is performed on router level only on DNS resolver level and Chrome does not provide DoH yet...if Chrome implements DoH than i might get back to it...i also wish at least my TP-Link WR1043ND v2 could support DNSSEC on router level _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913