Joined: 16 Oct 2010
|Posted: Fri Jan 25, 2019 15:04 Post subject: How do I configure Cloudflare DNS (184.108.40.206) on DD-WRT?
|I am currently on a mesh wifi network made up of five Netgear WNDR 3300 routers and one WNDR 3700 router. The 3700 is my main router connected to the cable modem. The firmware is DD-WRT v24-sp2 (05/27/13) mini (SVN revision 21676).
I wanted to setup cloudflare DNS service on the main router. The instructions on their website ask to update the DNS address to 220.127.116.11 - I did that under Setup > Basic Setup > Network Address Server Settings (DHCP) > Static DNS 1 (also changed Static DNS 2 to 18.104.22.168 (which was also recommended)).
According to most sources, this should change the DNS of all devices. But whenever I try to test it on a Windows 10 command prompt via ipconfig /all - it shows DNS address to be 192.168.1.1 (router's ip address).
This brings a few questions to my mind:
1. I am pretty sure I don't need to update anything on the routers working as extenders for the WiFi network - but may be I do?
2. Is it possible that the router is using the cloudflare service but Windows is not showing the router's DNS address but a generic address for the router? In that case, how can I verify that it is indeed using cloudflare?
3. Or may be it didn't work, and I need to change some other setting?
I did not notice any change in the speed after changing the DNS address, but it might be because it's really not noticeable.
I am reluctant to use any scripts due to my unfamiliarity with them and also because I will be moving out of this location soon and will probably get a new router so it isn't worth it investing time in perfecting my current setup.
Joined: 04 Aug 2018
Location: Appalachian mountains, USA
|Posted: Mon Feb 04, 2019 16:09 Post subject:
|Seeing 192.168.1.1 is entirely proper. Your Windows system queries the router at that address, and the router queries Cloudflare.
To check whether you are actually using Cloudflare, the only way I know is to visit ipleak.net (or dnsleaktest.com), look for the IPv4 DNS-server addresses it shows, and compare them to the IPv4 IP-address ranges shown in https://www.cloudflare.com/ips/ in CIDR notation. (The CIDR concept: CIDR range 22.214.171.124/22 means translate the four numbers before the slash to eight-bit binary and take the first 22 bits of the 32 as required and the rest as wild cards. Plenty of googlable tutorials online.) If you are also using IPv6 in your router (its disabled in mine, per NordVPN's OpenVPN config instructions), you'll also have to sort out the funky IPv6 notation. More googling. If you do have IPv6 enabled, you are definitely out of my league, but you might need to also enter Cloudflare DNS info for IPv6. I came across this, fwiw: https://www.tomsguide.com/us/cloudflare-dns-126.96.36.199-set-up,news-26964.html.
I have no clue whether dd-wrt mini is maxi enough to support DNSCrypt, but if it is and you want to use DNSCrypt to interact with Cloudflare's DNS servers to get some extra spoofing protection, that can most likely be done the in the same way I set up Quad9 with DNSCrypt on my router. See https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318094 (my second post in that thread) and take a look in the Background and References section at the end. You should be able to copy the "stamp" for Cloudflare from the "master dnscrypt server list" cited there and paste it into the stamp decoding tool cited further down in that paragraph to get the parameters you need for the dnscrypt-proxy command line.
And if dd-wrt mini is too mini for that maxi approach, file under "things to think about for the next main-router upgrade someday"!
Good luck with this and the dd-wrt learning curve in general. It can be quite a project to come up on all the angles involved in getting the setup you really want.
Six of the Linksys WRT1900ACSv2 on r38159 (solid), r39144 (very solid), r40009 (solid), and r40784 (trying out). On various:
VLANs, client-mode travel router, two DNSCrypt servers (incl Quad9), multiple VAPs, USB/NAS, QoS, OpenVPN client/PBR (random NordVPN server).