Posted: Fri Aug 26, 2022 18:26 Post subject: [Solved] WAN Setup
Just a question regarding the setting: Ignore WAN DNS
I'm assuming that this literally means ignore the ISP provide DNS servers. Currently they are tagged on as the 4th and 5th choices since I've selected 3 other servers elsewhere in the setup.
Is there any advantage to selecting the Ignore WAN DNS?
There is another setting "Search in strict order" I've enabled which I assume means the DNS servers I've selected will be searched for in the order I entered them. Thus, only if the first three are unreachable will the 4th and 5th be consulted.
Just making sure I understand what I see. _________________ ARCHER-C7v5 | v3.0-r55460 std | AP Gateway
WNDR4000|v24-52189_NEWD-2_K3.x_mega|Inactive Spare
Last edited by jbkt23 on Sun Aug 28, 2022 22:33; edited 1 time in total
Joined: 12 Dec 2007 Posts: 782 Location: Pittsburgh, PA USA
Posted: Fri Aug 26, 2022 19:33 Post subject:
For years I had OpenDNS servers configured and paid for the subscription so I could use the family filters. Did this after my then 7-year-old daughter was researching birds for a school project and "found something weird" when searching for "blue footed boobies." Ignore WAN DNS was important in that setup because without it, there was a 40% chance (2/5) that it would use my ISP DNS and bypass the filters. _________________ __________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
Just keep in mind that whoever your DNS provider is will know your browsing history. If you are comfortable with you ISP knowing this then, fine. If not, then turn the block on. Note, many people do not trust their ISPs and are concerned about them selling surfing data. _________________ Netgear XR500 - Gateway
R6700 v3 - Station Bridge
ISPs also use their DNS to impose bandwidth limits
Since they control the pipe how would the fact that I use or not use their dns servers aid them further in bandwidth limits?
I'm not seeing this in my usage. My thoughts in using a dns server outside my ISP was more to do with the the thinking that the ISP's server would be handling more connections than a server that you have to make an effort to select thus being more responsive. But from the other prior responses I may not be getting exclusive use of my primary dns selection and not reaping the benefits. _________________ ARCHER-C7v5 | v3.0-r55460 std | AP Gateway
WNDR4000|v24-52189_NEWD-2_K3.x_mega|Inactive Spare
Joined: 05 Oct 2008 Posts: 666 Location: Helsinki, Finland / nr. Alkmaar, Netherlands
Posted: Sat Aug 27, 2022 8:58 Post subject:
strange wrote:
Just keep in mind that whoever your DNS provider is will know your browsing history. If you are comfortable with you ISP knowing this then, fine. If not, then turn the block on. Note, many people do not trust their ISPs and are concerned about them selling surfing data.
It is my understanding that if you use Unbound, only the final authoritative DNS server of the site you're looking for gets to know the full web address.
I've been using a Raspberry Pi on my LAN to provide Unbound (and PiHole), but I remember seeing mention of Unbound in connection with dd-wrt f/w, too, although I cannot find it in the GUI now.
In one location I use a Raspberry Pi 4 (and added Wireguard for VPN access) and in another location a Raspberry Pi Zero 1.3 with an USB hub with Ethernet adapter. The Pi Zero has a UPS 'HAT' (PiVoyager with small LiPo battery) because there are long times without human presence in that location and sometimes blackouts.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sat Aug 27, 2022 9:20 Post subject:
Yes but that was not the question, the question was should you Enable Ignore WAN DNS.
The general idea is unless you really trust your ISP you should Enable it.
Of course you can secure your DNS even further, which is not a bad idea (Smart DNS with DoT/DoH, Unbound, Stubby, DNScrypt etc.) and then it does not matter what you have set for upstream DNS resolvers as that is usually overridden.
Is this because it doesn't work or that the heuristics of the search picks the first dns server to reply?
Is the dns server locked in on router startup or is it searched for on every client query? _________________ ARCHER-C7v5 | v3.0-r55460 std | AP Gateway
WNDR4000|v24-52189_NEWD-2_K3.x_mega|Inactive Spare
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sat Aug 27, 2022 11:33 Post subject:
Some people think that it always use the first DNS server and only if that is not available then proceed to use the second but that is not the case.
As speed is important a DNS server is flagged unavailable rather quickly so if a server is moderately busy it can already be flagged unavailable, we have had in the recent past DNSMaq versions where it looked more like at random, current version does moderately well but still it will sometimes pick the second or third available server while the first is still working so if your ISP server is in the list (if you did not Enable "Ignore WAN DNS") it will get used occasionally also as it is very quick to answer.
So bottom line it is fairly useless, just pick 2 or 3 reliable trusted servers and let DNSMasq use them all, it then uses the quickest
Of course DNS is not very secure at all so if you want better security use secure DNS (SmartDNS with DoT/DoH, DNSCrypt, Unbound, Stubby etc)
Posted: Sun Aug 28, 2022 22:32 Post subject: [Solved]
My questions have been answered so I'll leave it at that. _________________ ARCHER-C7v5 | v3.0-r55460 std | AP Gateway
WNDR4000|v24-52189_NEWD-2_K3.x_mega|Inactive Spare