Domain name in router & web server, in double-natted set

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
atomicamp
DD-WRT User


Joined: 16 Apr 2018
Posts: 107
Location: Milwaukee, WI

PostPosted: Thu Jan 26, 2023 17:56    Post subject: Domain name in router & web server, in double-natted set Reply with quote
For ages I have struggled to fully understand and comprehend DNS and Domain name in routers, on servers, and on clients. I am still struggling and was hoping someone could explain and recommend a configuration in my DD-WRT router that suits my needs.

First of all, my DD-WRT router is behind my ISP router on a double nat configuration. I have just reset both routers to the default settings. My ISP router doesn't let me change it's DNS settings, hostname, or domain name. When plugging in my DD-WRT router into my ISP router, and going to the DD-WRT Status>Router page, my ddwrt shows the "WAN Domain Name" as "attlocal.net".

1) What exactly does this mean, and what is it doing by using my isp routers domain name? Does this affect my search results, or somehow affect my privacy, the way that using your ISP DNS affects your privacy?

2) What should my custom DD-WRT domain name actually be, and what are the consequences of using a custom domain name in dd-wrt? Does this custom domain name bypass the ISP routers domain name in the same way that setting a custom DNS in my ddwrt router would prevent using my ISP routers DNS by using a custom DNS?

3) I am also running an ubuntu web server behind my DD-WRT setup. When connecting the web server to the ddwrt router is seems as though my dd-wrt router pushes my ISP routers domain name to the ubuntu server, because ubuntu server lists my DNS Server and DNS Domain as:

Code:
DNS Servers: 192.168.2.1
DNS Domain: attlocal.net


What are the effects of using my DDWRT's local DNS server (192.168.2.1) while also using the pushed domain name (attlocal.net) to the web server as well? What are the benefits and tradeoffs to changing my DD-wrt Domain name to "ddwrt.local" and pushing that domain to my web server? and what exactly does a domain do to a webserver, particularly, if attempting to run an unbound dns server on it?

Basically, I am very confused as to what a domain name on a router even does and how it's compared to a DNS server. For example, If I set my DDWRT router to use 1.1.1.1 (under "Basic Setup>Network Setup>Router IP>Local IP Address"), it is my understanding the this forces all traffic behind my ddwrt router to query cloudflare for dns records instead of querying my ISP routers dns server for dns records, effectively preventing ATNT from knowing my dns queries. Does the Domain name set in ddwrt settings work in a similar fashion?

Thanks for any help and explanations. I have never wrapped my head around Domain names in routers.

_________________
DanRanRocks - Tech Tutorials by Dan Ran

https://github.com/danrancan
dan@danran.rockst
My Blog https://danran.rocks
Join me on key base! and Add me on Keybase

Current Linksys WRT3200acm Firmware "DD-WRT v3.0-r51140 std (12/31/22)
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jan 27, 2023 12:53    Post subject: Reply with quote
You cannot use "local" as domain name that is reserved for mDNS.

I use home1 (and for other routers home2 etc) it is just for local DNS resolving.

So I can connect to my main router with name R7800 and domain name home1 at: r7800.home1

Even if you do not use your ISP DNS (On Setup page tick/enable "Ignore WAN DNS"), your provider can see DNS queries as those are not secure.

For secure DNS see the Smart DNS guide, a sticky in this forum or use unbound, stubby etc.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Fri Jan 27, 2023 15:07    Post subject: Reply with quote
yep domain name is for local resolution...so, you use name instead of IP to connect...as both will produce the same outcome..its like a local DNS resolving name to IP..it does not affect security...
as local names are not pushed forward...

For DNS, DDWRT uses DNSmasq and there is a good documentation about it... all the gold is there
https://dnsmasq.org/docs/dnsmasq-man.html

atomicamp wrote:
"For example, If I set my DDWRT router to use 1.1.1.1 (under "Basic Setup>Network Setup>Router IP>Local IP Address"), it is my understanding the this forces all traffic behind my ddwrt router to query cloudflare for dns records instead of querying my ISP routers dns server for dns records, effectively preventing ATNT from knowing my dns queries. Does the Domain name set in ddwrt settings work in a similar fashion? "


NOPE you dont have to use that field for DNS...leave local DNS to 0.0.0.0 (its used only for WAP and some other, rare occasions)
If you click ignore WAN DNS (in case if you are using dynamic DHCP WAN otherwise it wont be visible)
than your router will use only DNS servers specified in the x3 DNS box's (whatever you put there)..
If you use a static IP for WAN, to ignore the WAN DNS(ISP DNS) that could be fetched, you have to use those commands in advanced DNS commands:
no-resolv
server=9.9.9.9

-first line will tell DNSmasq to ignore any other DNS's (like those that could be fetched by your ISP to the stack)
-second line are the servers you want to use...you can add as many as you like...

To mitigate the chance of your DNS requests(plain via port 53) to be captured, as egc advised, you better use an encrypted DNS...as encrypted DNS is using either port853 TLS port or port 443 https.

The easiest way is, to use SmartDNS or DNScrypt witch are implemented on DDWRT firmware, and work out of the box...just to notice DDWRT DNScrypt is using the old version 1.95 that has limited support or even none, but there is a guide for the more versatile new version of it DNScrypt-proxy v2, green link in my sig Smile Smile and for Stubby(very light option for DNS over TLS) red link Razz Razz, there is also Unbound option, which is more versatile and there was a guide for it on the forum too...have a search for it...

ATM the easiest to use of them all is SmartDNS (for DoT or DoH), as it only requires to add your preferred DNS in its valid format..and enable the Use Additional Servers Only option...

The most secure and versatile is DNScrypt-proxy v2.xx, but you have to run it form USB/Entware..
Unbound its also very reliable and secure....but as some of the others options it needs USB and Entware...

How to install Entware on DDWRT https://wiki.dd-wrt.com/wiki/index.php/Installing_Entware

on my routers i use SmartDNS, Stubby or DNScrypt-proxy v2...well...not all of them on the same time Rolling Eyes Laughing Laughing

p.s. Bear in mind, that not all routers have ssl implemented so, SmartDNS Doh or Dot option will not work on routers that dont have it...routers with 16MB flash and above will be ok...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Fri Jan 27, 2023 21:02; edited 1 time in total
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Fri Jan 27, 2023 19:44    Post subject: Reply with quote
Use home.arpa for local DNS ... there was a thread and discussion about it, and now with mDNS, it's a must.
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
atomicamp
DD-WRT User


Joined: 16 Apr 2018
Posts: 107
Location: Milwaukee, WI

PostPosted: Sun Jan 29, 2023 16:53    Post subject: Reply with quote
dale_gribble39 wrote:
Use home.arpa for local DNS ... there was a thread and discussion about it, and now with mDNS, it's a must.

Do you have a link to that discussion? I would like to research this and exactly what you mean.

_________________
DanRanRocks - Tech Tutorials by Dan Ran

https://github.com/danrancan
dan@danran.rockst
My Blog https://danran.rocks
Join me on key base! and Add me on Keybase

Current Linksys WRT3200acm Firmware "DD-WRT v3.0-r51140 std (12/31/22)
atomicamp
DD-WRT User


Joined: 16 Apr 2018
Posts: 107
Location: Milwaukee, WI

PostPosted: Sun Jan 29, 2023 16:58    Post subject: Reply with quote
egc wrote:

Even if you do not use your ISP DNS (On Setup page tick/enable "Ignore WAN DNS"), your provider can see DNS queries as those are not secure.


Thanks for this.
To be clear, If i use the "Ignore WAN DNS" option, where do I enter my preferred DNS to replace that then? Can I just enter 1.1.1.1 in the "Basic_Setup>Network_Setup>Local_DNS" box and my router will then use 1.1.1.1 instead of the ISP routers dns? Otherwise, what DNS does ddwrt use if the "Ignore WAN DNS" option is checked?

_________________
DanRanRocks - Tech Tutorials by Dan Ran

https://github.com/danrancan
dan@danran.rockst
My Blog https://danran.rocks
Join me on key base! and Add me on Keybase

Current Linksys WRT3200acm Firmware "DD-WRT v3.0-r51140 std (12/31/22)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sun Jan 29, 2023 17:33    Post subject: Reply with quote
If you ticked ignore wan dns you will use what you entered in static dns.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Mon Jan 30, 2023 1:21    Post subject: Reply with quote
atomicamp wrote:
dale_gribble39 wrote:
Use home.arpa for local DNS ... there was a thread and discussion about it, and now with mDNS, it's a must.

Do you have a link to that discussion? I would like to research this and exactly what you mean.

Not much discussion about it. Someone linked an article and I linked the current dnsmasq wiki. Do you not know how to set your local domain or used WAN domain? Razz Rolling Eyes

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329964

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum