Confirm devices are using provided DNS

I setup a guest network for all my smart devices. I want to force them all to use certain DNS servers, so I went into LuCi -> Network -> Interfaces -> Guest -> DHCP Server -> Advanced Settings and updated the DHCP-Options with "6,<server 1>,<server2>". Is there a way that I can verify my smart devices are actually using these servers? I'm slightly confused about the following:

  • if I go into WAN -> Advanced Settings, I see "Use DNS servers advertised by peer" is checked.

  • I just came across this article which reads:

[smart devices]... were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely

Thanks for the help!

This is for WAN to do DNS look ups for the router and clients. if unchecked, you specify your own. Basically, this is to override your ISP-provided DNS server.

Obviously you can't help that. See:

You can also run tcpdump to ensure the hosts are getting DNS request and replies from the configured IP.

1 Like

Thanks for the response.

This is where my misunderstanding of interfaces comes into play. If I configured DNS for one of my interfaces (in the example above, my Guest interfae. I could also do the same for my LAN interface) but keep the DNS box checked in WAN, does it override the Guest/LAN settings? Or do those interfaces resolve DNS queries separately from WAN? If it's separate, which clients does the WAN resolve DNS queries for?

Just to make sure I understand-- basically, there's nothing I can do to prevent devices from trying to intercept DNS but if I follow the guide then I can workaround it?

I can run that from my laptop or something. Does that ensure that all other devices connected to the network will also use the same servers?

edit: I see, I can run tcpdump if I ssh into the router. I suppose I could filter out traffic from the device for port 53 and inspect the response. Does that sound right?

No, there's nothing you can do about devices trying to use their hard-coded DNS servers, but you can intercept and reroute the requests in your FW.