I don't want to use my ISP's DNS servers, but I'm a little confused as there seems to be multiple places to configure alternate servers.
Using the LuCI interface, I can go to the WAN and WAN6 interfaces, under Advanced Settings, and clear the "Use DNS servers advertised by peer" checkbox. But then I can either enter the custom DNS servers there for the WAN interfaces, or I can enter them on the LAN interface page.
Also, the Network > DHCP and DNS page has a place for "DNS forwardings".
I entered my custom servers on the LAN interface page and it seems to be working fine. I'm just wondering whether there is a preferred way to do this, pros and cons, etc.
Thanks in advance. I'm running LEDE 17.01.4 on a WRT1900ACS.
I employ the “Use DNS servers advertised by peer” method and add my own DNS servers, but there is another option:
You can edit the LAN DHCP to directly hand out your preferred DNS servers to the clients, this is done under "DHCP-Options" section on Interfaces.
This would be a double step though, since you still have to specify WAN DNS servers or Resolvers if you want the router to resolve hostnames. Adding the DNS to the LAN interface only allows the router's LAN IP to resolve hostnames. But, if you're concerned about DNS leaks (which I've never observed), the LAN DHCP method would completely solve the problem.
Thanks. Some of that is over my head but I think I got some of it too.
But this confuses me,
as I have not specified WAN DNS servers, I only have them on the LAN interface, yet name resolution seems fine. I just pinged one of the NTP servers from the router command line and that worked too. So the router itself seems OK, as do clients.
Upon un-checking the "use advertised" and inserting 9.9.9.9 and 149.112.112.112, upon router reboot I have no internet access. Those DNS numbers were inserted under the Interfaces WAN section. Do I need to put them in the LAN only, both areas? I am running an otherwise working OpenVPN with an exit node of choice.
Looking the the Interfaces, and the two VPN interfaces, CSVPNTUN
CRYPTOSTORM_VPN, neither has a way to see what IPs they use. Only the LAN shows an IP address. LAN ip is: Pv4: 192.168.0.1/24
Hmm
I always remove all DNS servers from all interfaces.
And then i set the DNS servers directly in dnsmasq.
Name resolution on the router should always work because the DNS servers of all interfaces are getting collected in the resolv.conf file, along with 127.0.0.1 (the dns resolver instance on the router (dnsmasq, unbound or whaterver))
Atleast if you don't uncheck the “Use DNS servers advertised by peer” box or if you don't setup any dns servers anywhere.
If you have option noresolv '0' (default) dnsmasq will query all dns servers it can find in the resolv.conf file and also the servers which you can set up in dnsmasq directly.
Currently i have
search lan
nameserver 127.0.0.1
in my resolv.conf file. Because no nameservers are configured on the interfaces and the “Use DNS servers advertised by peer” box is unchecked.
and
list server 'x.x.x.x' list server 'x.x.x.x'
In my dhcp config file. (dnsmasq)
Works x)
Disadvantage here is if dnsmasq goes down, resolving will not work on the router.