Menu
What's new
By:
Filters Better Search

[AC3200] Should I enable DNSSEC?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

AntonK

AntonK

Very Senior Member
Hi,

I just switched from OpenDNS to Quad9 DNS. While I didn't with OpenDNS, should I enable DNSSEC with Quad9? Quad9's FAQ says,

Yes. Quad9 provides DNSSEC validation on all of our resolvers. This means that for domains that implement DNSSEC security, the Quad9 system will cryptographically ensure that the response provided matches the intended response of the domain operator. In the event of a cryptographic failure, our system will not return an answer at all. This ensures protection against domain spoofing or other attacks that attempt to provide false data. Learn more about DNSSEC here: https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en Note that some variations of our resolver (different IP addresses) may not provide DNSSEC.​

Since I don't really know what all this means, any suggestions? I'm using RMerlin's 384.6.

Thanks,
Anton
 
AntonK said:
Hi,

I just switched from OpenDNS to Quad9 DNS. While I didn't with OpenDNS, should I enable DNSSEC with Quad9? Quad9's FAQ says,

Yes. Quad9 provides DNSSEC validation on all of our resolvers. This means that for domains that implement DNSSEC security, the Quad9 system will cryptographically ensure that the response provided matches the intended response of the domain operator. In the event of a cryptographic failure, our system will not return an answer at all. This ensures protection against domain spoofing or other attacks that attempt to provide false data. Learn more about DNSSEC here: https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en Note that some variations of our resolver (different IP addresses) may not provide DNSSEC.​

Since I don't really know what all this means, any suggestions? I'm using RMerlin's 384.6.

Thanks,
Anton
Click to expand...


My 10 cents worth.......

Yes, you should.
But with a proviso, Merlin has put considerable work into DNSSEC recently. In my opinion you should update your firmware to 384.7 to take advantage of this, (currently in beta3 & running just fine), as part of your strategy.
 
Thanks Treadler! There is no 384.7 for the AC-3200, but I will enable it and see how it goes. The first thing I noticed was that I had to use the IP address to login to my router from my wired Desktop. The URL "router.asus.com/Main_Login.asp" would not work.
 
I agree with the above strategy. 384.7 will get your DNSSEC working properly. Not yet released for your model.
 
skeal said:
I agree with the above strategy. 384.7 will get your DNSSEC working properly. Not yet released for your model.
Click to expand...

There is no 384.7 for the AC-3200.
 
Does Cloudflare (1.1.1.1) DNS support DNSSec..
384.7 is a beta firmware although it appears to be already well regarded. Perhaps I should try it.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
I RT-AC3200 Merlin 384.13.10 - e2fsck abort with 'Memory Allocation failed' (10 GB swapfile!) Asuswrt-Merlin 14
B Solved What VPN Director rule should i use to be able to connect outside my home to my VPN provider? Asuswrt-Merlin 2
S What WAN packet overhead settings should I use? Asuswrt-Merlin 4
M Should I Change From Router Mode to Something Else? Asuswrt-Merlin 9
Yota How to enable port randomization in Asuswrt-Merlin? Asuswrt-Merlin 4
M How to Enable Hardware Acceleration /RT-AX86U Pro Asuswrt-Merlin 3
M enable IPv4 over LAN Asuswrt-Merlin 11
A Enable Web Access from WAN can't stay enabled Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 673 (members: 18, guests: 655)
Top