What's new

confused about the 3 different DNS settings

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Michael3421

Occasional Visitor
The web interface of the ZenWiFi AX (XT8) AX6600 (fw 3.0.0.4.388_23285) has three different settings for DNS. Other routers have just one setting, so I am confused about the difference between these three settings.

Two of the DNS settings are in the WAN section in the Internet connection tab. The first is "DNS server" which I set to Adguard. This seems to be old insecure DNS as the parameter is an IP address.

The second is "DNS Privacy protocol" which can be either "none" or "DoT". When set to DoT, I set it to Cloudflare.

The last group of DNS parameters is in the LAN section in the DHCP server tab. The options are "DNS Server 1" and "DNS Server 2". This seems to be old insecure DNS again as the parameters are IP addresses.

The mobile app has no setting for LAN side DNS. It has only one WAN DNS setting and it is the old insecure DNS IPs.

Can anyone compare and contrast these three different groups of DNS parameters? Thanks.
 
1. You need to have DNS servers or resolvers set in WAN/DNS Servers. These can be considered as the default and can be manually assigned or dynamically assigned by your ISP. These servers are used on startup to resolve time servers to set the routers time and can be used for "normal" resolution. The IP addresses used are Anycast addresses and can be resolved, normally, to the closest data center.

2. DNS over TLS or DoT is an optional setting that encrypts the request to and response from the upstream DNS servers. The upstream server must support DoT. Most do support DoT today. When DoT is enabled the WAN/DNS Servers are only used on system start and all other requests are sent through Dnasmaq/Stubby which are internal programs on the router. Normally the servers chosen should match the servers in WAN.DNS Servers.

3. The LAN/DHCP Server/DNS Server 1 and 2 are normally left blank. Putting an entry in here bypasses the WAN settings for DNS. There are exceprions to this. For example, some use a Pi-Hole DNS Server on their LAN and put its IP address in DNS Server 1. The LAN clients will use the Pi-Hole as the first DNS Server and the router as the second DNS server.

4. You did not ask but another DNS security setting is DNSSEC. This is a validation of the DNS Server response and can be used with or without DoT.

Hope this helps!

I use Cloudflare Secure servers at 1.1.1.2 and 1.0.0.2. I enable DNSSEC.
For DoT use 1.1.1.2 and 1.0.0.2 with TLS Hostname of security .cloudflare-dns.com This is a manual entry in the WAN GUI.
 
The web interface of the ZenWiFi AX (XT8) AX6600 (fw 3.0.0.4.388_23285) has three different settings for DNS. Other routers have just one setting, so I am confused about the difference between these three settings.

Two of the DNS settings are in the WAN section in the Internet connection tab. The first is "DNS server" which I set to Adguard. This seems to be old insecure DNS as the parameter is an IP address.

The second is "DNS Privacy protocol" which can be either "none" or "DoT". When set to DoT, I set it to Cloudflare.

The last group of DNS parameters is in the LAN section in the DHCP server tab. The options are "DNS Server 1" and "DNS Server 2". This seems to be old insecure DNS again as the parameters are IP addresses.

The mobile app has no setting for LAN side DNS. It has only one WAN DNS setting and it is the old insecure DNS IPs.

Can anyone compare and contrast these three different groups of DNS parameters? Thanks.

DNS will always be IPs. That does not make them insecure, it just makes them actually work.
 
Is it normal that my router has a different DNS than my PC? Is it better for them to be the same?
 
@Nadergg DNS servers are rarely supersecret; so I'd probably post a couple of screenshot examples. And probably as a new question, though I'm pretty sure it's going to be nothing to worry about!
 
Is it normal that my router has a different DNS than my PC?
Yes. Normally your router will use your ISP's DNS servers and your PCs will use the router as their DNS (e.g. 192.168.50.1). But you need to tell us what DNS servers you are seeing.

Is it better for them to be the same?
That depends, but probably not.
 
Last edited:
Is it normal that my router has a different DNS than my PC? Is it better for them to be the same?
Typically it depends on how you have configured your router's WAN DNS and LAN DNS settings? Post some readable screen shots. It may also depend on the LAN client (PC) itself and if it has a manual DNS configuration set.

Some will have their router's WAN DNS configured to use their broadband provider's ISP's. And have the LAN DNS empty which means the LAN clients would use the router's IP address as it's DNS address. Others will have different DNS servers in the LAN DNS section which means the router uses one set of DNS servers but the LAN clients use a different one (as configured in the LAN DNS section).
 
@Nadergg DNS servers are rarely supersecret; so I'd probably post a couple of screenshot examples. And probably as a new question, though I'm pretty sure it's going to be nothing to worry about!
So should I not post pictures of how it's configured? Sorry I don't know if it's safe but I see some guys trying to help asking for pictures so I'm confused xD
 
Yes. Normally your router will use your ISP's DNS servers and your PCs will use the router as their DNS (e.g. 192.168.50.1). But you need to tell us what DNS servers you are seeing.


That depends, but probably not.
It's so confusing because my ISP "modem" has 2 DNSs, then my asus router has a different DNS, then my PC has a different DNS from all the others. Hahaha what a mess.

Also the WAN and LAN IPs from ISP modem and Asus router are different. :'(
 
Typically it depends on how you have configured your router's WAN DNS and LAN DNS settings? Post some readable screen shots. It may also depend on the LAN client (PC) itself and if it has a manual DNS configuration set.

Some will have their router's WAN DNS configured to use their broadband provider's ISP's. And have the LAN DNS empty which means the LAN clients would use the router's IP address as it's DNS address. Others will have different DNS servers in the LAN DNS section which means the router uses one set of DNS servers but the LAN clients use a different one (as configured in the LAN DNS section).
I'm so confused lol. The ISP "modem" has 2 DNSs, then my asus router has a different DNS, then my PC has a different DNS from all the others. Also the WAN and LAN IPs from ISP modem and Asus router are different, so I don't know if that could cause extra latency.
 
I'm so confused lol. The ISP "modem" has 2 DNSs, then my asus router has a different DNS, then my PC has a different DNS from all the others. Also the WAN and LAN IPs from ISP modem and Asus router are different, so I don't know if that could cause extra latency.
DNS has nothing to do with latency.
 
I'm so confused lol. The ISP "modem" has 2 DNSs, then my asus router has a different DNS, then my PC has a different DNS from all the others. Also the WAN and LAN IPs from ISP modem and Asus router are different, so I don't know if that could cause extra latency.
You initially asked about DNS servers, now you are asking if that can cause latency? What are you really asking about? Latency or DNS? As already indicated DNS typically has nothing to do with latency unless there is a problem on the DNS server side.

Access your router's GUI page and look at the WAN section to see what the router is using for DNS. Next, look at the LAN > DHCP Server page in the DNS and WINS Server Setting and in the Manually Assigned IP addresses in the DHCP scope (if using manual reservations) sections to see what DNS servers, if any, are configured and handed out to network clients. Finally look at the PC's network settings to see how it's configured. Look to see it has manual DNS entries. What you do from there depends on what you are seeking to do about the DNS servers your local network uses or that you want to use. If you use VPN or similar that too may/will likely introduce different DNS servers.
 
Last edited:
Regards posting images of your settings: Don't include anything that can identify you or your network. So the most important thing is to avoid posting names, physical addresses, WAN IP addresses, and just be careful with MAC addresses and network names. Your DNS server IP addresses will be the same as many other thousands of users, so they're normally nothing to worry about. As for the effects of (or rather not) of DNS on latency, it's a common misconception.
My own DNS entries are on the WAN page using the DNS-over-TLS settings. Not because I don't trust my ISP (BT), I probably trust Cloudflare less, but it's an easy way to set IPv6 DNS, and I like easy solutions!
 
You initially asked about DNS servers, now you are asking if that can cause latency? What are you really asking about? Latency or DNS? As already indicated DNS typically has nothing to do with latency unless there is a problem on the DNS server side.

Access your router's GUI page and look at the WAN section to see what the router is using for DNS. Next, look at the LAN > DHCP Server page in the DNS and WINS Server Setting and in the Manually Assigned IP addresses in the DHCP scope (if using manual reservations) sections to see what DNS servers, if any, are configured and handed out to network clients. Finally look at the PC's network settings to see how it's configured. Look to see it has manual DNS entries. What you do from there depends on what you are seeking to do about the DNS servers your local network uses or that you want to use. If you use VPN or similar that too may/will likely introduce different DNS servers.
Hey, yeah sorry I'm asking because I'm don't know much about this topic. I understand it might be frustrating to read such stupid questions, sorry about that.
These are some pictures of what you mentioned. Asus is in bridge mode.

WAN Settings on Asus router: LAN Settings on Asus router:
WAN.PNG
LAN.PNG


Thank you
 
Regards posting images of your settings: Don't include anything that can identify you or your network. So the most important thing is to avoid posting names, physical addresses, WAN IP addresses, and just be careful with MAC addresses and network names. Your DNS server IP addresses will be the same as many other thousands of users, so they're normally nothing to worry about. As for the effects of (or rather not) of DNS on latency, it's a common misconception.
My own DNS entries are on the WAN page using the DNS-over-TLS settings. Not because I don't trust my ISP (BT), I probably trust Cloudflare less, but it's an easy way to set IPv6 DNS, and I like easy solutions!
Thanks alot Crim. I will keep that in mind, no sharing WAN IP :)

So this is what my ISP menu has on DNS and LAN IP:

1724537352560.png


And this is on Asus router:

1724537385804.png


DNS on Asus is set to automatic from ISP.

Thanks !
 
Your router is in double NAT and most likely uses 192.168.1.1 as DNS - your ISP router's LAN IP address. UPnP doesn't work in double NAT.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top