DNS Server issue

[Find the Door]

I'm having this issue:

As you can see my devices are pulling "192.168.1.1" as their DNS server. I'd rather they actually used what I set in the router. This seems to be some sort of glitch?


Here's my log:

Dec 31 16:00:08 syslogd started: BusyBox v1.17.4
Dec 31 16:00:08 kernel: klogd started: BusyBox v1.17.4 (2013-08-01 15:42:16 CST)
Dec 31 16:00:08 kernel: Linux version 2.6.22.19 (root@asus) (gcc version 4.2.4) #1 Thu Aug 1 15:45:24 CST 2013
Dec 31 16:00:08 kernel: CPU revision is: 00019749
Dec 31 16:00:08 kernel: Found an ST compatible serial flash with 32 64KB blocks; total size 2MB
Dec 31 16:00:08 kernel: Determined physical RAM map:
Dec 31 16:00:08 kernel: memory: 07fff000 @ 00000000 (usable)
Dec 31 16:00:08 kernel: memory: 08000000 @ 87fff000 (usable)
Dec 31 16:00:08 kernel: Built 1 zonelists. Total pages: 585216
Dec 31 16:00:08 kernel: Kernel command line: root=/dev/mtdblock3 console=ttyS0,115200 init=/sbin/preinit
Dec 31 16:00:08 kernel: Primary instruction cache 32kB, physically tagged, 4-way, linesize 32 bytes.
Dec 31 16:00:08 kernel: Primary data cache 32kB, 4-way, linesize 32 bytes.
Dec 31 16:00:08 kernel: PID hash table entries: 2048 (order: 11, 8192 bytes)
Dec 31 16:00:08 kernel: CPU: BCM5300 rev 1 pkg 0 at 600 MHz
Dec 31 16:00:08 kernel: Using 300.000 MHz high precision timer.
Dec 31 16:00:08 syslog: module ledtrig-usbdev not found in modules.dep
Dec 31 16:00:08 syslog: module leds-usb not found in modules.dep
Dec 31 16:00:08 kernel: Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Dec 31 16:00:08 kernel: Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Dec 31 16:00:08 kernel: Mount-cache hash table entries: 512
Dec 31 16:00:08 kernel: PCI: Initializing host
Dec 31 16:00:08 kernel: PCI: Reset RC
Dec 31 16:00:08 kernel: PCI: Initializing host
Dec 31 16:00:08 kernel: PCI: Reset RC
Dec 31 16:00:08 kernel: PCI: Fixing up bus 0
Dec 31 16:00:08 kernel: PCI/PCIe coreunit 0 is set to bus 1.
Dec 31 16:00:08 kernel: PCI: Fixing up bridge
Dec 31 16:00:08 kernel: PCI: Fixing up bridge
Dec 31 16:00:08 kernel: PCI: Enabling device 0000:01:00.1 (0004 -> 0006)
Dec 31 16:00:08 kernel: PCI: Fixing up bus 1
Dec 31 16:00:08 kernel: PCI/PCIe coreunit 1 is set to bus 2.
Dec 31 16:00:08 kernel: PCI: Fixing up bridge
Dec 31 16:00:08 kernel: PCI: Fixing up bridge
Dec 31 16:00:08 kernel: PCI: Enabling device 0000:02:00.1 (0004 -> 0006)
Dec 31 16:00:09 kernel: PCI: Fixing up bus 2
Dec 31 16:00:09 kernel: IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
Dec 31 16:00:09 kernel: TCP established hash table entries: 16384 (order: 5, 131072 bytes)
Dec 31 16:00:09 kernel: TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
Dec 31 16:00:09 kernel: highmem bounce pool size: 64 pages
Dec 31 16:00:09 kernel: pflash: found no supported devices
Dec 31 16:00:09 kernel: Boot partition size = 262144(0x40000)
Dec 31 16:00:09 kernel: Creating 2 MTD partitions on "sflash":
Dec 31 16:00:09 kernel: 0x00000000-0x00040000 : "pmon"
Dec 31 16:00:09 kernel: 0x001f0000-0x00200000 : "nvram"
Dec 31 16:00:09 kernel: Found a Zentel NAND flash with 2048B pages or 128KB blocks; total size 128MB
Dec 31 16:00:09 kernel: lookup_nflash_rootfs_offset: offset = 0x0
Dec 31 16:00:09 kernel: nflash: squash filesystem with lzma found at block 9
Dec 31 16:00:09 kernel: Creating 4 MTD partitions on "nflash":
Dec 31 16:00:09 kernel: 0x00000000-0x02000000 : "linux"
Dec 31 16:00:09 kernel: 0x00132ea0-0x02000000 : "rootfs"
Dec 31 16:00:09 kernel: 0x04000000-0x06000000 : "linux2"
Dec 31 16:00:09 kernel: 0x04132ea0-0x06000000 : "rootfs2"
Dec 31 16:00:09 kernel: Creating 3 MTD partitions on "brcmnand":
Dec 31 16:00:09 kernel: 0x00000000-0x02000000 : "trx"
Dec 31 16:00:09 kernel: 0x02000000-0x04000000 : "jffs2"
Dec 31 16:00:09 kernel: 0x04000000-0x07f00000 : "brcmnand"
Dec 31 16:00:09 kernel: dev_nvram_init: _nvram_init
Dec 31 16:00:09 kernel: _nvram_init: allocat size= 65536
Dec 31 16:00:09 kernel: u32 classifier
Dec 31 16:00:09 kernel: OLD policer on
Dec 31 16:00:09 kernel: Netfilter messages via NETLINK v0.30.
Dec 31 16:00:09 kernel: nf_conntrack version 0.5.0 (2048 buckets, 16384 max)
Dec 31 16:00:09 kernel: ipt_time loading
Dec 31 16:00:09 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Dec 31 16:00:09 kernel: net/ipv4/netfilter/tomato_ct.c [Aug 1 2013 15:44:46]
Dec 31 16:00:09 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Dec 31 16:00:09 kernel: VFS: Mounted root (squashfs filesystem) readonly.
Dec 31 16:00:09 kernel: Warning: unable to open an initial console.
Dec 31 16:00:09 kernel: Failed to execute /sbin/preinit. Attempting defaults...
Dec 31 16:00:09 kernel: ctf: module license 'Proprietary' taints kernel.
Dec 31 16:00:09 kernel: et_module_init: passivemode set to 0x0
Dec 31 16:00:09 kernel: et_module_init: et_txq_thresh set to 0x400
Dec 31 16:00:09 kernel: bcm_robo_enable_switch: EEE is disabled
Dec 31 16:00:09 kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.30.102.9 (r366174)
Dec 31 16:00:09 kernel: PCI: Enabling device 0000:01:01.0 (0000 -> 0002)
Dec 31 16:00:09 kernel: eth1: Broadcom BCM4331 802.11 Wireless Controller 6.30.102.9 (r366174)
Dec 31 16:00:09 kernel: PCI: Enabling device 0000:02:01.0 (0000 -> 0002)
Dec 31 16:00:09 kernel: eth2: Broadcom BCM4360 802.11 Wireless Controller 6.30.102.9 (r366174)
Dec 31 16:00:09 kernel: Algorithmics/MIPS FPU Emulator v1.5
Dec 31 16:00:09 kernel: SCSI subsystem initialized
Dec 31 16:00:09 kernel: ufsd: driver (8.6 U86_r187446_b122, LBD=ON, acl, ioctl, rwm, ws, sd) loaded at c0209000
Dec 31 16:00:09 kernel: NTFS (with native replay) support included
Dec 31 16:00:09 kernel: optimized: speed
Dec 31 16:00:09 kernel: Build_for__asus_n66u_2011-10-27_U86_r187446_b122
Dec 31 16:00:10 kernel: wlc_phy_cal_init_acphy: NOT Implemented
Dec 31 16:00:11 stop_nat_rules: apply the redirect_rules!
Dec 31 16:00:11 WAN Connection: ISP's DHCP did not function properly.
Dec 31 16:00:11 RT-AC66R: start httpd
Dec 31 16:00:15 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Dec 31 16:00:16 WAN Connection: WAN was restored.
Dec 31 16:00:16 kernel: nf_conntrack_rtsp v0.6.21 loading
Dec 31 16:00:16 kernel: nf_nat_rtsp v0.6.21 loading
Dec 31 16:00:16 rc_service: udhcpc 340:notify_rc stop_upnp
Dec 31 16:00:16 rc_service: udhcpc 340:notify_rc start_upnp
Dec 31 16:00:16 rc_service: udhcpc 340:notify_rc stop_ntpc
Dec 31 16:00:16 rc_service: udhcpc 340:notify_rc start_ntpc
Dec 31 16:00:16 dhcp client: bound 24.20.9.4 via 24.20.8.1 during 207751 seconds.
Aug 21 00:57:54 rc_service: ntp 388:notify_rc restart_upnp
Aug 21 01:59:02 rc_service: httpd 305:notify_rc restart_wan_if 0
Aug 21 01:59:02 stop_wan(): perform DHCP release
Aug 21 01:59:04 WAN Connection: ISP's DHCP did not function properly.
Aug 21 01:59:04 stop_nat_rules: apply the redirect_rules!
Aug 21 01:59:05 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Aug 21 01:59:05 rc_service: udhcpc 406:notify_rc stop_upnp
Aug 21 01:59:05 rc_service: udhcpc 406:notify_rc start_upnp
Aug 21 01:59:05 dhcp client: bound 24.20.9.4 via 24.20.8.1 during 204079 seconds.
Aug 21 01:59:09 WAN Connection: WAN was restored.

Anyone have any experience with this?

Thanks,
Door

 

[krum]

Far as the screen, its using the routers DNS, and you have IPv6 running, IPv6 trumps your IPv4 DNS.

Chris

 

[Find the Door]

Far as the screen, its using the routers DNS, and you have IPv6 running, IPv6 trumps your IPv4 DNS.

Chris

I think I have it disabled as far as I know. I primarily use this router for gaming on my Xbox 360 which isn't a IPv6 device. The reason I have it disabled is because when enabled my Xbox would always get a strict nat.

Here's a screen:

 

[PeterT]

You're confusing a few things here.

The WAN settings you show apply to the router itself, and are just the IP addresses IT will use in performing IP lookups.

What you want to do is to configure the DNS server addresses used by the DHCP server; take a look at LAN - DHCP Server settings, and set the DNS addresses you want the workstations to have in the DNS server field.

 

[Find the Door]

You're confusing a few things here.

The WAN settings you show apply to the router itself, and are just the IP addresses IT will use in performing IP lookups.

What you want to do is to configure the DNS server addresses used by the DHCP server; take a look at LAN - DHCP Server settings, and set the DNS addresses you want the workstations to have in the DNS server field.

I've done that also to no avail

Screenshot:

Plus I'm only able to enter one DNS server here - where as my Xbox asks for two?

 

[Find the Door]

Actually now the primary has changed, however, the secondary still remains the same as there's only one space to input a DNS server in the UI. Are you supposed to separate them by comma's or something (EDIT: won't let me only numbers and periods)? Because of this "192.168.1.1" remains my secondary DNS server.

 

[cmillar6]

What you are seeing is normal behavior, 192.168.1.1 will always show as your DNS server unless you manually assign DNS in the TCP/IPv4 settings specific to your adaptor within Windows.

 

[Find the Door]

What you are seeing is normal behavior, 192.168.1.1 will always show as your DNS server unless you manually assign DNS in the TCP/IPv4 settings specific to your adaptor within Windows.

Thank you guys for all your help - love this forum.

One last question - what do I do for my Xbox being that it asks for two DNS servers?

 

[Find the Door]

Also here's the reason I'm doing this - I'm using Namebench to find the optimum DNS server(s) for my connection.


I just ran it after changing settings and rebooting everything and here's my result:

 

[RMerlin]

Also here's the reason I'm doing this - I'm using Namebench to find the optimum DNS server(s) for my connection.


I just ran it after changing settings and rebooting everything and here's my result:

Those "benchmarks" are useless if what you are looking for is to improve performance. Having a given DNS resolve an IP in 2ms instead of 4ms won't have any measurable effect, since once it was resolved by a computer, the result gets cached, so it won't need to reconnect to the DNS for quite some time.

Also, using a DNS server that is not located clsoe to you network-wise might mean that when streaming from Netflix or Youtube (amongst other things), the DNS might give you a streaming server that is far from you. So while you will save 2 ms on that single DNS query, your might have buffering problems on the stream itself.

The ideal configuration is to let your router give its own IP to your computers, and stick to your ISP's DNS servers on the WAN page (meaning leave it on Auto). That way, the router can act as an additional DNS cache in addition to each computer having its own cache. By default, the router will cache up to 1500 DNS queries. And your ISP's DNS servers will point you at streaming servers that are closer to them, sometimes even to a cache they run on their own network. The only time one might want to change DNS is if their ISP's DNS are broken/unreliable, or they need DNS-level filtering such as provided by OpenDNS.

 

[Find the Door]

Those "benchmarks" are useless if what you are looking for is to improve performance. Having a given DNS resolve an IP in 2ms instead of 4ms won't have any measurable effect, since once it was resolved by a computer, the result gets cached, so it won't need to reconnect to the DNS for quite some time.

Also, using a DNS server that is not located clsoe to you network-wise might mean that when streaming from Netflix or Youtube (amongst other things), the DNS might give you a streaming server that is far from you. So while you will save 2 ms on that single DNS query, your might have buffering problems on the stream itself.

The ideal configuration is to let your router give its own IP to your computers, and stick to your ISP's DNS servers on the WAN page (meaning leave it on Auto). That way, the router can act as an additional DNS cache in addition to each computer having its own cache. By default, the router will cache up to 1500 DNS queries. And your ISP's DNS servers will point you at streaming servers that are closer to them, sometimes even to a cache they run on their own network. The only time one might want to change DNS is if their ISP's DNS are broken/unreliable, or they need DNS-level filtering such as provided by OpenDNS.

So leave WAN DNS on Auto, and leave LAN - DCHP DNS field blank?

Also should I have the router firewall enabled or disabled for Xbox 360 play?

Thanks so much for the reply - I really appreciate it!

 

[RMerlin]

So leave WAN DNS on Auto, and leave LAN - DCHP DNS field blank?

Also should I have the router firewall enabled or disabled for Xbox 360 play?

Thanks so much for the reply - I really appreciate it!

DNS: that's correct. A blank entry on the DHCP page means the router will automatically push its own IP instead.

For the firewall, never ever disable it, as it would also break NAT. There should be no reason to change anything for the XBox 360 online gaming to work properly, just make sure you have UPnP enabled on the router (this should be the default).

 

[Find the Door]

DNS: that's correct. A blank entry on the DHCP page means the router will automatically push its own IP instead.

For the firewall, never ever disable it, as it would also break NAT. There should be no reason to change anything for the XBox 360 online gaming to work properly, just make sure you have UPnP enabled on the router (this should be the default).

Hope I'm not being a bother but would it be a problem to have UpNp disabled and use DMZ instead? I've been told UpNp is a potential security risk in my readings before, and I've also heard it's a nit slower for gaming rather than just opening the Xbox's IP completely 24/7 with DMZ?


Also does the DOS Protection feature really work? I primarily play sports games against others online and some will DOS attack you to "knock you offline" will this feature actually withstand a real world attack?

Thanks again Merlin!

 

[RMerlin]

Hope I'm not being a bother but would it be a problem to have UpNp disabled and use DMZ instead? I've been told UpNp is a potential security risk in my readings before, and I've also heard it's a nit slower for gaming rather than just opening the Xbox's IP completely 24/7 with DMZ?


Also does the DOS Protection feature really work? I primarily play sports games against others online and some will DOS attack you to "knock you offline" will this feature actually withstand a real world attack?

Thanks again Merlin!

A DMZ is a far greater security risk since it means: "Take whatever traffic you get that isn't aimed at a specific client, and send it all to the XBox". Plus, it will also break various other functionalities.

Port forwarding on such a high-end router should have next to no impact on performance versus DMZ.

UPnP is relatively safe for a home environment, provided you have control of every computers and devices connected. Also, Asuswrt uses a upnp daemon that has historically been less affected by specific security holes. My customized firmware even uses the very latest version available - Asus's is a bit older, but I don't remember any known security vulnerability being disclosed for the version they use.

All the DDoS protection option does is throttle the rate at which your router will answer some specific packets. To be honest, it will do next to nothing to protect you if anyone was actually flooding you with gigabits of traffic coming from thousands of zombies on the net. It might not saturate your upstream with replies, but your downstream will still be quickly saturated.

There is very little a home user can do to protect against modem's DDoS. Only your ISP and its own uplinks can do anything to protect you.

Back in the day, this was another story. I remember someone once trying to hit me from his dialup modem. I won't go into the detail because after 15+ years I totally forgot the details, but let's just say that a specially crafted packet I sent back at him told his modem to stop listening to the "+++" sequence and to hang up.

I didn't get a single additional packet from that guy that night... <evil grin>

 

[Find the Door]

A DMZ is a far greater security risk since it means: "Take whatever traffic you get that isn't aimed at a specific client, and send it all to the XBox". Plus, it will also break various other functionalities.

Port forwarding on such a high-end router should have next to no impact on performance versus DMZ.

UPnP is relatively safe for a home environment, provided you have control of every computers and devices connected. Also, Asuswrt uses a upnp daemon that has historically been less affected by specific security holes. My customized firmware even uses the very latest version available - Asus's is a bit older, but I don't remember any known security vulnerability being disclosed for the version they use.

All the DDoS protection option does is throttle the rate at which your router will answer some specific packets. To be honest, it will do next to nothing to protect you if anyone was actually flooding you with gigabits of traffic coming from thousands of zombies on the net. It might not saturate your upstream with replies, but your downstream will still be quickly saturated.

There is very little a home user can do to protect against modem's DDoS. Only your ISP and its own uplinks can do anything to protect you.

Back in the day, this was another story. I remember someone once trying to hit me from his dialup modem. I won't go into the detail because after 15+ years I totally forgot the details, but let's just say that a specially crafted packet I sent back at him told his modem to stop listening to the "+++" sequence and to hang up.

I didn't get a single additional packet from that guy that night... <evil grin>

LOL that's what I figured. Thanks for the story!

Does DDos protection have any impact on performance? Also where can you find an editable MTU setting within the UI?

 

[RMerlin]

LOL that's what I figured. Thanks for the story!

Does DDos protection have any impact on performance? Also where can you find an editable MTU setting within the UI?

The impact should be quite minimal, unless under very high traffic.

The MTU is only configurable for PPPoE connections.

 

[Find the Door]

The impact should be quite minimal, unless under very high traffic.

The MTU is only configurable for PPPoE connections.

So it will select the optimum MTU regardless then?

 

[RMerlin]

So it will select the optimum MTU regardless then?

Most of the time the MTU doesn't need to be changed from the 1500 value that is the default for Ethernet. PPPoE is a special case since, due to the encapsulation, the packets must be reduced in size before the PPP header gets added on it.