What's new

Multiple DNS Servers - How does the router decide which one to use?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Try nslookup shacksigning.com or go to https://dnscheck.tools/. Do you get a rebind message in the log?

nslookup shacksigning.com:

Code:
blacklynx@RT-AC68U-2500:/tmp/home/root# nslookup shacksigning.com
Server:    138.122.80.220
Address 1: 138.122.80.220

Name:      shacksigning.com
Address 1: 192.243.59.20
Address 2: 192.243.61.227
Address 3: 173.233.137.44
Address 4: 192.243.61.225
Address 5: 192.243.59.12
Address 6: 173.233.137.52
Address 7: 173.233.139.164
Address 8: 173.233.137.36
Address 9: 173.233.137.60
Address 10: 192.243.59.13

In dnscheck.tools this appears at the end of the information:

Code:
Great! Your DNS responses are authenticated:

DNSSEC Signature

    Correct:
    Invalid:
    Expired:
    Missing:

ECDSA P-256 (PASS)

    connected
    not connected
    not connected
    not connected

ECDSA P-384 (PASS)

    connected
    not connected
    not connected
    not connected

Ed25519 (PASS)

    connected
    not connected
    not connected
    not connected

It's working correctly?
 
It's working correctly?
Do the nslookup from a client PC not the router. What do you see in the router's system log?

Correction: Don't use the previous nslookup command, use this instead: nslookup ff.kis.scr.kaspersky-labs.com
 
Last edited:
Do the nslookup from a client PC not the router. What do you see in the router's system log?
Posting this information later, it's starting to rain here, there's a lot of lightning and thunder, I'm going to turn off the pc and the internet equipment, I'll post the results when the weather improves.

EDIT: I came back, time normalized. I did the test on the pc, using cmd. The previous test had used putty, but using cmd I noticed that in merlin's system log it shows the dns rebinding information:

nslookup ff.kis.scr.kaspersky-labs.com

Code:
C:\Users\StrikerFX>nslookup ff.kis.scr.kaspersky-labs.com
Servidor:  RT-AC68U-2500
Address:  2804:248:f2f8:8f00::1

Nome:    ff.kis.scr.kaspersky-labs.com

System log

Code:
Dec  2 20:10:17 dnsmasq[16454]: possible DNS-rebind attack detected: ff.kis.scr.kaspersky-labs.com
Dec  2 20:10:17 dnsmasq[16454]: possible DNS-rebind attack detected: ff.kis.scr.kaspersky-labs.com
 
Last edited:
How many should there be on the list then? Currently I have cloud fare ipv4 and ipv6 two of each is that right or should I only have one of each?
I seem to recall only being allowed about 4 or 5 entries (from the admin UI, anyway) before each additional entry was "forgotten", but yeah if you have an IPv6 connection you can have two of each
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top