Multiple DNS Servers - How does the router decide which one to use?

[ColinTaylor]

It's working correctly?

Try nslookup shacksigning.com nslookup ff.kis.scr.kaspersky-labs.com or go to https://dnscheck.tools/. Do you get a rebind message in the router's system log?

 

[StrikerXXX]

Try nslookup shacksigning.com or go to https://dnscheck.tools/. Do you get a rebind message in the log?

nslookup shacksigning.com:

blacklynx@RT-AC68U-2500:/tmp/home/root# nslookup shacksigning.com
Server:    138.122.80.220
Address 1: 138.122.80.220

Name:      shacksigning.com
Address 1: 192.243.59.20
Address 2: 192.243.61.227
Address 3: 173.233.137.44
Address 4: 192.243.61.225
Address 5: 192.243.59.12
Address 6: 173.233.137.52
Address 7: 173.233.139.164
Address 8: 173.233.137.36
Address 9: 173.233.137.60
Address 10: 192.243.59.13

In dnscheck.tools this appears at the end of the information:

Great! Your DNS responses are authenticated:

DNSSEC Signature

    Correct:
    Invalid:
    Expired:
    Missing:

ECDSA P-256 (PASS)

    connected
    not connected
    not connected
    not connected

ECDSA P-384 (PASS)

    connected
    not connected
    not connected
    not connected

Ed25519 (PASS)

    connected
    not connected
    not connected
    not connected

It's working correctly?

 

[ColinTaylor]

It's working correctly?

Do the nslookup from a client PC not the router. What do you see in the router's system log?

Correction: Don't use the previous nslookup command, use this instead: nslookup ff.kis.scr.kaspersky-labs.com

 

[StrikerXXX]

Do the nslookup from a client PC not the router. What do you see in the router's system log?

Posting this information later, it's starting to rain here, there's a lot of lightning and thunder, I'm going to turn off the pc and the internet equipment, I'll post the results when the weather improves.

EDIT: I came back, time normalized. I did the test on the pc, using cmd. The previous test had used putty, but using cmd I noticed that in merlin's system log it shows the dns rebinding information:

nslookup ff.kis.scr.kaspersky-labs.com

C:\Users\StrikerFX>nslookup ff.kis.scr.kaspersky-labs.com
Servidor:  RT-AC68U-2500
Address:  2804:248:f2f8:8f00::1

Nome:    ff.kis.scr.kaspersky-labs.com

System log

Dec  2 20:10:17 dnsmasq[16454]: possible DNS-rebind attack detected: ff.kis.scr.kaspersky-labs.com
Dec  2 20:10:17 dnsmasq[16454]: possible DNS-rebind attack detected: ff.kis.scr.kaspersky-labs.com

 

[JJohnson1988]

How many should there be on the list then? Currently I have cloud fare ipv4 and ipv6 two of each is that right or should I only have one of each?

I seem to recall only being allowed about 4 or 5 entries (from the admin UI, anyway) before each additional entry was "forgotten", but yeah if you have an IPv6 connection you can have two of each