Q on ASUSWRT 5.0, AX86U Pro guest Network DNS Settings

[routerq]

RT-AX86U Pro, Firmware Version:3.0.0.6.102_34336

Q) Using Guest Network Pro and kids network and DNS Server

Pi-Hole (primary and backup) are the default DNS for the LAN, Cloud-flare is the DNS for the WAN.

On the Kids network, If I leave the DNS Server as Default, will it pick up the LAN DNS or the WAN DNS? or something else?

 

[OzarkEdge]

RT-AX86U Pro, Firmware Version:3.0.0.6.102_34336

Q) Using Guest Network Pro and kids network and DNS Server

Pi-Hole (primary and backup) are the default DNS for the LAN, Cloud-flare is the DNS for the WAN.

On the Kids network, If I leave the DNS Server as Default, will it pick up the LAN DNS or the WAN DNS? or something else?

WAN DNS, where I set it (Cloudflare Security w/DoT):

Guest VLAN uses default DNS, WAN DNS:

Current IoT VLAN uses same DNS, but without DoT:

OE

 

[routerq]

WAN DNS, where I set it (Cloudflare Security w/DoT).

OE

Thanks, but this add another set of DNS Servers under the heading NS-over-TLS Server List.

Now which DNS Servers will be used? one under the DNS-over-TLS Server List OR the WAN DNS Server list?

 

[bennor]

RT-AX86U Pro, Firmware Version:3.0.0.6.102_34336

Q) Using Guest Network Pro and kids network and DNS Server

Pi-Hole (primary and backup) are the default DNS for the LAN, Cloud-flare is the DNS for the WAN.

On the Kids network, If I leave the DNS Server as Default, will it pick up the LAN DNS or the WAN DNS? or something else?

If you do a search you'll find several of my posts where I talk about trying to use Pi-Hole with 3006's Guest Network Pro on a RT-AX86U Pro.
https://www.snbforums.com/threads/a...102_34312-2024-05-09.90015/page-5#post-909573
https://www.snbforums.com/threads/rt-ax86u_pro-3-0-0-6-102_34334-2024-11-06.92777/#post-932720

Bottom line things get wonky with Guest Network Pro depending on the settings you use, namely the Use same subnet as main network setting. What it boils down to is that if you disable Use same subnet as main network on Guest Network Pro entry, those specific clients won't be able to access the Pi-Hole that is on the main LAN IP scope range. My second link shows one way to work around things but the downside is the Pi-Hole(s) likely won't see the individual client requests, rather all requests will show up as the router.

 

[bbunge]

RT-AX86U Pro, Firmware Version:3.0.0.6.102_34336

Q) Using Guest Network Pro and kids network and DNS Server

Pi-Hole (primary and backup) are the default DNS for the LAN, Cloud-flare is the DNS for the WAN.

On the Kids network, If I leave the DNS Server as Default, will it pick up the LAN DNS or the WAN DNS? or something else?

Leaving the Kids DNS Server at default will use the routers DNS server which is the setting in the WAN. In your case Cloudflare (1.1.1.1 - 1.0.0.1?). To improve DNS security you can use Cloudflare Security )1.1.1.2 - 1.0.0.2 - TLS security.cloudflare-dns.com). You can also set up the Pi-Holes to use the VLAN for the Kids network. But this gets complicated..
Remember the router DHCP assigns the client a DNS server in this order: if there are no DNS servers set in the LAN-DHCP Server the router is the only DNS assigned. If DNS Server 1 and DNS Server 2 are used the DHCP assigns three DNS servers to the client - DNS Server1 first, DNS Server 2 second and the router third.
Maybe a better way for your kids WIFI is to assign Cloudflare Family (1.1.1.3 - 1.0.0.3) or another family filtering DNS service. Or you could get another Pi3 and set up a DNS server for that guest network. RPI 3b+ is not expensive and runs Pi-Hole just fine.
I run a Pi3b+ as a pi-hole Ethernet connected with the default blocklist. I abandoned guest networks and run everything on the default subnet.

 

[OzarkEdge]

Thanks, but this add another set of DNS Servers under the heading NS-over-TLS Server List.

Now which DNS Servers will be used? one under the DNS-over-TLS Server List OR the WAN DNS Server list?

You'll have to riddle that out for what you are doing with your additional equipment. I keep it simple and use the router WAN DNS.

OE