2a) The router advertises *itself* as being the DNS server for the LAN, and this behavior cannot be changed (via the RDNSS parameter in the RA). This is incorrect when the LAN has its own DNS server for supporting configurations such as an internal sub-domain. I have also seen this lead to DNS failures when the router is busy with heavy traffic (such as a client pulling down the Merlin source code via a "git clone" command - DNS queries being directed to the router failed while the transfer was occurring). Another problem is that the DNS service provided by the router is a caching-only DNS server - but there are no provisions for inspecting/managing the cached DNS responses. So, for example, if the router picks up a stale DNS response there is no way to clear it short of rebooting the router (or manually logging into the router via SSH and killing/restarting the dnsmasq service).
If you have RA turned on, router is announsing itself as default router for clients, so pretty logical it provides itself as default DNS server.
Another reason is DHCP reservation list, DNS filter, possible guessing IPv6 client hostnames from SLAAC their addresses.
I'd treat no pissibility to set DNSS/DNSSL via WEB UI as a current limitation/underfunctionality, not as a bug. On Merlin FW you can add following to dnsmasq.conf
Code:
dhcp-option=option6:dns-server,[NS1],[NS2],[NS3]
, where NSes are static IPv6 addresses of the own DNS severs.
Regarding stale DNS records, isn't it what DNS TTL is all about? You can force any TTL for DNS records with dnsmasq as well.
Regarding DNS failures under heavy load - this can only be overriden with own full-blown DNS server that doesn't use router's DNS at all.
If it doesn't suit you, you can always turn RA off in WEB UI (and loose default route via it).
2b) The router has no facility for advertising the DOMAIN SEARCH parameter (the DNSSL parameter in the RA), which again causes problems when there is a local sub-domain on one's LAN
Same, add following into dnsmasq.conf
Code:
dhcp-option=option6:domain-search,"domain.tld"
2c) Even when configured for "Stateless" IPv6 address assignment on one's LAN, the router still fires up a DHCPv6 server which will respond to DHCPv6 inquiries. This can cause interference when one already has a DHCPv6 server running on one's LAN.
Stateless is DHCPv6, what do you likely mean is pure SLAAC, which is unlikely good idea in wild, becasue lots of clients doesn't support DNSS option and therfore can't get IPv6 DNS server at all.
All of these issues can be fixed by simply having a slightly more sophisticated logic for the generation of the dnsmasq.conf file. I believe that anyone using the ASUS routers in an IPv6 environment would find these to be very useful changes.
Right, seems the only change is additional control over dns servers and domain with enabled RA announcements.
Your website mentions that some of the changes made in Merlin were adopted by ASUS. If you are still uncomfortable with the idea of these changes in Merlin, and if you have a contact at ASUS who has adopted some of the Merlin extensions, perhaps you could point me at that contact. I could always create a private fork of Merlin and send the patches to ASUS. Providing them with working code is probably the fastest and surest way to encourage them to incorporate the changes.
This changes better be intoruced as public, why private?
VERY VERY HAPPY
