Menu
What's new
By:
Filters Better Search

What DNS do you use with your Asus/Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Chrysalis said:
only for adult content, not what is deemed as paedophile and copyright content, its only a matter of time other stuff gets added to the mandatory lists.
Click to expand...

Unfortunate - if I recall AU did this as well...

For us in the US - the primary concern is three letter agencies doing the drift-net approach - hence the big data center in Utah, along with others... a $1.5 billion investment there...

NSA-Data-Center-Utah_sham.jpg


Do what you want.. just be mindful - they're mostly focused on certain activities/behaviors - and they're pretty good at digging out TOR/VPN so folks be mindful of that...

TOR/VPN is no privacy, end-points are always discoverable and traceable...
 
Zirescu said:
End-Point sure, but not back to the user.
Click to expand...

VPN, definitely back to the end-user... make no mistake about that one...

TOR - there's some interesting means and methods to decloak users there as well...
 
I use 4 separate, free WiFi locations with 6 VPNs and 11teen Tor instantiations that are all encapsulated with a nine-level proxychain which comes from my private list of 50000 OC768 backbone links.

and that's just my decoy traffic...
 
sfx2000 said:
VPN, definitely back to the end-user... make no mistake about that one...

TOR - there's some interesting means and methods to decloak users there as well...
Click to expand...

Care to share some info about that?
 
Zirescu said:
Care to share some info about that?
Click to expand...

Check the Tor mailing list or any of the many official Tor white-papers or Tor-related academic papers... there are many. Decades of research is out there to be found, which includes known attack vectors.

Sadly, sfx makes claims but supports them with no facts. Tor has been designed from the beginning knowing that all data may be monitored... this is the most fundamental aspect of Tor or the "onion routing" technology that the Tor project is based on.

Yes, everything is potentially vulnerable, that is obvious... but claims without proof are unhelpful and paranoid. I could say "AsusWRT has a security flaw", which is very likely true, but without specific details my statement is less than useless...
 
Nullity said:
Check the Tor mailing list or any of the many official Tor white-papers or Tor-related academic papers... there are many. Decades of research is out there to be found, which includes known attack vectors.

Sadly, sfx makes claims but supports them with no facts. Tor has been designed from the beginning knowing that all data may be monitored... this is the most fundamental aspect of Tor or the "onion routing" technology that the Tor project is based on.

Yes, everything is potentially vulnerable, that is obvious... but claims without proof are unhelpful and paranoid. I could say "AsusWRT has a security flaw", which is very likely true, but without specific details my statement is less than useless...
Click to expand...

My take on Tor is that it first has to connect to and with established protocols. That is what makes it vulnerable, no matter what is done after the fact to 'hide' a user as they make their way across the 'net.

If all they needed to do was activate the 'invisible' shield option, we would be able to do that without Tor in the first place. ;)
 
Nullity said:
Sadly, sfx makes claims but supports them with no facts.
Click to expand...

There are reasons why I do not go into detail with regards to certain topics... sufficient enough to say that one should be reasonably paranoid when dealing with VPN's and TOR..

:)
 
CooCooCaChoo said:
Well you could configure the router to use all three public dns servers (Google, OpenDNS and your ISP) with the following option in dnsmasq:

all-servers

dnsmasq will query all three and use the first response it gets back. But this is not considered good practice. This way if one server is slow and another is faster, you will always get the fastest response time.
Click to expand...
Is that how home router work, Asus AC68U to be more specific? Or do home routers try to reach the primary one first the the second?
 
Wutikorn said:
Is that how home router work, Asus AC68U to be more specific?
Click to expand...
No
Or do home routers try to reach the primary one first the the second?
Click to expand...
Normally a router will only query its primary DNS. If there is no reply from that server it will query the secondary.


http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Code: 
--all-servers
        By default, when dnsmasq has more than one upstream server available, it will send
        queries to just one server. Setting this flag forces dnsmasq to send all queries to all
        available servers. The reply from the server which answers first will be returned to
        the original requester.
 
ColinTaylor said:
NoNormally a router will only query its primary DNS. If there is no reply from that server it will query the secondary.


http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Code: 
--all-servers
        By default, when dnsmasq has more than one upstream server available, it will send
        queries to just one server. Setting this flag forces dnsmasq to send all queries to all
        available servers. The reply from the server which answers first will be returned to
        the original requester.
Click to expand...
Is that for home router? Does it mean that home router can be set to query all servers at the same time if one uses telnet to set it up?
 
Wutikorn said:
Is that for home router? Does it mean that home router can be set to query all servers at the same time if one uses telnet to set it up?
Click to expand...
What do you mean by "home router" exactly?

Any router that uses dnsmasq and allows you to change its configuration can be made to query all servers.
 
ColinTaylor said:
What do you mean by "home router" exactly?

Any router that uses dnsmasq and allows you to change its configuration can be made to query all servers.
Click to expand...
I mean Asus AC68U. I'm not sure how good my ISP's DNS servers are; sometimes the main one is not responding. So I wonder if I will get benefit from query both servers at the same time, and wonder how to configure it.
 
Wutikorn said:
I mean Asus AC68U. I'm not sure how good my ISP's DNS servers are; sometimes the main one is not responding. So I wonder if I will get benefit from query both servers at the same time, and wonder how to configure it.
Click to expand...
It sounds like you could benefit from it. (But remember RMerlin's answer to your question in the other thread about CDN being slower for non-local DNS.)

Setup the 2 DNS servers in the GUI as normal and enable support for custom config files (https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files)

Then Telnet/SSH into the router and type the following command:
Code: 
echo "all-servers" >> /jffs/configs/dnsmasq.conf.add
Reboot the router and you should be OK.
 
Last edited:
ColinTaylor said:
It sounds like you could benefit from it. But remember RMerlin's answer to your question in the other thread about CDN being slower.

Setup the 2 DNS servers in the GUI as normal and enable support for custom config files (https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files)

Then Telnet/SSH into the router and type the following command:
Code: 
echo "all-servers" >> /jffs/configs/dnsmasq.conf.add
Reboot the router and you should be OK.
Click to expand...
Is that only for AsusWRT-Merlin firmware? Or is there a way to do this in stock firmware too?
 
ColinTaylor said:
Merlin only. Stock firmware doesn't have support for custom config files.
Click to expand...
Okay, I will try this in a month when I am at my house. Thanks
 
ColinTaylor said:
It sounds like you could benefit from it. (But remember RMerlin's answer to your question in the other thread about CDN being slower for non-local DNS.)

Setup the 2 DNS servers in the GUI as normal and enable support for custom config files (https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files)

Then Telnet/SSH into the router and type the following command:
Code: 
echo "all-servers" >> /jffs/configs/dnsmasq.conf.add
Reboot the router and you should be OK.
Click to expand...
Do I have to add this again if I changed my DNS servers?
 
You must log in or register to reply here.

Similar threads

Preskitt.man
DNS Issue?? AX5800 Pro Issue??
Replies
2
Views
280
bbunge
bbunge
B
Unbound Use unbound/router as default DNS server
Replies
2
Views
885
BeachGuy
B
V
Issue with DNS or something else?
2
Replies
21
Views
1K
vandriver
V
RamGuy
Strange packet loss with IPv6 going through my Asus RT-AX88U running 3004.388.4
Replies
7
Views
2K
RamGuy
RamGuy
Q
Pfsense/opnsense box with AX88U Merlin firmware
2 3 4
Replies
67
Views
5K
Spud
Spud
Similar threads
Thread starter Title Forum Replies Date
A CloudFlare Proxied DNS, can't login to Asus router Asuswrt-Merlin 10
D Solved Openvpn client dns Asuswrt-Merlin 2
S Solved New ISP - WAN Setup - Will not work with custom WAN DNS - dnsmasq.conf Asuswrt-Merlin 1
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
Preskitt.man DNS Issue?? AX5800 Pro Issue?? Asuswrt-Merlin 2
H DNS-rebind attack detected: farm.plista.com. etc...?? Asuswrt-Merlin 3
plapic DNS Director Asuswrt-Merlin 7
P DNS Director - Proprietary? Asuswrt-Merlin 6
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
Panic Button Wireguard client optional DNS Server setting Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 687 (members: 16, guests: 671)
Top