which DNS server is being used

[Justinh]

My RT-AC68U is configured as below. It shows (4) DNS servers. Which is being used by hosts on the LAN?

 

[Ripshod]

The DoT servers override the DNS settings, so you'll only be using the two selected quad9 DoT servers.

 

[Justinh]

Thanks. That is what I was assuming, but the UI doesn't indicate intended behavior.

 

[ColinTaylor]

Which is being used by hosts on the LAN?

That would depend on your LAN DNS settings not necessarily the WAN DNS settings.

 

[sfx2000]

And you can verify which hosts are actually being used...

dnscheck.tools - check your dns resolvers

A tool to test for DNS leaks, DNSSEC validation, and more

www.dnscheck.tools

 

[Ripshod]

That would depend on your LAN DNS settings not necessarily the WAN DNS settings.

Who sets DNS in the LAN settings. Why?
Nevermind. I've just never had reason to set DNS anywhere else.

 

[Justinh]

That would depend on your LAN DNS settings not necessarily the WAN DNS settings.

Righto - understood. To be more accurate, which DNS server is my router using when a LAN device calls to an external domain.

 

[Crimliar]

If you look on the network map page it makes this a little clearer.

 

[Justinh]

Well, Crimliar, you added a wrinkle. Mine shows the two non-DoT servers. Bug?

 

[Crimliar]

Not really. Those are the servers provided to the router from the WAN DHCP and as indicated they are "overwritten by DNS Privacy", ie DoT.
*At the moment I'm using Cloudflare DNS as the internal IPTV servers BT DNS points to top out at 1080p, while the external servers will deliver 4K!

 

[Justinh]

Mine doesn't show 'overridden'. Maybe that note is a Merlin enhancement?

 

[Crimliar]

That could be it, I hadn't looked hard enough to realise you are not using the Merlin firmware. If you were, your original image would have looked like:

Doing everything I can to minimize image size

 

[bbunge]

Well, Crimliar, you added a wrinkle. Mine shows the two non-DoT servers. Bug?

Different firmware. Merlin firmware shows more information than Asus firmware in the Internet Status area.

The WAN DNS Servers are used when the router boots up. They are needed to get the time set on the router from a time server.

With DoT enabled the router will use each DNS over TLS Server in turn then start over. That is called Roundrobin. So, if you have two servers entered it will use server 1 then server 2 then back to server 1 and so on.

Up to 8 servers can be used but two from the same provider is recommended unless you use IPV6 then it is a good ides to alternate IPV4 and IPV6 servers of the same provider.

 

[NoLight]

Are you having any issues with Quad9?

I tried to switch to the ECS 9.9.9.11 enabled one on a AC68U with Merlin and a AX86U Pro with stock, and both had the same issues with DoT enabled and disabled.

The ISP is IPv4 only, yet Quad9 kept trying their IPv6 servers first, which meant DNS would just die and nothing loaded until it would eventually use the IPv4 address.

I only had his issue with quad9, I tried with 4 other DNS providers with no problem.

 

[Justinh]

It seems like domains randomly won't resolve, so I have to hit reload on the browser. If I tell Firefox to use NextDNS I don't have this problem.

How did you determine Quad9 was trying IPv6 servers first?

 

[NoLight]

Ipleak.net

Every other DNS provider would only show IPv4 servers. Quad 9 always shows IPv6 ones first, and eventually it will hit IPv4 ones.

 

[Tech9]

Ipleak.net

What is your browser default on this page?

 

[Justinh]

IPv4

 

[NoLight]

What is your browser default on this page?

IPv4 only, yet it shows IPv6 servers for quad 9. They are the only DNS provider that the issue happen with. I assume it's some configuration on their server end, as every single other DNS provider works as it should.

 

[Tech9]

Interesting. Quad9 from my location used to send on a trip to other countries. Haven't checked lately what vacations agency they have teamed up with.