DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2860: "Force router to use address for DNS" is missing

More
15 Aug 2014 13:24 #80982 by lesd
2860: "Force router to use address for DNS" is missing was created by lesd
Setting up a new 2860 on firmware 3.7.4

On the Lan1 setup I have entered the OpenDNS server IP addresses but the tick box "Force router to use address for DNS" is missing (it is there in firmware 3.7.1)

Has it been moved/removed/lost?

I though there was no longer a need for it (I never did understand the need for it) but the router status page is showing the DNS servers from the ISP and not the ones I entered and on testing I can see it is definitely not using the OpenDNS servers.

How do I force this setting to be used?
Les

Please Log in or Create an account to join the conversation.

More
15 Aug 2014 18:07 #80985 by takeo_ischi
Replied by takeo_ischi on topic Re: 2860: "Force router to use address for DNS" is missing
Go 'up' one level, i.e. Lan -> General Setup

There's a checkbox: 'Force router to use "DNS server IP address" settings specified in...'

Please Log in or Create an account to join the conversation.

More
16 Aug 2014 18:54 #80993 by lesd
Replied by lesd on topic Re: 2860: "Force router to use address for DNS" is missing
Thank you. Working.

I'm just trying to understand the logic here.

I never understood the need for a tick in the first place. If I enter DNS servers then why should they not be used? And if it is just an 'Enable' tick then why not call it just that.

Now it allows different DNS servers to be specified for each Lan. But it seems that all are ignored and one has to tick the 'Force router to use "DNS server IP address" settings specified in...'. So why not have just one place for the DNS servers?

I must be missing something here.
Les

Please Log in or Create an account to join the conversation.

More
16 Aug 2014 21:25 #80995 by takeo_ischi
Replied by takeo_ischi on topic Re: 2860: "Force router to use address for DNS" is missing
You're talking about two separate things; the DNS servers that clients, who are assigned network information via DHCP should use when the clients resolve DNS addresses, and the DNS servers that the router itself should use when the router is resolving DNS addresses.

Please Log in or Create an account to join the conversation.

More
16 Aug 2014 22:36 #80996 by lesd
Replied by lesd on topic Re: 2860: "Force router to use address for DNS" is missing

Takeo_Ischi wrote: You're talking about two separate things; the DNS servers that clients, who are assigned network information via DHCP should use when the clients resolve DNS addresses, and the DNS servers that the router itself should use when the router is resolving DNS addresses.



By 'clients' I presume you mean PCs connected to the network.

I sort of half understand what you mean. You are saying that somehow the 'router' resolving DNS addresses is different from 'clients'. I don't understand the difference.

I am talking about DNS lookup from client machines as you indicated, except all my PCs have fixed IPs rather than using DHCP.

To give a concrete example:

The router has address 10.27.27.250

The PCs are set with fixed IP and set to use the router (10.27.27.250) as the DNS server.

I then set in LAN1 the two OpenDNS addresses for the DNS servers.

If I do not tick the 'force' button then my PCs do not use the specified OpenDNS servers.

I am certain of that because I have firewall rules which block all DNS lookups that are not going via the OpenDNS servers.

If I do not tick the 'force' option then no one can do DNS lookups. If I remove the firewall rules then DNS works but then the OpenDNS content filtering is lost as the OpenDNS servers are not being used.

The only way I can force the user PCs to use the OpenDNS servers is by ticking the 'Force ... LAN1' option.

Which ten brings me back to my question: Once I have specified the DNS servers in LAN1 why do I need the 'force..' ticked?
Les

Please Log in or Create an account to join the conversation.

More
17 Aug 2014 13:56 #80998 by takeo_ischi
Replied by takeo_ischi on topic Re: 2860: "Force router to use address for DNS" is missing

LesD wrote: I sort of half understand what you mean. You are saying that somehow the 'router' resolving DNS addresses is different from 'clients'.



Yes.

LesD wrote: I don't understand the difference.



The router is an internet accessing device and needs to contact a DNS server to resolve addresses. What clients on the network then do with regards to their DNS needs is a completely separate issue.

LesD wrote: I am talking about DNS lookup from client machines as you indicated, except all my PCs have fixed IPs rather than using DHCP.



Then the DNS servers set under DHCP Server Configuration in LAN 1 won't affect your machines. If, however, you had PCs with dynamic IPs, they would receive the DNS information from whatever you set in that window.

LesD wrote:
To give a concrete example:

The router has address 10.27.27.250

The PCs are set with fixed IP and set to use the router (10.27.27.250) as the DNS server.

I then set in LAN1 the two OpenDNS addresses for the DNS servers.

If I do not tick the 'force' button then my PCs do not use the specified OpenDNS servers.

I am certain of that because I have firewall rules which block all DNS lookups that are not going via the OpenDNS servers.



That makes perfect sense. If you don't tick the 'force' button, the DrayTek will use its normal configuration i.e. using the DNS servers suggested by the ISP. The PCs will go to the DrayTek for a DNS resolution, and the DrayTek will give them one ('forwarding' whatever information it got from the ISP).

The PCs have static IPs so won't receive the information specified in the LAN 1 settings page, since that only applies to DHCP clients.

LesD wrote: If I do not tick the 'force' option then no one can do DNS lookups.



That also makes sense, because the DrayTek will try and access the ISP DNS servers, and will find that its access is blocked by the firewall settings.

LesD wrote: If I remove the firewall rules then DNS works but then the OpenDNS content filtering is lost as the OpenDNS servers are not being used.



Again, that makes sense because the PCs are using the DrayTek's DNS server, and the DrayTek is using the ISP's DNS server.

LesD wrote: The only way I can force the user PCs to use the OpenDNS servers is by ticking the 'Force ... LAN1' option.



As you currently have it setup, yes. You could also give the PCs dynamic IPs, set the OpenDNS servers in the LAN 1 DNS server setup page, and then you wouldn't have to tick the 'force' checkbox.

LesD wrote: Which ten brings me back to my question: Once I have specified the DNS servers in LAN1 why do I need the 'force..' ticked?



Because those DNS server settings are for LAN 1 DHCP clients, not the router.

Please Log in or Create an account to join the conversation.

Moderators: Chris