Hi, I have a Vigor2862 with firmware 3.9.8.1_BT.

Not sure I understand how the routers DNS works. I want to use the Routers DNS cache abililty so I believe I need to hand out only the routers LAN address to clients, they resolve addresses via the router LAN interface.

So, rather than using my untrustworthy ISP's DNS I would like to use custom ones. But how do I configure what servers that the router resolves from? I discovered the CLI command 'srv dhcp frcdnsmanl on' which i believe allows me to set the routers dns manually. But this appears to be taken from the DHCP configuration of LAN 1? Is that correct?

Can I not set the DNS server of DHCP clients to only the routers LAN address (to utilize the DNS caching) and then set the router to query specific servers of my choice?

KR,
Peter

you would configure the DNS servers to google, cloudflare etc on the WAN connection then the router will do a caching dns server across the network. Or on your lan segments that are offering out DHCP settings and then they could give out those same custom IP addresses but that is more complicated due to internal resolution requirements. Should be no real need to go to the sommand line but can be done there as well.

ninjajellybean wrote:

Can I not set the DNS server of DHCP clients to only the routers LAN address (to utilize the DNS caching) and then set the router to query specific servers of my choice?

You can't*. You can only set what DHCP clients use for name resolution and ask the Router to use the same name server as what's in LANx DHCP scope. If you turn off 'Force router to use "DNS server IP address" settings specified in LANx', you're stuck using what name servers the Router is assigned to use by your ISP...and if that's nothing, it'll use Google DNS.

To overcome this, I deployed PiHole with Unbound and pointed Unbound at a DoT provider like Cloudfare. This gives you the caching you're looking for with the added benefit of increased privacy and DNS Blocklist should you want to increase protection from trackers/malware and ads. The cheapest of the cheap Raspberry Pis can do this.


*OK you can but its messy. One way is to hardcode all your clients to use the Routers IP for DNS, set the DHCP scopes on the Router to your chosen name servers and then enable Router to use whatever is in the DHCP scope for LANx.

Thanks for the replies guys.

I thought this was the case. It seems that the config on the wan connection is set automatically by my ISP as the settings i selected aren't in use.

Is there no way I can force the router to use configured WAN settings? Maybe on CLI. As I can detect which settings are needed now and then set DNS settings.

Or like you've mentioned deploy a separate dns service on the LAN.

KR,
Peter

There are two points here. First is that the DNS service on the Draytek is actually a transparent proxy. That client traffic traverses it is enough for the router to intercept it (assuming it’s plain text obviously).

Secondly, in order to configure specific router DNS servers on a PPPoE WAN, add the server addresses to the LAN DHCP server settings and then tick the box for the router to use those on the LAN General Setup page. You should see the WAN DNS servers update straight away on the Online Status page.

See here: https://draytek.co.uk/support/guides/kb-force-dns-manual

In your case a little work around is needed. Create a new tagged VLAN interface, eg LAN 2 with tag 2, and specify the required DNS servers in that. Now set the LAN (1) DHCP server DNS values to be the router IP (in both boxes) so that the clients are configured to hit the router itself. Finally, set the router to use the DNS servers specified in LAN2 via the box on the LAN General setup page.

Hope that helps.

Hi Jimbo,
Thanks for the reply. I will try that as soon as possible.
Peter