XIV. Miscellaneous Questions
ExpiredConfigure Router-level DNS Servers with Force DNS Setting
What does Router-level DNS mean?
DNS or Domain Name Servers are essential to locate servers / services on both the Internet and on local / domain networks.
To enable many elements of their functionality, DrayTek Vigor routers manage DNS for router services and client connections separately. This means that the DNS servers that clients are assigned by the router's DHCP server can differ from the servers that the router uses. You can learn more about the way that DNS is handled for client connections on DrayTek routers here.
- Client DNS: When a client on the network performs a DNS lookup, it will do so with the DNS servers the client is configured to use.
- Router DNS: DNS servers in [Online Status] > [Physical Connection] are used when the router performs a DNS lookup for services such as VPN.
To allow for reliabile functionality of the router's services when multiple ISPs are used for load balancing and failover, the router defaults to using Google's ISP-agnostic open DNS servers:
-
- 8.8.8.8
- 8.8.4.4
These servers will work well for general Internet access. But any hostnames of services, or servers on an internal network, could not be used by the router. If the DrayTek router needs to be able to locate the IP of an internal server via its hostname, the router would need to be configured to use the "Force router to use "DNS server IP address" settings specified in LANx" which can be found on the [LAN] > [General Setup] page.
Generally, the router's services that can use DNS to lookup IP addresses, include (but are not limited to) these services:
Router Service | How it uses DNS |
VPN | Dial-Out VPNs perform DNS lookups when connecting a VPN tunnel, to locate the IP address of a remote VPN server. |
VigorACS | If the VigorACS server is specified as a hostname, connectivity to VigorACS requires DNS lookup. |
MyVigor Services & Content Filtering | Activation of services through the MyVigor system, such Content Filtering. The Web Content Filter performs a DNS lookup to locate the best regional server for content filter checks |
NTP Time Servers | The router's time defaults to using "pool.ntp.org", this looks up the correct IP. |
Syslog Server | Syslog messages sent by the router can go to a hostname. |
Mail Alert & Mail Syslog | Mail Server hostnames are looked up with the router's DNS. |
LDAP, RADIUS, TACACS+ Authentication | If a hostname is entered, it will look up the IP address of the RADIUS / LDAP / TACACS+ server to perform authentication. |
DrayDDNS, Dynamic DNS & LetsEncrypt | Updating the router's dynamic DNS address requires functioning DNS to locate the MyVigor server. Dynamic DNS services may have their own servers that require DNS lookup to locate. |
Ping Diagnostics | Pinging a hostname will lookup the IP address of the host, then ping. This can be helpful for troubleshooting DNS issues relating to the above services |
If any of those services need to lookup an internal network hostname to operate, it's necessary to change the router's DNS servers to the internal DNS server of the network. Make sure that if an internal DNS server is used, that it can be used for regular Internet DNS lookups, otherwise the router's functionality may be limited by unworkable DNS.
If the router's DNS server settings are unworkable or not compatible with the ISP, any of the above services may be unable to function where hostnames are used.
How to change the router's DNS server?
To make a DrayTek Vigor router use a DNS server of your choosing, simply go to [LAN] > [General Setup] to begin.
In the General Setup section, the multiple LANs of the DrayTek router can be configured. Out of the box, the router does not have VLANs enabled, so only LAN1 & the DMZ Port will be configurable. Enable [LAN] > [VLAN] to access all LAN interfaces.
If the DNS servers to be used on the router are ones that should not be assigned to clients, use a LAN subnet that is not assigned to any LAN ports. This could be the DMZ Port (even when left disabled) or one of the LAN1-LAN8 networks.
Click on the Details Page button for the LAN subnet that will have the DNS server addresses configured:
In the settings page for the LAN interface, the DNS Server IP Address section can specify a Primary and Secondary IP address for DNS usage. These are normally assigned to clients in that LAN subnet by the router's DHCP server.
Specify the DNS servers you'd like to use here. Then click OK to save the change. It should not require a restart if that's the only setting being changed.
Then go back to [LAN] > [General Setup].
Tick the checkbox for "Force router to use "DNS server IP address" settings specified in". Click on the drop-down and select the LAN interface that the preferred DNS servers were just configured within.
Then click OK to apply that change.
To check whether the new DNS settings have taken effect, go to [Online Status] > [Physical Connection].
The DNS servers that the router will use for its own services are shown as the Router Primary DNS and Router Secondary DNS addresses. These should now show the DNS addresses that were just configured, instead of the router's default of 8.8.8.8 and 8.8.4.4.
From there, it's recommended to test that these new DNS servers can be used by the router.
Testing & Troubleshooting the Router's DNS servers
To test whether the router can lookup or locate IP addresses from hostnames, whether addresses on the Internet or internal, the router's [Diagnostics] > [Ping Diagnosis] tool can be used.
To check whether a specific hostname, or general DNS lookups are working from the router itself, simply enter a hostname or web address into the IP Address field and click Run. That will do a DNS lookup for the IP and then ping it. If the router can't locate the hostname or IP, try specifying the Ping through Interface that should be used. Then check whether the router's DNS server addresses are correct.
Pings can also fail if the remote host/IP is blocking them, which is the default for a DrayTek Vigor router's WAN IP (configured in [System Maintenance] > [Management]). If it's a PC, it could be the Windows Firewall, which will block pings coming from outside the computer's local network, for instance over a VPN. The router local to that computer should be able to ping as it's on the local network.
How do you rate this article?
- First Published: 31/12/2021
- Last Updated: 31/12/2021