Community discussions

MikroTik App
 
Sakena
just joined
Topic Author
Posts: 4
Joined: Tue Jul 27, 2021 4:12 am

Hap ac2 can't use peer dns from isp

Tue Jul 27, 2021 9:40 am

Hello everyone.I am a newcomer to the forum.
My English is not well, please forgive my grammatical error.

I bought a hap ac2 and configured pppoe client on ether1 port. However, it is very slow to access the network and sometimes even lose the connection.
Using ip dns cache print, I found that the dns cache is very slow, and it takes about 10 seconds to receive a response.
This problem occurs when using peer dns, but when i set public dns works normally.
So I tried to manually set isp dns on my computer, and it worked normally.It does not seem to be a problem with isp dns.

After reconfiguration and netinstall my router, this problem is still unresolved.
I tried to use other routers, and there is no such problem.

Here is my configuration
/interface bridge
add admin-mac=******* auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    use-peer-dns=yes user=******
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=china disabled=no distance=indoors frequency=auto installation=\
    indoor mode=ap-bridge ssid=Free_use wds-default-bridge=bridge wds-mode=\
    dynamic-mesh wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-Ceee country=china disabled=no distance=indoors frequency=\
    auto installation=indoor mode=ap-bridge ssid=Free_use wds-default-bridge=\
    bridge wds-mode=dynamic-mesh wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=10.10.10.1-10.10.10.200
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=10.10.10.251/24 comment=defconf interface=bridge network=\
    10.10.10.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=10.10.10.0/24 comment=defconf gateway=10.10.10.251
/ip dns
set allow-remote-requests=yes cache-size=4096KiB
/ip dns static
add address=10.10.10.251 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Shanghai
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Last edited by Sakena on Mon Aug 02, 2021 4:35 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 can't use peer dns from isp

Tue Jul 27, 2021 4:06 pm

Try setting this to NONE, it has been known to cause issues in the past.
/interface detect-internet
set detect-interface-list=all

Then check results!
If no improvement then try below.

We have these three rules.......
/ip dhcp-server network
add address=10.10.10.0/24 comment=defconf gateway=10.10.10.251
/ip dns
set allow-remote-requests=yes cache-size=4096KiB
/ip dns static
add address=10.10.10.251 comment=defconf name=router.lan

The static route you can remove its a hold over from default setup.
Typically the dhcp-server-network DNS setting is set to public IPs, or to the router via the gateway of the network if using router cache, but for peer DNS, not sure ????
The allow remote requests is always unclear to me,
is it to allow the router to search external DNSs
Is it to allow DNS public IPs to go out the router

I would try some combinations.
(1) No DNS setting in dhcp-server network
Peer DNS with remote requests allowed
Peer DNS with remote requests not allowed.

(2) dhcp-server network DNS set to gateway of bridge network 10.10.0.251
Peer DNS with remote requests allowed
Peer DNS with remote requests not allowed.


(3) dhcp-server network DNS set to gateway of ppoe-1 connection
Peer DNS with remote requests allowed
Peer DNS with remote requests not allowed.
 
Sakena
just joined
Topic Author
Posts: 4
Joined: Tue Jul 27, 2021 4:12 am

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 5:45 am

Try setting this to NONE, it has been known to cause issues in the past.
/interface detect-internet
set detect-interface-list=all

Then check results!
If no improvement then try below.

We have these three rules.......
/ip dhcp-server network
add address=10.10.10.0/24 comment=defconf gateway=10.10.10.251
/ip dns
set allow-remote-requests=yes cache-size=4096KiB
/ip dns static
add address=10.10.10.251 comment=defconf name=router.lan

The static route you can remove its a hold over from default setup.
Typically the dhcp-server-network DNS setting is set to public IPs, or to the router via the gateway of the network if using router cache, but for peer DNS, not sure ????
The allow remote requests is always unclear to me,
is it to allow the router to search external DNSs
Is it to allow DNS public IPs to go out the router

I would try some combinations.
(1) No DNS setting in dhcp-server network
Peer DNS with remote requests allowed
Peer DNS with remote requests not allowed.

(2) dhcp-server network DNS set to gateway of bridge network 10.10.10.251
Peer DNS with remote requests allowed
Peer DNS with remote requests not allowed.


(3) dhcp-server network DNS set to gateway of ppoe-1 connection
Peer DNS with remote requests allowed
Peer DNS with remote requests not allowed.
I got two dns addresses from pppoe-out1, 222.246.129.80 and 59.51.78.210.Can't ping, but can be used normally.
I tried to use the dig command on my computer, and can get results.

I try to set detect-interface-list=none,it didn’t work。

I tried to use the following combination, this is my result.
(1) No DNS setting in dhcp-server network
Internet works fine.
Internet works fine.
(2) dhcp-server network DNS set to gateway of bridge network 10.10.10.251
Internet error,can't open web page.
Internet error,can't open web page.
(3) dhcp-server network DNS set to gateway of ppoe-1 connection
Internet error,can't open web page.
Internet error,can't open web page.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 1:19 pm

There are approximately 4 places which affect use of DNS by router and in LAN clients (not mentioning static settings on LAN clients which is fifth place):
  1. setting of property use-peer-dns=yes/no of a PPPoE client. At least on my ROS 6.48.3 setting to no seems to be default. This setting affects whether router itself will use ISP defined DNS server(s) as upstream resolvers;
  2. setting of property use-peer-dns=yes/no of a DHCP client. It seems as if default setting on ROS 6.48.3 is yes;
  3. setting of property servers under /ip dns. You can list several DNS servers here. Even though it's in IPv4 section, you can add IPv6 addresses here.
    If DNS servers addresses are accepted by bullets 1.) and 2.) above, property dynamic-servers will be populated here.
  4. setting of property dns-server in /ip dhcp-server network.

Bullets 1) and 2) define how ROS treats addresses of DNS servers passed by ISP.

Bullet 3) defines how ROS uses upstream DNS servers when resolving (either for own use or for clients if that is allowed). If either bullet 1) or 2) allows use of ISP-defined DNS servers, then it is not necessary do add statical addesses here, DNS client will use dynamic servers just fine (provided that ISP passes list of working DNS servers)

Bullet 4) defines how LAN computers, which receive IP configuration from router's DHCP server, will use DNS servers.
If this field is left empty, it will use whatever is set in bullet 3). If you really don't want to pass any of DNS servers to clients, you have to set property dns-none=yes to prevent DHCP server from passing addresses from bullet 3).
If this filed is not empty, then DHCP server will only pass addresses defined in this bullet.

A combination of using bullet 4) with bullet 3) would be this scenario: you want LAN computers to use router as DNS resolver. In this case you'll set dns-server=10.10.10.251 on DHCP server (that's LAN IP address of router in your case), at the same time you'll either use ISP-provided addresses of DNS servers (bullet 1) in your case). Or you'll set addresses of DNS servers in bullet 3) to some well known DNS servers (cloudflare, google, ...).

The other possibility would be to let LAN clients use DNS servers directly (and only set up DNS properly on router for its own needs, such as contacting Mikrotik to check for ROS upgrades), in this case you have to set dns-server of DHCP server to empty value (and let the settings from bullet 3) be used automatically) or you can set dns-server to some well known DNS servers (cloudflare, google, ...).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 4:38 pm

Okay so thats a lot of info and not a clear flow chart picture in the mind.
But you havent delineated, WHAT ACTUALLY TELLS the router that we want to use the router for DNS ???

Please correct all my wrong headed thinking!

1. To bypass router DNS usage then put in public DNS servers under DHCP-SERVER -NETWORK
such as 1.1.1.1 or 9.9.9.9
Assuming that the users on this subnet will not utilize the router (input chain) and will go straight from LAN to WAN for DNS queries.
Assume this is the only way to bypass router DNS.

2. Using any PEER =yes settings, simply tells the router YES please, use the DNS available through the ISP as part of your input supply of DNS.
3. Allow remote requests, simply tells the router YES please, use other servers besides the DNS available through the ISP
4. Dynamic Servers, list of Servers the router will cycle through if not in the router cache
order would be
??
Dynamic server1
Dynamic server2
ISP peer (if peer allowed)

5. For DNS server in DHCP SERVER NETWORK, one can put any subnet gateway that is on the router and IS this tells the router you want to use the router for DNS??
6. YOu can select NO dns in dhcp-server-network, What would be the result of doing that?
7. One can elect not to put any DNS server settings in dhcp-server-network, what would be the result of that??

8. what happens if you put the LANIP of a raspberry pi, for DNS purposes, what then is the relationship to the input chain.

9. As in 8, when is it mandatory to ensure users have access to port 53 on the input chain??

10. What is the purpose of the default static IP DNS serting, how does that fit in the hierarchy?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 5:30 pm

1) Users will bypass router's DNS service if they are not told to use it. Either:
- set DNS server addresses (other than router's own address) in DHCP network
- set DHCP server to send empty DNS list (but that will make unhappy a lot of DHCP clients)
- set DNS servers statically on every LAN device (some OSes allow that even if DHCP is used to obtain IP address)

2) Yes

3) allow-remote-requests property of DNS server (if you're talking about that one) is toggle: do we serve DNS queries other than router's own ones? Mind: this toggle doesn't anything to do with LAN/WAN, to differentiate those one has to construct appropriate firewall filters for chain=input.

4) If allowed (use-peer-dns=yes set on PPPoE client or DHCP client) ISP provided addresses for DNS servers actually populate the dynamic-servers field. I don't know if ROS then differentiates between statically set DNS servers and dynamic DNS servers or simply uses it in pseudo-round-robin fashion (i.e. use first static DNS server until it fails to reply, then use second one, ..., then use first dynamic one, then use second dynamic one, ..., then use first static one again), because that's the way usual DNS resolvers use multiple DNS servers if they have more than one.

5) For DNS server one sets IP address of DNS server in DHCP network. This gets included in DHCP lease and client knows which DNS server to use. When client decides to connect to DNS server (via UDP port 53), it will send out normal IP packets and those will be subject to normal routing. So yes, it doesn't matter if DNS server address is router's LAN address in the same subnet as client, any other router's addresses (including WAN) or something in any other subnets (either LAN or internet). Since you're asking: you can set same router's IP address as DNS server for any of your gazillion VLANs. The only thing: for input chain, you must not filter stuff depending on combination of src-address/dst-address (e.g. blocking client with IP 192.168.10.113 to access router at address 192.168.20.1 assuming this is also router's address but in different subnet).

6) DHCP lease won't include DHCP option 6 (DNS server address). Or it will be empty, not sure about that.

7) if DNS server has any of servers or dynamic-servers populated, DHCP server will include those in DHCP option 6 in DHCP leases. If DNS server doesn't have any upstream servers set, DHCP server won't include DHCP option 6 in DHCP leases (or it will be empty).

8) If you put IP address of a LAN connected DNS server (e.g. raspberry pi) in DHCP network, then clients will connect directly rPI if on same subnet (that traffic will completely bypass router) or will connect rPI via router if on different subnet (that traffic will be handled in chain=forward).

9) yes if router is set to be used as DNS server for LAN clients. No if clients use unrelated DNS servers as that traffic will pass chain=forward. If no clients are allowed to use router's DNS service, it's simpler to set allow-remote-requests=no on DNS server.

10) what default static IP DNS setting?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 5:59 pm

So in summary.

1. The router will basically automatically provide DNS servers with DHCP leases unless, the admin puts in public DNS servers or something locally like rasperrby pi also behind the router on the DHCP Server Network settings for DNS.

2. Setting Allow remote Servers is not any clearer other than it has nothing to do with clients requests?
What other queries other than the routers ones would exist? I have set this for enabled and it sounds more and more like it was for nothing.
OR, do you mean we have to have this enabled for ANY CASE in (1) where we specify to bypass the router doing the DNS queries (such as want to use 1.1.1.1 or 9.9.9.9 or rPi etc.).

3. The static selection I was talking about is circled in purple (where the default sticks the default gateway I believe). Okay I see where peer DNS would show under dynamic.
Also I see the static location where one would add 1.1.1.1 or 9.9.9.9 if you wanted them available for the router to use.

(4) The question I have is if peer DNS is turned off not used and NO external DNS addresses provided to the router. HOW, WHERE does the router do DNS............... ????
Assuming each subnet has its gateway set at DNS server.

(5) Same question in 4 and but now the admin has left DNS server entries blank in the DHCP server network settings?
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 7:48 pm

1) DHCP server will try as hell to provide some DNS server address in DHCP lease unless router admin knows better ;-)

2) Where's setting "Allow remote Servers"? If you're talking about "Allow remote Requests" ... then it's got everything about client requests. If this is set, then router will listen for UDP connections on port 53 (standard DNS service port). If it is not set, then router won't listen for those connections and clients won't be able to use this service.
Usually DNS stuf is actually two parts, knit together:
  • resolving library. When some process needs to resolve something, it asks library to do it. Library connects to remote DNS servers and asks for answer. Not all libraries are equally developed, some can only do simple queries, some can do full recursive resolving (which means it will connect one of internet top-level DNS servers and descend through FQDN domain hierarchy, each time getting IP addresses of authoritative servers for that level of domains[*]).
  • DNS service. It's a process sitting there and waiting for remote connections - normally listening on port 53, both TCP and UDP (I think ROS implementation only listens for UDP connections). When a client connects and asks something to resolve, service uses library explained in previous bullet to actually get the answer to the question. It's service that does caching of succesfull queries.
3) you're killing me, because of you I had to launch winbox. You can add other static entries and remove the one there by default. Sorry, it's been ages since I noticed default setup, when configuring last few devices the first action was to reset to no defaults.

4) if router doesn't have neither static servers set nor is accepting dynamic servers from ISP, then ... it can't resolve any FQDN to IP addresses. E.g. it can't check for ROS upgrades (I believe FQDN of MT download server is hard coded).
What's "peer DNS"?

5) I believe I already answered: DHCP server will take DNS servers from configuration /ip dns if it doesn't have specific settings.



[*] example of recursive resolving:
  1. User wants to visit web page of municipal government of Manitoba, CA. Types https://www.gov.mb.ca/ in browser address field.
  2. browser asks resolver library to resolve www.gov.mb.ca into IP address.
  3. library on user's laptop connects configured DNS server (let's say it received IP address via DHCP lease) and requests A record for www.gov.mb.ca
  4. DNS service, for argument sake assume it's recursive DNS server, checks its cache and finds nothing.
  5. DNS service asks local library to resolve www.gov.mb.ca
  6. library check its configuration and determines it needs to connect one of root servers to get going. Root servers are either hard coded into library or are provided as static configuration file.
    Let's assume it's connecting a.root-servers.net at 198.41.0.4
  7. library connects 198.41.0.4 and requests A records for "www.gov.mb.ca"
    server doesn't return A record (because it doesn't know it), instead it returns list of NS records for DNS servers, authoritative for TLD .ca. Additionally it returns also A and AAAA records for the same.
  8. library selects one of DNS servers returned in previous bullet, e.g. any.ca-servers.ca. (which resolves into 199.4.144.2).
    library request list of A records for "www.gov.mb.ca"
    server doesn't return any A record, instead it returns list of NS records. In this case it's dns1.mts.net and dns2.mts.net
  9. library connects one of root servers (because it is different TLD) and requests A records for say dns1.mts.net
    server returns doesn't return any A records, instead it returns list of NS and A records for authoritative servers for TLD .net
  10. library selects one of those servers (say a.gtld-servers.net at 192.5.6.30) and connects it, requesting A record for dns1.mts.net
    server returns list of NS records for authoritative servers for domain mts.net, additionally returns A records for them. Incidentally one of authoritative DNS servers for domain mts.net is dns1.mts.net with A record 205.200.16.65.
    If library doesn't recognize it was given answer needed, it would perform additional step of requesting A record for dns1.mts.net from one of two authoritative DNS servers for that domain and those would give direct answer in form of A record.
  11. library connects dns1.mts.net, requesting list of A records for www.gov.mb.ca
    server returns A record 205.200.118.212
    This is the final answer.
  12. library, finally getting answer it's looking for, gives it to DNS service
  13. DNS service passes answer to (waiting) library on user's laptop
  14. library on user's laptop passes answer to browser
  15. browser can proceed by making a IP/TCP connection to www.gov.mb.ca at 205.200.118.212, either port 80 or 443 (depending how user formulated the address and what's browser's default behaviour)

A non-recursive resolver (such as included in ROS), waiting for connections in step #4, will not perform all the steps from 6 to 11, instead it will connect one of configured DNS forwarders for the answer and in case it doesn't get final A record, it will simply blurp.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 8:18 pm

VMTs for your patience.
Many new users have that static setting left over........... what do you use besides winbox LOL,
Yes allow remote requests........... okay good I have it on for a reason ;-)
peer dns is dns service from ISP, so if that was enabled, then the router would have a source for dns services............ if nothing else was available.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 8:40 pm

what do you use besides winbox

I thought it was obvious ... ssh client.
 
Sakena
just joined
Topic Author
Posts: 4
Joined: Tue Jul 27, 2021 4:12 am

Re: Hap ac2 can't use peer dns from isp

Wed Jul 28, 2021 9:55 pm

Thank you very much.

I plan to use Routeros as the dns server of the local area network, because its dns cache function is really usefull.(For me)
I want to use the dns server provided by the ISP instead of the public dns(like 114.114.114.114,223.5.5.5.......),Because the ISP dns server responds faster.
The 'peer dns' I mentioned is actually the DNS server provided by my ISP.
20210729025316.png
Sorry to trouble you, because English is not my native language,I use Google Translate to communicate.

There may be some errors in my description, let me post some picture to illustrate.By the way, after resetting the router many times, I gave up changing my router ip, and now my router ip address is 192.168.88.1.The address NAT converts is 192.168.0.100.
Combination (1)
20210729013433.png
By checking the wireless connection of the mobile phone, I got these dns addresses:192.168.88.1; 222.246.129.80; 59.51.78.210
In this combination, I can use the Internet normally without worrying about not being able to open the webpage.

Combination (2)
I set `allow remote requests`= no.Others are the same as combination 1.
I got these dns addresses:222.246.129.80; 59.51.78.210
In this combination, I can use the Internet normally without worrying about not being able to open the webpage.

Combination (3)
20210729011508.jpg
I got one dns addresses:192.168.88.1
In this combination, my mobile phone can hardly access the Internet, and other devices are the same.

Combination (4)
I set 'allow remote requests' = no.Others are the same as combination 3.
I got one dns addresses:192.168.88.1
In this combination, my mobile phone can hardly access the Internet, and other devices are the same.

These test results bother me, why the dns provided by the ISP cant work on the router but can be used normally under the LAN client.
I tried to add the input,forward,output chain to accept in the firewall and disable all other rules, but it still doesn’t work.

After trying for this period of time, I found that the tplink router did not open port 53 (scanned by Nmap). It seems that all dns requests are forwarded to the dns server, and the resolution results are not cached locally.
In the above combination 1 and 2, the connection list of the firewall has the information of the LAN client. By checking the information, I found that src-address is lan client ip and dst-address is the dns server provided by the ISP. In this combination, the Internet can be accessed normally, but only for lan client. I try to execute 'ping github.com in winbox terminal'. The following information was obtained.
invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
while resolving ip-address: could not get answer from dns server
And see the following information in the firewall connection list
20210729022652.png
I think this is the problem. Maybe the ISP made some settings that caused this problem? ? ? The router is not allowed to directly request dns, or the number of requests per minute is limited, I can still get some dns entries, but I need to wait for more than 1 minute.

Tomorrow I will try the Xiaomi router again. It has port 53 (also scanned by Nmap). I use it to surf the Internet and force its ip to be used as the dns server of the LAN client. If it does not work properly, it is indeed a problem with the ISP.

Thanks for your help.
You do not have the required permissions to view the files attached to this post.
 
Sakena
just joined
Topic Author
Posts: 4
Joined: Tue Jul 27, 2021 4:12 am

Re: Hap ac2 can't use peer dns from isp  [SOLVED]

Thu Jul 29, 2021 4:05 am

Tomorrow I will try the Xiaomi router again. It has port 53 (also scanned by Nmap). I use it to surf the Internet and force its ip to be used as the dns server of the LAN client. If it does not work properly, it is indeed a problem with the ISP.
Yes, I tried this method today. It is true that the ISP's DNS has some settings, which causes the router itself unable to request DNS records(If I want to cache dns records on the router), but it can forward the LAN client dns request and obtain the correct records.
Thank you for your answer.

Who is online

Users browsing this forum: holvoetn and 36 guests