Change dns in dhcp mode 4.1.0

So happy that 4.1 fixed airplay perfectly!

Wish I could change DNS servers in DHCP mode. I had to set Static IP to set DNS. Thankfully my ISP has persistent IP in DHCP mode, so it worked.

Is a fix to change DNS servers in DHCP mode coming? Will I have to open OpenWRT to do it?

I have two Flint routers. Is 4.1.0 the end of the line for them?

TIA

4.2.1-release4 (OpenWrt 21.02-SNAPSHOT) is the latest stable for the Flint. They’re working on a 4.3.x based on OpenWrt 22.0x.

You can change your upstream/outbound DNS to any provider you like via GL GUI → Network → DNS → DNS Server Settings.

Is a fix to change DNS servers in DHCP mode coming?

Any DNS provider or their IPs you set are only used WAN-side for outbound lookups.

My firmware shows up to date at 4.1.0.

How can I install 4.2.1 on Flint?

GL GUI → System → Upgrade . You should backup your existing conf first. See the HOW-TO link in my profile header.

1 Like

don’t try to set DNS under internet. Rookie move, flames ok.

1 Like

We all start somewhere… backups will usually bail you out.

didn’t know I set Luci pw, locked out. So no backups for me I guess. For now.

Online upgrade shows up to date 4.1.0 Flint. Just download 4.2.1 or Flint won’t support it?

Dammit. How rude of me. I should search before posting easy questions.

Pls forgive.

LuCI & SSH (dropbear) default pwd is the same as GL GUI. root is the default login name.

TY!!! Thanks much! +more characters

1 Like

I ain’t no padre, cowboy.

1 Like

You may not be a padre, ranger, but you ARE a savior:

correctly set DNS
Luci root pw == backed up (thanks for profile link!)
Now two routers up to date

If you’re not a savior either, you ARE a ROCK STAR! Much thanks!

1 Like

Last question: if I have set DNS to ISP and add google DNS last (I have), will DNS failover to google?

CCI fiber, Sacramento. The DNS doesn’t go down much but it has happened before.

Don’t know; don’t care. I’m ‘deGoogled’, anti-Big Tech/Surveillance Capitalism. If you want DNS as fast as their 8.8.8.8 use Cloudflare’s DOH if Quad9 is too slow for your expectations.

  • GL GUI → Network → DNS → DNS Server Settings → Mode → Encrypted DNS
  • GL GUI → Network → DNS → DNS Server Settings → Encryption Type → DNS over HTTPS
  • GL GUI → Network → DNS → DNS Server Settings → Servers → + Server → Search to taste.

Be aware Cloudflare holds logs for 25 hours, however. I don’t care if they’re supposedly ‘anonymized;’ there’s techniques to strip that so-called ‘feature.’

1 Like

very nice options sir!! I have long since degoogleized all my search engines and am well aware using google dns means all my requests will go to china. I only use them for a quick and dirty solution when needed, which I shouldn’t.

It’s good to have options! Thanks again!

Glad I’m not an enterprise, though technically I expect we all are…

DoH set, THANKS for EDU!

1 Like

Thanks for that article. Ironically my heavy handed custom + third party DNS blocklists kill all attempts to connect to AT; there must be too many tracking/fingerprinting attempts somewhere in their setup.

I use CroxyProxy.net for such ‘one off’/suspect sites. It ain’t perfect but it usually gets me what I need.

The reason: device-enabled DoH bypasses network defenses such as DNS inspection, which monitors domain lookups and IP address responses for signs of malicious activity.

Heh; the NSA calls it a problem; I call it the primary attraction of that solution.

There are other risks as well. For instance, when an end-user device with DoH enabled tries to connect to a domain inside the enterprise network, it will first send a DNS query to the external DoH resolver.

That doesn’t seem to be true in the case of GL GUI/OpenWrt using dnsmasq (the underlying process behind DHCP & DNS fowarding) when forwarding to dnscrypt-proxy2 (the process handling DOT/DOH/DNSCrypt). YMMV.

opkg update && opkg install htop && htop ; you’ll the processes I mention (grab the nano editor while you’re at it).

The TL;DR of that article is that the Coropos, Big Brother types (Glowies I believe they’re also known as, no?) don’t like DOH because they can’t easily control it/lock it down.

… so you can see why I like it so. F 'em. #SnowdenWasRight

1 Like

Yeppurs. I don’t see anything compelling trust in NSA. Thanks for resources!

1 Like