I have created a private DNS server in the NAS, to access only local addresses like the GL-AR150, the NAS itself, the printer and so on…
When I set the NAS IP as my DNS in my computer, even when connected to the GL-AR150 wifi, private addresses work fine (so the NAS firewall is probably correctly set).
However, when I try to leave the computer’s DNS as default (i.e. what comes from the router), and set a custom DNS in the GL-AR150, private addresses do not work; the internet works fine though.
(I cannot change the DNS in the main router, because it is an ISP modem.)
I have the following settings in the GL-AR150’s Custom DNS Server:
DNS Rebinding Attack Protection ON
Override DNS Settings for All Clients ON
Manual DNS Server Settings ON with
- … .0.3 (the NAS)
- 188.8.131.52 (as fallback)
I am just starting to learn more about networking concepts, so I cannot understand why it does not work. Does it have anything to do with port forwarding in the main router? If so, what should I do? If not, any ideas?
(Hey @Johnex, may I bother you to check if you know anything about this? Your help last time was really great!)
When u use your ISP-Modem (should be a router actually) IP as upstream DNS in your NAS, then local DNS and internet-DNS will work with just one entry in your local computer.
I’m also using DNS-Server in my NAS (Synology) but i also have another DNS-Server which is running on a raspberry pi. This is called pi-hole. DNS-Server in my NAS provide DHCP (with some reservations) and is being 2nd DNS. 1st DNS is my pi-hole filtering adsense and local DNS + Internet-DNS.
I’m using also wireguard vpn running on a mango router, so i can use pi-hole filtering and dns also outside my home.
First, yes, you’re right: the Main Router is acting as a router. What I meant was that it is also a modem, and because it is directly provided by the ISP I cannot change the DNS there.
Second, I also have a Synology NAS, so you might be able to help me there. Following your advice, have changed the Forwarder 1 (in Resolution) of the NAS DNS server to the IP address of the Main Router. Previously I had the standard DNS address that the ISP provides (of course, listed in the Main Router).
I tried connecting to some LAN IPs, and this works. But using their name addresses (records in my Master Zone), it still does not work.
I don’t know if this is of importance, but trying to load a name address keeps the browser in a continuously loading state (“problem loading page”, in Firefox), instead of simply failing as when I type in a false name address (“server not found”, in Firefox).
I like your suggestion of using the VPN to keep having the private DNS when I am outside of my home. I will see if this works after the DNS is working in the LAN.
Just thought about your entry. Actually i’m not using the synology dns server, i’m using synodnsmasq already a long long time, long before synology had it’s dns-server. dnsmasq is smaller than a normal dns server, there are no zones and so on.
Well, my diskstation has own dns server entry for LAN and synodnsmasq is using this as upstream dns. normal you can use the isp router as dns or use another dns in internet.
i’m using the synodnsmasq also as dhcp server, so i don’t use the router’s dhcp and dns. So i could easily configure another dns-server. But you could configure by hand manually.
Hi again @mozarella, thanks for the reply.
I am sorry, but I did not quite understand what your suggestion is. What do you think I should configure manually?
Also, did you set up the NAS’s DNS (in Network, not DNS Server settings) as the NAS’s own IP?
So, I tried doing as you said, and disabled both the Wireguard and OpenVPN servers in the GL-AR150. Tried to connect, from my computer (in the GL-AR150 wifi), to a “devicename.mydomain.me” address and nothing. Then I rebooted the GL-AR150 because I saw a video online saying that DNS problems with the router sometimes require this. Nothing again, the problem persists. So I have restarted the vpn servers.
I think I should mention again that when I look for one of these “devicename.mydomain.me” internal addresses (records of my DNS Server’s Master Zone), my browser keeps giving me “The connection has timed out” and one of the browser suggestions is a firewall problem. So, a question I have is: do I need to change any firewall settings in my DNS Server device (the NAS)?
I currently allow only connections from the LAN IP … .0.1 (the main router). I assumed that since queries from devices in the GL-AR150 wifi necessary go through the main router to the NAS, this would be OK… But I am not sure.
I actually tried enabling the GL-AR150 IP addresses (both … .0.2 and … .8.1) to the NAS firewall, but it didn’t work. But maybe I am doing something wrong.
Or, maybe this has nothing to do with the problem. Again, I am new to all of this, sorry if I write something senseless, hehehe…
Btw, I read somewhere that DNS problems might also have something to do with the DNS cached data (that still do not point to new settings after I change them). Is there any DNS cache I should clear on the GL-AR150? Should I somehow do it manually (also?) in my computer?
Yeah my next thought was DNS caching on your devices. Windows can be very stubborn with this for example. You will need to find out how to clear the DNS cache for each device. On Windows you do it like so:
Open an admin CMD prompt, then run this to see what DNS is currently being used:
Scenarios 1 & 2 => name addresses from private DNS server don’t work, but their IPs do
Scenario 3 => same, but name addresses return “request timeout” instead of “unknown host”
Scenario 4 => all pings work, but the name address for the GL-AR150 does not open its config page in the browser
(However, for the NAS IP pings, I had to open the ICMP protocol in the NAS firewall, which I intend to disable since I don’t think this is needed.)
Now, this confuses me a bit, because I am sure I was able to access the GL-AR150 config page using the name address from the DNS server once before, I just don’t know how anymore. And since I wasn’t flushing the DNS caches before, who knows from what configuration it actually worked?
Sorry for the long post, but I thought a more methodical approach could help someone understand what’s going on.