[GL-AR150] Manual DNS created by NAS works in individual devices, but not in router

Hello there,

I have the following LAN:

LAN Topology

LAN Topology

I have created a private DNS server in the NAS, to access only local addresses like the GL-AR150, the NAS itself, the printer and so on…

When I set the NAS IP as my DNS in my computer, even when connected to the GL-AR150 wifi, private addresses work fine (so the NAS firewall is probably correctly set).
However, when I try to leave the computer’s DNS as default (i.e. what comes from the router), and set a custom DNS in the GL-AR150, private addresses do not work; the internet works fine though.
(I cannot change the DNS in the main router, because it is an ISP modem.)

I have the following settings in the GL-AR150’s Custom DNS Server:

  • DNS Rebinding Attack Protection ON
  • Override DNS Settings for All Clients ON
  • Manual DNS Server Settings ON with
    - … .0.3 (the NAS)
    - 8.8.8.8 (as fallback)

I am just starting to learn more about networking concepts, so I cannot understand why it does not work. Does it have anything to do with port forwarding in the main router? If so, what should I do? If not, any ideas?

(Hey @Johnex, may I bother you to check if you know anything about this? Your help last time was really great!)

Thanks a lot,

When u use your ISP-Modem (should be a router actually) IP as upstream DNS in your NAS, then local DNS and internet-DNS will work with just one entry in your local computer.
I’m also using DNS-Server in my NAS (Synology) but i also have another DNS-Server which is running on a raspberry pi. This is called pi-hole. DNS-Server in my NAS provide DHCP (with some reservations) and is being 2nd DNS. 1st DNS is my pi-hole filtering adsense and local DNS + Internet-DNS.
I’m using also wireguard vpn running on a mango router, so i can use pi-hole filtering and dns also outside my home.

Hi @mozarella, thanks for the reply!

First, yes, you’re right: the Main Router is acting as a router. What I meant was that it is also a modem, and because it is directly provided by the ISP I cannot change the DNS there.

Second, I also have a Synology NAS, so you might be able to help me there. Following your advice, have changed the Forwarder 1 (in Resolution) of the NAS DNS server to the IP address of the Main Router. Previously I had the standard DNS address that the ISP provides (of course, listed in the Main Router).
I tried connecting to some LAN IPs, and this works. But using their name addresses (records in my Master Zone), it still does not work.

I don’t know if this is of importance, but trying to load a name address keeps the browser in a continuously loading state (“problem loading page”, in Firefox), instead of simply failing as when I type in a false name address (“server not found”, in Firefox).

I like your suggestion of using the VPN to keep having the private DNS when I am outside of my home. I will see if this works after the DNS is working in the LAN.

Any comments?
Thanks again,

Just thought about your entry. Actually i’m not using the synology dns server, i’m using synodnsmasq already a long long time, long before synology had it’s dns-server. dnsmasq is smaller than a normal dns server, there are no zones and so on.
Well, my diskstation has own dns server entry for LAN and synodnsmasq is using this as upstream dns. normal you can use the isp router as dns or use another dns in internet.
i’m using the synodnsmasq also as dhcp server, so i don’t use the router’s dhcp and dns. So i could easily configure another dns-server. But you could configure by hand manually.

Hi again @mozarella, thanks for the reply.
I am sorry, but I did not quite understand what your suggestion is. What do you think I should configure manually?
Also, did you set up the NAS’s DNS (in Network, not DNS Server settings) as the NAS’s own IP?

Thanks again for the help,

Welcome back on the forum :slight_smile:

If you disable the Wireguard server on the AR150 just to try, does it work?

Thanks for the welcome, hehehe!

So, I tried doing as you said, and disabled both the Wireguard and OpenVPN servers in the GL-AR150. Tried to connect, from my computer (in the GL-AR150 wifi), to a “devicename.mydomain.me” address and nothing. Then I rebooted the GL-AR150 because I saw a video online saying that DNS problems with the router sometimes require this. Nothing again, the problem persists. So I have restarted the vpn servers.

I think I should mention again that when I look for one of these “devicename.mydomain.me” internal addresses (records of my DNS Server’s Master Zone), my browser keeps giving me “The connection has timed out” and one of the browser suggestions is a firewall problem. So, a question I have is: do I need to change any firewall settings in my DNS Server device (the NAS)?
I currently allow only connections from the LAN IP … .0.1 (the main router). I assumed that since queries from devices in the GL-AR150 wifi necessary go through the main router to the NAS, this would be OK… But I am not sure.
I actually tried enabling the GL-AR150 IP addresses (both … .0.2 and … .8.1) to the NAS firewall, but it didn’t work. But maybe I am doing something wrong.
Or, maybe this has nothing to do with the problem. Again, I am new to all of this, sorry if I write something senseless, hehehe…

Btw, I read somewhere that DNS problems might also have something to do with the DNS cached data (that still do not point to new settings after I change them). Is there any DNS cache I should clear on the GL-AR150? Should I somehow do it manually (also?) in my computer?

Thanks again for the help,

Yeah my next thought was DNS caching on your devices. Windows can be very stubborn with this for example. You will need to find out how to clear the DNS cache for each device. On Windows you do it like so:

Open an admin CMD prompt, then run this to see what DNS is currently being used:

ipconfig /displaydns

And then you can flush the cache like so:

ipconfig /flushdns

OK, so let me tell you exactly what I did. I am currently using a Mac, my wife’s Windows PC I will try to handle later.

First, I have created a custom Terminal command to flush the DNS cache (this might be of use for someone):
(Flush your DNS cache with a single easy-to-remember command - DEV Community 👩‍💻👨‍💻)

Second, I tried to ping each IP and name address in 4 different scenarios. Here’s the successful pings, after a DNS flush in each:

  • Scenario 1 = computer in GL-AR150 wifi, GL-AR150 DNS set to NAS IP and computer DNS to default
  1. main router IP YES
  2. GL-AR150 IP YES
  3. NAS IP YES
  4. main router name address NO (unknown host)
  5. GL-AR150 name address NO (unknown host)
  6. NAS name address NO (unknown host)
  7. google.comYES
  • Scenario 2 = computer in GL-AR150 wifi, GL-AR150 DNS set to NAS IP and computer DNS to NAS IP
  1. main router IP YES
  2. GL-AR150 IP YES
  3. NAS IP YES
  4. main router name address NO (unknown host)
  5. GL-AR150 name address NO (unknown host)
  6. NAS name address NO (unknown host)
  7. google.comYES
  • Scenario 3 = computer in main router wifi, computer DNS set to default
  1. main router IP YES
  2. GL-AR150 IP YES
  3. NAS IP YES
  4. main router name address NO (request timeout)
  5. GL-AR150 name address NO (request timeout)
  6. NAS name address NO (request timeout)
  7. google.comYES
  • Scenario 4 = computer in main router wifi, computer DNS set to NAS IP
  1. main router IP YES
  2. GL-AR150 IP YES
  3. NAS IP YES
  4. main router name address YES (and router config page opens in browser)
  5. GL-AR150 name address YES (but router config page does not open in browser)
  6. NAS name address YES (and NAS config page opens in browser)
  7. google.comYES

TLDR:
Scenarios 1 & 2 => name addresses from private DNS server don’t work, but their IPs do
Scenario 3 => same, but name addresses return “request timeout” instead of “unknown host”
Scenario 4 => all pings work, but the name address for the GL-AR150 does not open its config page in the browser
(However, for the NAS IP pings, I had to open the ICMP protocol in the NAS firewall, which I intend to disable since I don’t think this is needed.)

Now, this confuses me a bit, because I am sure I was able to access the GL-AR150 config page using the name address from the DNS server once before, I just don’t know how anymore. And since I wasn’t flushing the DNS caches before, who knows from what configuration it actually worked?

Sorry for the long post, but I thought a more methodical approach could help someone understand what’s going on.

Any ideas?

I thought I should just add to my previous post the following:

  • DNS Server logs

I have accessed the DNS Server logs and seen different versions of the following Warning message from server clients:

Warning message

client @0x7fb600355da0 192.168.0.2#45617 (play.google.com): error sending response: network unreachable

The IP there is the GL-AR150. In the different versions, the number after the GL-AR150’s IP (port?) and the address in parenthesis change, but the message is always the same (“network unreacheable”).

  • Support contact from NAS company

I have contacted the NAS company support but so far they have told me the problem is probably in the GL-AR150, since the DNS Server works when I am connected to the Main Router’s wifi.

Anyone had any similar problems?