CarderPlanet
Professional
What settings do I need to configure on Keenetic so that Internet domain name addresses are determined not through the DNS servers provided by the provider, but through publicly available public DNS servers?
On the Internet, access to nodes can be carried out by their addresses (for example, 2.11.115.99) or by corresponding domain names, such as help.keenetic.com. The correspondence between domain names and their addresses is stored in the hierarchical structure of the Domain Server Service (DNS servers). Usually, the Internet provider automatically provides its users with its own domain server, but in some cases it may be necessary to use the so-called public servers located on the Internet and available to all its users.
In KeeneticOS, the module responsible for the operation of the domain name service (DNS Proxy) aggregates the DNS server addresses received from the provider and configured manually in accordance with the specified zones (interfaces) and sends a request to determine the domain name address to the most suitable of them. If the address for the domain name has already been determined as a result of a previously received request, it can be stored in the device cache, which provides faster re-response of sites.
Next, we will consider the Keenetic settings that can be configured to use DNS servers on the Internet.
1. Using public DNS servers directly by computers connected to the Internet center
There are two options for this setting - on computers on your home network or in the Keenetic.
a) On the computer, the IP protocol parameters are manually configured and the required DNS server addresses are specified in the network interface configuration, for example, as in the screenshot below, - the computer interface will receive the IP address and the default gateway address from the Keenetic automatically, but use it as The DNS server will not be his, but the addresses of the servers of the public provider SafeDNS.
This method can be inconvenient when you need to perform settings on a large number of devices in the network, or when different devices are connected to the Keenetic every time, for which you need to provide the same access conditions.
b) You can specify the required public addresses of DNS servers in the web configurator of the Keenetic on the "Home network" page in the "IP Settings" section in the DHCP settings, and when computers are connected to its network, the configuration will be performed automatically.
It should be noted that when using public DNS servers directly on computers, it will be impossible to access the Keenetic named my.keenetic.net, as well as take advantage of the caching of DNS queries on the Keenetic, automatic selection of the optimal server and other DNS functions Proxy.
2. Indication of public DNS servers on the Internet center instead of those provided by the provider
This setting will allow you to refuse to use the provider's servers, replacing them with any public DNS server addresses that are suitable for a particular use case. The setup takes place in two steps.
Step 1. Disable the use of the provider's servers.
Sometimes ISPs provide their own DNS server addresses for manual configuration. In this case, you will need to delete the DNS server addresses specified in the connection parameters. For example, in the web configurator, on the Wired page, under IP and DNS Settings, in the DNS 1 and DNS 2 fields, delete the servers.
Important! When accessing the Internet using authorization, such as PPTP / L2TP / PPPoE, pay attention to the details provided by the provider. If they contain the server address in the domain name format, for example tp.internet.beeline.ru, you cannot disable the DNS servers on the connection used to establish the authorization connection - usually this is a Wired (ISP) connection, as this can do it is impossible to determine the address of the server providing access to the Internet. Take a look at Note 1 to this article.
Help: Starting from KeeneticOS 3.1 Beta 1, in the web configurator, you can enable the option to ignore (disable) DNS servers automatically received from the provider. You can find detailed information in the instructions "Ignore the DNS provider".
You can also remove the DNS servers received from the provider automatically from the DNS Proxy configuration using the command line interface (CLI) of the router:
You can check the success of disconnecting the DNS servers obtained automatically from the provider by checking the contents of the configuration file of the DNS Proxy module. To do this, give the device the command:
There should be no dns_server entries in the displayed output.
Step 2. Specifying the required server addresses manually.
This operation can be performed through the device's web configurator on the Internet Filter page under DNS Servers.
To specify general purpose servers that will be used when working on the Internet, you do not need to fill in the "Domain" field and change the default value of the "Connection" field. Through the CLI, the addresses of DNS servers can be specified using the command:
Its format is described in more detail in the Keenetic Command Interface Reference (the reference can be found in the Files section by selecting the required model).
After specifying the addresses of the DNS servers, the DNS Proxy configuration file will look like this:
You can view information about the currently used DNS servers using the command:
Note 1
Network configurations differ for different access providers. Disabling automatic obtaining of DNS server addresses in certain cases can lead to inoperability of tunnel connections, failures in the operation of additional services, etc. Before disabling the use of DNS servers provided by your provider, make sure that there are no domain names of servers authorizing your connection in the settings. Otherwise, you should clarify whether it is possible to use its IP address instead of the server name. To independently determine the address of the authorization server, you can use the nslookup program (built into Windows operating systems), for example:
In the above example, the server name points to several addresses, in this case, we recommend that you check with the provider which one can be explicitly indicated on your connection.
Note 2
The use of public DNS servers, especially when they are specified in the DNS Proxy settings on the Keenetic, can in some cases reduce the response time of resources on the Internet. This can be influenced by various factors: the location of the servers relative to the point of access to the Internet of your connection, the width and load of the channels leading to these servers, the time of day, and others.
Some public DNS servers are listed on the following websites: WikiLeaks.org, vWiki.co.uk, www.lifewire.com. A custom selection of public servers can be viewed on the theos.in blog.
To determine the most suitable servers among the available, you can use specialized programs such as, for example, DNS Benchmark .
Note 3
When using public DNS servers, incorrect behavior may occur when browsers and other programs that use an Internet connection are running. We also do not recommend using the information from this article for illegal tasks.
In addition, keep in mind that when using public DNS servers, information about requests sent from your device may be available to those who maintain these servers.
Note 4
You can run an online test at http://www.whatsmydnsserver.com/ or https://www.dnsleaktest.com to help you determine which DNS server your queries are passing through.
Note 5
When using Internet filters such as Yandex.DNS, SkyDNS, AdGuard DNS, etc. it should be borne in mind that if the DNS server addresses received from the provider are disconnected and there are no manually added DNS server addresses, Keenetic itself and home network devices with the "No filtering" Internet filter profile will not be able to resolve domain names. In particular, Keenetic will not be able to detect the presence of the Internet, and the corresponding indicator will always be extinguished. At the same time, home network devices with a profile other than "No filtering" will be able to resolve names using the DNS addresses of the Internet filter used.
Note 6
To disconnect the DNS servers from the provider using IPv6 protocol, in the command line interface (CLI) of the router, run the command:
We have provided an example for an IPoE (Wired, ISP) connection. If you are using a connection with authorization (PPPoE, PPTP, L2TP) or via a USB modem, in the command use the interface through which you connect to the Internet.
Be sure to be case sensitive when using the interface name in commands. For example, the interface names ISP, PPTP0, L2TP0 need to be specified only in uppercase (uppercase) letters, and the PPPoE0 or UsbModem0 interfaces contain both uppercase and lowercase letters.
To add IPv6 DNS, run the commands:
In our example, we have added a public DNS server from Cloudflare.
Note 7 You can
Add public DNS servers to Keenetic in different menu items of the web configurator. For more information, see the article: "Description of the different ways to add additional DNS servers"
On the Internet, access to nodes can be carried out by their addresses (for example, 2.11.115.99) or by corresponding domain names, such as help.keenetic.com. The correspondence between domain names and their addresses is stored in the hierarchical structure of the Domain Server Service (DNS servers). Usually, the Internet provider automatically provides its users with its own domain server, but in some cases it may be necessary to use the so-called public servers located on the Internet and available to all its users.
In KeeneticOS, the module responsible for the operation of the domain name service (DNS Proxy) aggregates the DNS server addresses received from the provider and configured manually in accordance with the specified zones (interfaces) and sends a request to determine the domain name address to the most suitable of them. If the address for the domain name has already been determined as a result of a previously received request, it can be stored in the device cache, which provides faster re-response of sites.
Next, we will consider the Keenetic settings that can be configured to use DNS servers on the Internet.
1. Using public DNS servers directly by computers connected to the Internet center
There are two options for this setting - on computers on your home network or in the Keenetic.
a) On the computer, the IP protocol parameters are manually configured and the required DNS server addresses are specified in the network interface configuration, for example, as in the screenshot below, - the computer interface will receive the IP address and the default gateway address from the Keenetic automatically, but use it as The DNS server will not be his, but the addresses of the servers of the public provider SafeDNS.
This method can be inconvenient when you need to perform settings on a large number of devices in the network, or when different devices are connected to the Keenetic every time, for which you need to provide the same access conditions.
b) You can specify the required public addresses of DNS servers in the web configurator of the Keenetic on the "Home network" page in the "IP Settings" section in the DHCP settings, and when computers are connected to its network, the configuration will be performed automatically.
It should be noted that when using public DNS servers directly on computers, it will be impossible to access the Keenetic named my.keenetic.net, as well as take advantage of the caching of DNS queries on the Keenetic, automatic selection of the optimal server and other DNS functions Proxy.
2. Indication of public DNS servers on the Internet center instead of those provided by the provider
This setting will allow you to refuse to use the provider's servers, replacing them with any public DNS server addresses that are suitable for a particular use case. The setup takes place in two steps.
Step 1. Disable the use of the provider's servers.
Sometimes ISPs provide their own DNS server addresses for manual configuration. In this case, you will need to delete the DNS server addresses specified in the connection parameters. For example, in the web configurator, on the Wired page, under IP and DNS Settings, in the DNS 1 and DNS 2 fields, delete the servers.
Important! When accessing the Internet using authorization, such as PPTP / L2TP / PPPoE, pay attention to the details provided by the provider. If they contain the server address in the domain name format, for example tp.internet.beeline.ru, you cannot disable the DNS servers on the connection used to establish the authorization connection - usually this is a Wired (ISP) connection, as this can do it is impossible to determine the address of the server providing access to the Internet. Take a look at Note 1 to this article.
Help: Starting from KeeneticOS 3.1 Beta 1, in the web configurator, you can enable the option to ignore (disable) DNS servers automatically received from the provider. You can find detailed information in the instructions "Ignore the DNS provider".
You can also remove the DNS servers received from the provider automatically from the DNS Proxy configuration using the command line interface (CLI) of the router:
- IPoE type interfaces. These interfaces use DHCP (Dynamic Host Configuration Protocol) to obtain DNS server addresses. You can disable the setting for the interface named ISP (this is the interface for the Ethernet WAN connection preconfigured in the Keenetic) as follows:
In this case, the DNS address obtained from the ISP will disappear from the list of DNS servers.Code:(config)> interface ISP (config-if)> ip dhcp client no name-servers Dhcp::Client: ISP DHCP name servers are disabled.
To re-enable the ability to obtain a DNS server on the ISP interface, run the commands:
Code:(config)> interface ISP (config-if)> ip dhcp client name-servers Dhcp::Client: ISP DHCP name servers are enabled. - Authorized interfaces (PPTP / L2TP / PPPoE). IP parameters on this type of interface are usually sent from the server using Internet Protocol Control Protocol (IPCP). In order to disable receiving DNS server addresses from the provider on such an interface, you need to go to its settings using the command interface {interface_name} and execute ipcp no name-servers . For example, for the PPTP0 interface, the commands might look like this:
Not using remote name servers.Code:(config)> interface PPTP0 (config-if)> ipcp no name-servers - In the case of using a cellular network via a USB modem , depending on the type (mode) of its connection in the device, the addresses of DNS servers can be assigned both by DHCP (for modems operating in emulation mode of the Ethernet port or NDIS), and by IPCP (for RAS connections). To complete the configuration, you need to go to the management of the corresponding interface in the command line and give a command corresponding to the type of modem.
- For QMI modems use the commands:
Code:(config)> interface UsbQmi0 (config-if)> mobile no name-servers UsbQmi::Interface: "UsbQmi0": automatic name servers via QMI are disabled. - If you want to disable the use of DNS servers provided in a connection of the OpenVPN type, add the following line to the configuration of this connection:
Code:pull-filter ignore "dhcp-option DNS"
You can check the success of disconnecting the DNS servers obtained automatically from the provider by checking the contents of the configuration file of the DNS Proxy module. To do this, give the device the command:
Code:
(config)> more temp:ndnproxymain.conf
rpc_port = 54321
rpc_ttl = 30000
rpc_wait = 10000
timeout = 7000
bantime = 300000
proceed = 500
ban_threshold = 3
stat_file = /var/ndnproxymain.stat
stat_time = 10000
static_a = my.keenetic.net 78.47.125.180There should be no dns_server entries in the displayed output.
Step 2. Specifying the required server addresses manually.
This operation can be performed through the device's web configurator on the Internet Filter page under DNS Servers.
To specify general purpose servers that will be used when working on the Internet, you do not need to fill in the "Domain" field and change the default value of the "Connection" field. Through the CLI, the addresses of DNS servers can be specified using the command:
Code:
(config)> ip name-server {server_address}Its format is described in more detail in the Keenetic Command Interface Reference (the reference can be found in the Files section by selecting the required model).
After specifying the addresses of the DNS servers, the DNS Proxy configuration file will look like this:
Code:
(config)> more temp:ndnproxymain.conf
rpc_port = 54321
rpc_ttl = 30000
rpc_wait = 10000
timeout = 7000
bantime = 300000
proceed = 500
ban_threshold = 3
stat_file = /var/ndnproxymain.stat
stat_time = 10000
dns_server = 195.170.55.1 .
dns_server = 141.1.27.249 .
dns_server = 80.252.130.254 .
dns_server = 141.1.1.1 .
static_a = my.keenetic.net 78.47.125.180You can view information about the currently used DNS servers using the command:
Code:
(config)> show ip name-server
server:
address: 192.168.100.1
port:
domain:
global: 65522Note 1
Network configurations differ for different access providers. Disabling automatic obtaining of DNS server addresses in certain cases can lead to inoperability of tunnel connections, failures in the operation of additional services, etc. Before disabling the use of DNS servers provided by your provider, make sure that there are no domain names of servers authorizing your connection in the settings. Otherwise, you should clarify whether it is possible to use its IP address instead of the server name. To independently determine the address of the authorization server, you can use the nslookup program (built into Windows operating systems), for example:
Code:
$>nslookup vpn.myisp.com
Server: UnKnown
Address: 192.168.1.1
Non-authoritative answer:
Name: vpn.myisp.com
Addresses: 208.48.81.134
64.15.205.100
64.15.205.101
208.48.81.133In the above example, the server name points to several addresses, in this case, we recommend that you check with the provider which one can be explicitly indicated on your connection.
Note 2
The use of public DNS servers, especially when they are specified in the DNS Proxy settings on the Keenetic, can in some cases reduce the response time of resources on the Internet. This can be influenced by various factors: the location of the servers relative to the point of access to the Internet of your connection, the width and load of the channels leading to these servers, the time of day, and others.
Some public DNS servers are listed on the following websites: WikiLeaks.org, vWiki.co.uk, www.lifewire.com. A custom selection of public servers can be viewed on the theos.in blog.
To determine the most suitable servers among the available, you can use specialized programs such as, for example, DNS Benchmark .
Note 3
When using public DNS servers, incorrect behavior may occur when browsers and other programs that use an Internet connection are running. We also do not recommend using the information from this article for illegal tasks.
In addition, keep in mind that when using public DNS servers, information about requests sent from your device may be available to those who maintain these servers.
Note 4
You can run an online test at http://www.whatsmydnsserver.com/ or https://www.dnsleaktest.com to help you determine which DNS server your queries are passing through.
Note 5
When using Internet filters such as Yandex.DNS, SkyDNS, AdGuard DNS, etc. it should be borne in mind that if the DNS server addresses received from the provider are disconnected and there are no manually added DNS server addresses, Keenetic itself and home network devices with the "No filtering" Internet filter profile will not be able to resolve domain names. In particular, Keenetic will not be able to detect the presence of the Internet, and the corresponding indicator will always be extinguished. At the same time, home network devices with a profile other than "No filtering" will be able to resolve names using the DNS addresses of the Internet filter used.
Note 6
To disconnect the DNS servers from the provider using IPv6 protocol, in the command line interface (CLI) of the router, run the command:
Code:
(config)> no interface ISP ipv6 name-servers auto
Ip6::Nd::Node: Ignore name servers provided by the interface network.
(config)> system configuration save
Core::ConfigurationSaver: Saving configuration...We have provided an example for an IPoE (Wired, ISP) connection. If you are using a connection with authorization (PPPoE, PPTP, L2TP) or via a USB modem, in the command use the interface through which you connect to the Internet.
Be sure to be case sensitive when using the interface name in commands. For example, the interface names ISP, PPTP0, L2TP0 need to be specified only in uppercase (uppercase) letters, and the PPPoE0 or UsbModem0 interfaces contain both uppercase and lowercase letters.
To add IPv6 DNS, run the commands:
Code:
(config)> ipv6 name-server 2606:4700:4700::1111
Dns::Manager: Name server 2606:4700:4700::1111 added, domain (default).
(config)> system configuration save
Core::ConfigurationSaver: Saving configuration...In our example, we have added a public DNS server from Cloudflare.
Note 7 You can
Add public DNS servers to Keenetic in different menu items of the web configurator. For more information, see the article: "Description of the different ways to add additional DNS servers"
