cancel
Showing results for 
Search instead for 
Did you mean: 
Replies are disabled for this topic. Start a new one or visit our Help Center.

Custom DNS not working

Tiago
Community Member

I'm trying to set a custom DNS server for my 3 google wifi mesh here.

I managed to configure it using the google home app, set the primary 192.168.86.5, save, everything looks fine.

 

But on my connected devices, the dns server points to 192.168.86.1. I try restarting them, releasing the dhcp lease, etc... it is stuck in 192,168.86.1. 🤔

am I doing something wrong? Do I need to also set the secondary? (it doesn't allow to repeat).

1 Recommended Answer

MichaelP
Diamond Product Expert
Diamond Product Expert

Hello @Tiago 

It may not look like it, but it's actually working. What will happen is all of the clients will still be configured to use the primary Google WiFi unit (typically 192.168.86.1) as the DNS server, but all of the requests that get sent there will then be forwarded to whatever DNS server(s) you have configured. I use this setup to get all of my DNS traffic tunneled through DNS-over-HTTPS by running a couple of Raspberry Pi units with "cloudflared" installed. Those RPi units on my internal network are configured in my Google WiFi as the primary and secondary DNS servers, but then they are each configured to resolve through HTTPS via Google, Cloudflare, or Quad9 DNS. So, the DNS requests go from my clients to Google WiFi, and then from there two one of my RPis, and then from there (through HTTPS) to Google's DNS server on the internet (or one of the backups).

Edit to add: What this does mean is your DNS server can't tell what the source of any particular DNS request actually was, since they are all coming from 192.168.86.1 at that point.

View Recommended Answer in original post

5 REPLIES 5

MichaelP
Diamond Product Expert
Diamond Product Expert

Hello @Tiago 

It may not look like it, but it's actually working. What will happen is all of the clients will still be configured to use the primary Google WiFi unit (typically 192.168.86.1) as the DNS server, but all of the requests that get sent there will then be forwarded to whatever DNS server(s) you have configured. I use this setup to get all of my DNS traffic tunneled through DNS-over-HTTPS by running a couple of Raspberry Pi units with "cloudflared" installed. Those RPi units on my internal network are configured in my Google WiFi as the primary and secondary DNS servers, but then they are each configured to resolve through HTTPS via Google, Cloudflare, or Quad9 DNS. So, the DNS requests go from my clients to Google WiFi, and then from there two one of my RPis, and then from there (through HTTPS) to Google's DNS server on the internet (or one of the backups).

Edit to add: What this does mean is your DNS server can't tell what the source of any particular DNS request actually was, since they are all coming from 192.168.86.1 at that point.

Tiago
Community Member

Oh! It's good to know that it's working!

But it's not great that this is how it works, at least in my case.

Like you mentioned, if all requests to the DNS server are coming from 192.168.86.1, then my per-ip internet filtering won't quite work 😥

 

Just for context, I've also a raspberry-pi with nxfilter instaled, with some scam/ads/spam domain filtering.

I usually set them up so that the .1-.99 are free of filtering (and statically assigned to specific non-human things), and configure the dhcp to give the .100-.250 ips (which are then filtered). Haven't thought about actually filtering 100% of the ips/devices, maybe it's not a big deal 🤔

MichaelP
Diamond Product Expert
Diamond Product Expert

Filtering for all the devices will probably work fine. If it doesn't, you might just need to back off the aggressiveness of the filtering. My network is running IPv6, so I stopped paying attention to what IPv4 addresses things ended up getting assigned. So, I doubt this kind of fine-grained approach would work indefinitely anyway.

Jeff
Community Specialist
Community Specialist

Hi, everyone.
Just one quick final check in here since activity has slowed down. We'll be locking the thread in the next 24 hours, but if you still need help, I would be happy to keep it open. If there's more we can do, just let me know.
Thanks.

Jeff
Community Specialist
Community Specialist

Hi, everyone.
As we haven't had any activity here recently I'm going to go ahead and close the thread. If you have more to add, feel free to start a new discussion.
Thanks