12-07-2021 09:36 AM
I'm trying to set a custom DNS server for my 3 google wifi mesh here.
I managed to configure it using the google home app, set the primary 192.168.86.5, save, everything looks fine.
But on my connected devices, the dns server points to 192.168.86.1. I try restarting them, releasing the dhcp lease, etc... it is stuck in 192,168.86.1. 🤔
am I doing something wrong? Do I need to also set the secondary? (it doesn't allow to repeat).
Answered! Go to the Recommended Answer.
12-07-2021 10:55 AM - edited 12-07-2021 10:58 AM
Hello @Tiago
It may not look like it, but it's actually working. What will happen is all of the clients will still be configured to use the primary Google WiFi unit (typically 192.168.86.1) as the DNS server, but all of the requests that get sent there will then be forwarded to whatever DNS server(s) you have configured. I use this setup to get all of my DNS traffic tunneled through DNS-over-HTTPS by running a couple of Raspberry Pi units with "cloudflared" installed. Those RPi units on my internal network are configured in my Google WiFi as the primary and secondary DNS servers, but then they are each configured to resolve through HTTPS via Google, Cloudflare, or Quad9 DNS. So, the DNS requests go from my clients to Google WiFi, and then from there two one of my RPis, and then from there (through HTTPS) to Google's DNS server on the internet (or one of the backups).
Edit to add: What this does mean is your DNS server can't tell what the source of any particular DNS request actually was, since they are all coming from 192.168.86.1 at that point.
12-07-2021 10:55 AM - edited 12-07-2021 10:58 AM
Hello @Tiago
It may not look like it, but it's actually working. What will happen is all of the clients will still be configured to use the primary Google WiFi unit (typically 192.168.86.1) as the DNS server, but all of the requests that get sent there will then be forwarded to whatever DNS server(s) you have configured. I use this setup to get all of my DNS traffic tunneled through DNS-over-HTTPS by running a couple of Raspberry Pi units with "cloudflared" installed. Those RPi units on my internal network are configured in my Google WiFi as the primary and secondary DNS servers, but then they are each configured to resolve through HTTPS via Google, Cloudflare, or Quad9 DNS. So, the DNS requests go from my clients to Google WiFi, and then from there two one of my RPis, and then from there (through HTTPS) to Google's DNS server on the internet (or one of the backups).
Edit to add: What this does mean is your DNS server can't tell what the source of any particular DNS request actually was, since they are all coming from 192.168.86.1 at that point.
12-07-2021 11:17 AM
Oh! It's good to know that it's working!
But it's not great that this is how it works, at least in my case.
Like you mentioned, if all requests to the DNS server are coming from 192.168.86.1, then my per-ip internet filtering won't quite work 😥
Just for context, I've also a raspberry-pi with nxfilter instaled, with some scam/ads/spam domain filtering.
I usually set them up so that the .1-.99 are free of filtering (and statically assigned to specific non-human things), and configure the dhcp to give the .100-.250 ips (which are then filtered). Haven't thought about actually filtering 100% of the ips/devices, maybe it's not a big deal 🤔
12-07-2021 12:06 PM
Filtering for all the devices will probably work fine. If it doesn't, you might just need to back off the aggressiveness of the filtering. My network is running IPv6, so I stopped paying attention to what IPv4 addresses things ended up getting assigned. So, I doubt this kind of fine-grained approach would work indefinitely anyway.
01-27-2022 11:32 AM
Hi, everyone.
Just one quick final check in here since activity has slowed down. We'll be locking the thread in the next 24 hours, but if you still need help, I would be happy to keep it open. If there's more we can do, just let me know.
Thanks.
01-28-2022 01:15 PM
Hi, everyone.
As we haven't had any activity here recently I'm going to go ahead and close the thread. If you have more to add, feel free to start a new discussion.
Thanks