NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

tjm1551's avatar
tjm1551
Aspirant
Nov 14, 2024

Third Party DNS Setting

I've been trying to configure Cloudflare (1.1.1.1)  DNS with my Orbi Router using IPv4 and IPv6. I have set the IP Addresses for both DNS's and saved but running tests still shows my ISP's DNS Server...
tjm1551's avatar
tjm1551
Aspirant
Nov 14, 2024
I’ve been testing it using dnscheck.tools. It shows all my ISP DNS Servers then the Two cloudflare. So I also tried manually entering the dns on my computer and testing again. After retesting it bypassed my ISP entirely but only when I add the DNS manually to each device. It seems my router is getting overridden by my ISP or something.
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Nov 14, 2024

It is not clear (to me) how this "tool" is gathering the information that it presents.

 

I have my Orbi set to use Cloudflare (1.1.1.1) and Google (8.8.8.8), both on the Basic Tab Internet menu and on the Advanced Tab IPv6 menu.  I tested it by monitoring the packets sent from the Orbi to the ISP (Spectrum).  i.e.:

  • Placed an Ethernet switch between the Orbi router and the ISP modem. (Netgear GS108E)
  • Connected the Orbi to port 1 and the ISP modem to port 2
  • Mirrored Port 1 to Port 3
  • Connected Port 3 to my desktop computer using an Ethernet->USB adapter
  • Used Wireshark on the PC to capture every packet going through switch Port 1.
  • My PC is wired to the Orbi router, LAN port 1 and is set to DHCP (the Orbi router provides
    • IP address 192.168.1.2
    • Subnet mask 255.255.255.0
    • Gateway IP 192.168.1.1 (the Orbi router)
    • DNS IP 192.168.1.1 (the Orbi router)

The results were clear.  When I did a DNS query, for example by typing nslookup ford.com, the Orbi would send DNS Request packets on port 53 to both 1.1.1.1 and 8.8.8.8.  It did not send DNS queries to any other IP address. The responses came back from 1.1.1.1 and 8.8.8.8. No DNS requests were sent to any other IP address, nor were there responses from any other IP address.

 

It is not clear how to determine what this website (https://www.dnscheck.tools ) is doing.  It is an https (encrypted) connection, so it is not trivial to examine the actual data packets.  I can, however,use Wireshark to monitor the connection between the PC and the Orbi router and display any DNS queries send by the PC.  What I expect to see is the PC issuing one DNS request to 192.168.1.1 and getting one response back for the first attempt on any specific URL. (since the PC caches DNS, after the first 'hit', queries should respond from the cache.)

 

When I use https://www.dnscheck.tools , it fills a page with IP addresses labeled  Spectrum, Cloudflare, and Google. None of these results are 1.1.1.1 or 8.8.8.8  Where is it getting these IP addresses from?

 

 

 

 

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Nov 14, 2024

    Previous statement was incorrect.  Spectrum IPs never showed up on the first results.  There were a bunch of IPs that are similar to Spectrum, but not labeled as Spectrum.

     

    Have repeated the Original Poster (OP) experiment of changing the PC from using the Orbi IP as the DNS server to using Cloudflare and Google as DNS servers (Network setup, Ethernet adapter, IPv4 properties)

     

    Got the almost exactly the same results from https://www.dnscheck.tools/ as when using the Orbi for DNS.  The difference is that each report displayed a few IPs different from the other.

     

    My sense is this:

     

    An IP address may not route to only one internet host.  When we specify 1.1.1.1 or 8.8.8.8, what really happens is the packet gets sent into the internet where routers look in tables to find, "which path do I use to get to this IP?? (1.1.1.1 or 8.8.8.8)  If I am connected to Spectrum, then the Spectrum gateway says, "Oh, that is this way."  Someone connected to AT&T may be sent through a different path.

     

    What this dns "tool" appears to be doing is finding the final destination for DNS requests sent to a DNS resolver and reporting about them.  In my case, Cloudflare appears to run about 13 DNS servers on the IPv4 side and Google appears to run about 70 DNS servers.  Clicking on any of the entries brings up information about it, including who "owns" each of them.

     

     

    Summary:

    • I was unable to reproduce the idea that using the Orbi DNS produced different results than setting Static DNS entries on the Windows PC.  Neither of them reported DNS servers belonging to Spectrum.
    • My sense is that this "tool" makes a LOT of DNS queries in an attempt to find most the physical DNS servers, but it is not clear (to me) whether these DNS queries are being done from the user computer web browser or from the host computer.

    This forum provides "something new every day."