NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
br200 DHCP DNS server configuration
Dear community, I have a BR200 with firmware 5.10.0.5. I have succesfully setup multiple vlan's and corresponding DHCP services it is all working nicely. However, the iPhone complain that the...
Well, all Netgear and many other router products with DNS relays or the like make some iOS systems complain. None of these systems are supporting neither DNSSEC, nor DoH, not DoT.
Haaino wrote:
To compensate for this I want to use the public DNS server 9.9.9.9. I already configured this DNS service to be used in the BR200 in the WAN interface. How can I configure the DHCP service parameter that the DHCP clients also use this DNS service?
Nothing we can do for now. Supporting DNSSEC requires much more than just adding a DNSSEC capable DNS resolver.
Haaino wrote:
If I configure the DNS service on my iPhone manually to use 9.9.9.9, the iPhone no longer complains.
Keep in mind that DoH and/or DoT are not ready for prime time for various reasons - most ISPs don't offer the required discovery options (draft level at max), so no implementations in the real world.
Apple has a big trend in pushing privacy features into the world - like the cumbersome default "Private Address" making big problems in SOHO and business environments where the random MAC address (that's what it really is) is used for identification, access control, parental controls, ... assigning reserved IP addresses, .... and much more.
Thank you for your answer, although I was hoping for a solution. But situation is as it is unfortunately
however, something does make me wonder. If I manually configure the 9.9.9.9 as the dns service, my iPhone stops complaining. Why does this work?
and secondly, how can i configure any dhcp attributes in the br200? Or can I better use a different dhcp service?
Haaino wrote:
If I manually configure the 9.9.9.9 as the dns service, my iPhone stops complaining. Why does this work?
Because of DNSSec is an extension of the DNS protocol. While the DNSSec extensions are available on .9, the DNS resolver/relay on the Netgear routers (and many more) does not handle these.
For my curiosity, would you mind to share a screenshot of the iPhone complaint?
Overall, it's still not the world's greatest idea to send your own DNS queries to a business where most don't know anything about it. This is becoming more crucial when you think about DNS with DoH or DoT - the US NSA and CISA before published do's and don'ts for Adopting Encrypted DNS in Enterprise Environments (PDF) - most applies to DoG, too. DoH and DoT can impede analysis and monitoring of DNS traffic for cybersecurity purposes, DoH and DoT can be used to bypass parental controls which operate at the standard plain text DNS level, ...
Not everything Apple does suggest - lie the crazy random MAC address (they promote it as "Private Wi-Fi Address") - does make sense in an enterprise, business, small business and even at home.
Haaino wrote:
how can i configure any dhcp attributes in the br200? Or can I better use a different dhcp service?
Unfortunately, Netgear left out plenty of features on the BR500/BR200 specs.
Thank you very much that you are helping my out! I appreciate this.
It's in Dutch. Roughly translated: one picture says "privacy warning". And the other explains that the DNS service (a.k.a. the Netgear router) is intercepting the DNS traffic and could potentially monitor this.
I under your remark about external DNS services, and you are quite right about it! No denying about it. In this particular case the .9 DNS service has a relative good reputation and privacy restrictions.
My question still is: how can I configure the DHCP service on the BR200 router so that the clients get .9 DNS service automatically assigned? If I would like to host my own DNS service, that this question becomes more relevant.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
