Additional DNS support

---

 wrote:

I need to manually assign DNS everything. My 10 year old router has this feature and how does Netgear does not have this feature?

---

What's wrong with the ISP assigned DNS and/or the Netgear DNS reflector in place? 

Yes, many routers (other brands) have it for decades - but it's also creating confusion. 

---

 wrote:

It's causing me DNS issues I think.

---

The absence of this feature does not cause issues...either the Netgear router DNS code does, or the ISP DNS might be "filtered" for whatever some over-smart ISP people think is adding security.

@ schumaku I don't think you quite understand the issue.

I would have been happy with my ISP's direct IP being forwarded to all my devices. I would have been happy if the IP Address that I told the router to use would have been forwarded to my clients. What I'm not happy with is that the router itself is running a buggy DNS implementation.

I believe I may fall in with the "over-smart ISP" people that you're talking about, but I assure you, this request has nothing to do with security. In fact, the router is the backbone of a home network -- it's the most trusted device in the chain. The problem that I have is that the router allows you to enter a DNS server of your choice. When a client sends a DHCP request, the router is responding and providing the router's internal IP address instead of the one you provided.

Internally, the router is running a DNS server and anything it can't answer, it sends on to the IP address you define (or the one specified by your ISP in the initial DHCP request). There really is no problem with this, as long as the DNS server is robust enough to handle the requests. The netgear implementation is not.

Over time, the DNS service starts to get slow. Your internet appears to slow down, and just like the DNS Service, your internet suddenly stops responding. Again -- this apparently doesn't happen to everyone, but it's very easy to observe when it happens.  Simply changing the clients DNS to an external DNS server resolves the issue.

This is an advanced networking device. It's geared towards power users and marketed at a premium price. The ability to modify the DNS server offered up when the client makes the DHCP request for it is not an unusual request.

While the lack of this feature doesn't, in itself, cause issues, the lack of an alternate method and an under performance DNS service does.

It's obvious netgear isn't going to resolve this issues, even though it was be very easy to implement as an optional setting that could default to their behavior.

There is a solution that they could use to make everyone happy...

Chir Points noted and I will take up the priority internally. Hope to give better answer soon. 

Correct, the only way I was able to get around this was to install a separate DHCP Server inside my network. But this breaks parental control and the device block that is featured in the app. 

It's not hard to do, specify another device as DNS server, or use alternate DNS Server for a DHCP table. 

@ schumaku, I agree with Chri, you don't understand the issue.  There are numerous issues with security, and performance issues directly correlated to utilizing the Router as the DNS provider. Parental Controls, centralized Network-based anti-malware, and ad-block filtering. There are quite a bit more things that live off of DNS. I understand your frustration and comment of  "over-smart ISP people", but some of us would like to tweak a $200+ product to meet our needs when the old $50 devices had this capability.  It's ok if you don't understand, the engineers hopefully do and possibly they can provide a capability so the geeks can continue to use these SOHO devices and not have to migrate to another brand. 

Not to beat a dead horse here... (and security aside) but many web pages result in dozens and sometimes hundreds of DNS queries, mostly due to all the advertising present. Any latency resolving all those DNS lookups just compounds the user experiencing "slowness" in a page load. I've tested DNS performance and the router is ADDING latency, not improving it. Wasn't one of the primary reasons for including a DNS resolver/cache inside the router in the first place to SPEED UP DNS lookups by caching them locally? If it's not REDUCING the DNS latency then it's only slowing things down.

Chir no reason to be negative - I've asked exaclty the questions to the point.

AbhayB Let's see if Netgear will be able to ensure the built-in dnsmask will crawl down almost to a hold (or beyond). Many Netgear routers are known to come with basically wrong and/or unsupported dnsmasq configurations. Adding user supplied DNS server IPs (IPv4 and IPv6!) by DHCP scope [e.g. the BR500 must have a control by VLAN DHCP pool] is just one of the many missing features.

At this point in time, it's obvious Netgear doesn't care about this feature. It's been almost 3 years since this issue has been opened and we've yet to see Netgear acknowledge anything about it...

Move on, and do either of the following:

1. Continue as it is and use the internal DNS forwarder.
2. Disable DHCP server of the router and provide your own.
3. Make request to open source the Hardware NAT translator drivers so that we can get the same performance on custom firmwares and use those instead.

I'm using Pi-Hole's DHCP server for the moment. I would rather use DD-WRT or OpenWRT to do it but routing performance on those firmwares were inferior compared to the stock firmware (last time I tried). I wasn't able to maintain a stable connection on full load.

I've learned from this experience and I will not be buying a Netgear device when it will be time for a refresh, that's for sure. I'm with all of you on this, a $200 device(at the time) should include such feature, especially when the device is targeted toward demanding customers.

HTBruceM  To my knowledge the dnsmasq config isn't configued to speed-up or cache anything ... see "cache-size=0" ... 

But to make it worse - and on the R9000/R8900 this was removed a while ago as we spent a lot of time dealing with Netgear - was the "try-all-ns" config ... an option no longer in dnsmasq config and docs for years (if not a decade). What it does enforce is fatal: Every request will be sent to all the typically up to three ISP or Internet connection configued DNS IPs and not come back with a valid answer before all DNS servers have replied. Complete silly. And I'm convinced this nonsense is still in place on many Netgear router models (Cxxxx, Dxxxx, Rxxxx, Nighthawk, Orbi, whatever).

As a side effect,  it does make dnsmasq return a wrong status code if a domain can't be resolved.

root@R9000:/etc# cat dnsmasq.conf 
# filter what we send upstream
domain-needed
bogus-priv
localise-queries
no-negcache
cache-size=0
no-hosts
try-all-ns
root@R9000:/etc# 

Everything explained up and down in the community already - trouble is this information has't made it as a mandatory design change to ALL Netgear products AbhayB 

PS. Yes, agree I don't understand a **bleep** - I'm pissed about the attitude of some [other] users here.

schumaku and AbhayB 

It is actually causing an issue for me and all the devices connected to the R7000.

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7000-sometimes-pages-not-loading-need-to-reload-them-to-get/m-p/1714101

I fixed it by manually setting the DNS on my computer's IPv4 settings.

And I used the same DNS (Cloudflare DNS) on both the router and the computer.

Yet, if I don't set the DNS on my computer (and use the router as the DNS), websites will not load every 2 - 3 minutes.

It's a temporary work around but I cannot ask every single person connceted to my router to manually set their DNS. 95% of them don't even know what a DNS is. They are just an average Joe.

Just to pile on, I think this is a pretty basic feature and reasonable request. There are a growing number of users who are savvy enough to want to run their own dns servers for a number of reasons. PiHole being a popular option these days. I don't particularly want to run dhcp server in order to get this capability as I find it nicer to have things like the reservations presented in the router UI. 

But on a related note, the default config set on the router for it's dnsmasq seems a bit strange. Even a modest cache would produce measurable improvements in web browsing activity. 

So basically this feature would enable 3 things for me.

1. The ability to filter and blacklist unwanted hosts (Basically Pi-Hole)

2. The ability to decrease resolution latency by enabling a local cache.

3. The ability to provide lookups for local LAN systems by intercepting DNS requests and rewriting them myself (much like the orbie does for orbilogin.com)

It's not a big ask here, the plumbing is already in place for you to provide these features since you are using dnsmasq already to provide dhcp/dns on the router. We probably aren't asking more than an afternoon of development time and I would guess you probably have people on staff who have toyed with the idea or have personal builds that allow for this type of override.