NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
How to get Orbi to pass through DNS information in DHCP?
I have an Orbi RBR50 running Firmware Version V2.5.1.16. I'm using its DHCP feature. The problem is that no matter what settings I try in the configuration, it always hands out client leases with the...
SunriseMan wrote:That wasn't my question.
A DHCP server gives DNS addresses to devices. Orbi's DHCP server is broken and always gives the router's address as the DNS address. So my Windows computer thinks that the DNS address is 192.168.1.1, rather than the address I configured.
I use a service that supports DoH. But Windows (again, for now I'm talking about the Insider versions, but this will soon be true for release versions as well) detects that by just trying to do a DoH request. And that will always fail, because the Orbi doesn't support DoH.
No I understood what you were saying. Most all home user routers are, as you stated, broken.
And I am currently on Windows 10 Preview Build 20201.
There's still a lot of debate over whether DoH is good or not, and I'm sure a lot will change before it is available in public versions of Windows 10.
Most people rely on DNS to block malware, enable parental controls, or filter the browser’s access to websites. When DoH is enabled, it bypasses the local DNS resolver and defeats these special policies.
Mstrbig wrote:Most people rely on DNS to block malware, enable parental controls, or filter the browser’s access to websites. When DoH is enabled, it bypasses the local DNS resolver and defeats these special policies.
That's only true because people have to set up the DoH manually rather than having it be supported by the underlying OS. With the implementation in the Preview version of Windows, it still uses the DNS server provided by DHCP, it just tests that server to see if DoH will work. So the security or content controls of the DNS provider will still apply.
This applies to the concerns CrimpOn mentioned as well. However, I don't understand why DoH adoption would have an impact on the need for router firmware updates. It'll probably increase the urgency for one update to provide an option to avoid DHCP proxying, but I don't see any reason there would be less need for updates after that.
SunriseMan wrote:That's only true because people have to set up the DoH manually rather than having it be supported by the underlying OS. With the implementation in the Preview version of Windows, it still uses the DNS server provided by DHCP, it just tests that server to see if DoH will work. So the security or content controls of the DNS provider will still apply.
This applies to the concerns CrimpOn mentioned as well. However, I don't understand why DoH adoption would have an impact on the need for router firmware updates. It'll probably increase the urgency for one update to provide an option to avoid DHCP proxying, but I don't see any reason there would be less need for updates after that.
Having just become aware of this development today, it seems to me that this is going to a long, complicated rollout. There must be 100's of different consumer router models installed. Even a "simple" router update to avoid DNS proxying has to be developed, tested, and rolled out by manufacturers who have shown little interest in updating firmware. (Verizon sold the Orbi to customers and has never issued a firmware update.) Suppose the default changes from "DNS Proxy" to "include the DNS server we got from the ISP in our DHCP response." That means every ISP DNS proxy has to be reprogrammed.
This is sort of "Deja Vu" for me. When was IPv6 announced as the "solution to IPv4 running out of numbers"? And here we are in the middle of 2020. DoH is going on my list of "things to watch out for."
CrimpOn wrote:Suppose the default changes from "DNS Proxy" to "include the DNS server we got from the ISP in our DHCP response." That means every ISP DNS proxy has to be reprogrammed.
I don't understand what you mean. All home routers, including the Orbi, can do the necessary NAT to let computers access the ISP's DNS servers directly. Look at the attached screenshot -- that's me accessing my ISP's DNS going through my Orbi. (10.10.10.1 is the address of my Orbi, which is why it's my default DNS server.)
I've also used routers that don't do DNS proxying, gone through periods where I had a separate server running DHCP that passed my ISP's DNS servers, and have had computers with static addresses that used the ISP's DNS servers. I assure you that all of these scenarios work, and have worked since I got my first home router decades ago.
SunriseMan wrote:I don't understand what you mean. All home routers, including the Orbi, can do the necessary NAT to let computers access the ISP's DNS servers directly. Look at the attached screenshot -- that's me accessing my ISP's DNS going through my Orbi. (10.10.10.1 is the address of my Orbi, which is why it's my default DNS server.)
I've also used routers that don't do DNS proxying, gone through periods where I had a separate server running DHCP that passed my ISP's DNS servers, and have had computers with static addresses that used the ISP's DNS servers. I assure you that all of these scenarios work, and have worked since I got my first home router decades ago.
Unfortunately, you are mixing up the scenario and are confused with regard to DoH and DNS proxying. You accessing your ISP's DNS is elemetary, as many user can and have been using their provider's or third party DNS servers for a very long time. However, if the DNS servers used don't support DoH, there will be no DoH.
With regard to the whole DoH implementation on the Orbi or any other router, the manufacturer would have to update their firmware as that is where the OS resides running the Orbi or any other router's program. This is why third party companies like Cisco, offer DoH for those who need it. Software based, like in Microsoft's new OS, will allow users to set it up on each of their PCs, if needed. However for full network, you would need a dedicated server, switch, or ISP that supports DoH.
And back to the argument of protection, once DoH is implemented, users may have to up their game of virus, malware, etc. protection as a trade off.
