03-15-2017 01:30 PM
I've had my ERX in production for about a year but just realized my DNS config might be wonky. Here's my setup:
1. I went under System and in the Name Server field I added my two ISP primary DNS servers, then saved changes.
2. In DHCP > DNS I chose the interface of Switch0 (which has all my production VLANs) and clicked Add Listen Interface, then saved changes. My clients are set to use the ERX as primary DNS, and ISP DNS as secondary.
If I run "show dns forwarding statistics" I show "0 queries sent" even after several days. And if I use nslookup and my local ERX as the server, it will not resolve FQDNs. I'm assuming since I can browse to various sites, it's still resolving ok off the secondary DNS servers, but I'd like to get the local cache working to get that resolution speed boost :-).
Can you help me figure out what I'm missing?
03-15-2017 01:45 PM - edited 03-15-2017 01:49 PM
Under System, the only nameserver should be 127.0.0.1.
In DHCP settings for each DHCP pool you have (under Services --> DHCP Server, then choose View Details for your LAN from the menu on the right), be sure the "DNS 1" setting is the router's LAN IP, and "DNS 2" is blank.You want to hand out the router as the DNS server to devices on your network.
Then, under Config Tree, navigate to services -> dns -> forwarding, add as many name-server directives as you'd like, each with the IP address of a nameserver you'd like to forward to. I have two entries there, for the two OpenDNS nameservers.
Once you get it, "show dns forwarding nameservers" should show the name servers you put in the config tree, while 127.0.0.1 should be shown as a nameserver not configured for forwarding.
03-15-2017 02:19 PM
Hey thanks for the quick response. Ok so the only possible snag with my config is on some of my VLANs I want to hand out OpenDNS, and on others I want to hand out the standard ISP ones.
So I'm assuming on DHCP scopes where I want the standard ISP ones, I just set DNS1 to the appropriate LAN IP for that subnet, and on the ones where I want OpenDNS to be the resolvers, I set those explicitly in DNS1 and DNS2?
03-23-2017 09:10 AM
Thanks both of you. I had tried @gfunkdave's suggestion but ultimately broke DNS resolution altogether. While I was figuring that out I just happen to hear about Pihole from somebody at work (https://pi-hole.net/) and installed that to block ads. So while I haven't tried further troubleshooting (or @16again's solution) I'm good to go for quick, local (and ad-blocking!) DNS resolution for now. Thanks all.