AC87U Router DNS Configuation

Discussion in 'other anti-virus software' started by Mortal Raptor, Dec 30, 2014.

  1. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    I had my ASUS AC87U Router setup to use ComodoDNS, now I changed it to Norton Safe since I switched my main AV to Norton Security, but what's weird is, when it was on ComodoDNS, under DNS 1, 2, and 3, it was all set to 8.8.8.8

    even after changing it to Norton Safe it remains @ 8.8.8.8 so I thought this can't be right that's the Google DNS Server

    So I went to the Norton Safe website and manually entered DNS 1 and DNS 2 in my router but DNS 3 remains empty.......

    what shall I put for DNS 3?
     
  2. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I explain DNS fairly well here;

    https://www.wilderssecurity.com/thre...etup-these-days.111264/page-1431#post-2423324

    Third will rarely be used, so you can toss OpenDNS or something in there. In larger organizations, it can round-robin to the 3rd entry, but not in your situation.

    Primary and Secondary is for failover. If the primary DNS is unreachable it will poll the secondary, but only if the primary isn't reachable. If you have an enterprise FW it's possible to assign DNS to specific segments, but as a rule the way you think it is working is not correct. There is no switching to the backup DNS server(s). In a busy enterprise environment DNS requests are distributed across all your nameservers relatively evenly. (This is done by querying servers using a round robin schedule.) If one or more name servers are down, requests will be retried on another nameserver after a timeout. In the home situation you will almost always poll the first name server. Another caveat, some crappy home routers won't even poll the secondary DNS, they'll return unresolved rather than taking the effort to poll the second one.

    So having OpenDNS(NS1) and Norton(NS2) is absolutely pointless if you are trying to do some sort of layered domain name scanning. It simply won't work. 'Layered threshold' sounds fancy, but it has no meaning in the context of DNS. There is a fancy way to setup a caching layer. NS1 caches, then NS2 verifies integrity, but you aren't going to be doing that with any gear you have running.
     
  3. Mortal Raptor

    Mortal Raptor Banned

    Joined:
    Oct 6, 2014
    Posts:
    1,013
    Thank you so much sir! very professional answer as usual!