I had my ASUS AC87U Router setup to use ComodoDNS, now I changed it to Norton Safe since I switched my main AV to Norton Security, but what's weird is, when it was on ComodoDNS, under DNS 1, 2, and 3, it was all set to 8.8.8.8 even after changing it to Norton Safe it remains @ 8.8.8.8 so I thought this can't be right that's the Google DNS Server So I went to the Norton Safe website and manually entered DNS 1 and DNS 2 in my router but DNS 3 remains empty....... what shall I put for DNS 3?
I explain DNS fairly well here; https://www.wilderssecurity.com/thre...etup-these-days.111264/page-1431#post-2423324 Third will rarely be used, so you can toss OpenDNS or something in there. In larger organizations, it can round-robin to the 3rd entry, but not in your situation. Primary and Secondary is for failover. If the primary DNS is unreachable it will poll the secondary, but only if the primary isn't reachable. If you have an enterprise FW it's possible to assign DNS to specific segments, but as a rule the way you think it is working is not correct. There is no switching to the backup DNS server(s). In a busy enterprise environment DNS requests are distributed across all your nameservers relatively evenly. (This is done by querying servers using a round robin schedule.) If one or more name servers are down, requests will be retried on another nameserver after a timeout. In the home situation you will almost always poll the first name server. Another caveat, some crappy home routers won't even poll the secondary DNS, they'll return unresolved rather than taking the effort to poll the second one. So having OpenDNS(NS1) and Norton(NS2) is absolutely pointless if you are trying to do some sort of layered domain name scanning. It simply won't work. 'Layered threshold' sounds fancy, but it has no meaning in the context of DNS. There is a fancy way to setup a caching layer. NS1 caches, then NS2 verifies integrity, but you aren't going to be doing that with any gear you have running.
