Here is my situation:
- WAN is 4GLTE through Calyx (Inseego MiFi 8000 providing LTE connection to TMobile/Sprint).
- Inseego MiFi has option to auto-DNS or manual DNS. I sometimes vary between the two. Right now is auto-DNS to presumably T-mobile servers (10.177.0.x - confirmed from hotspot lgs).
- MiFi is USB tethered to surf soho. Currently WiFi as WAN is disabled on hotspot (although configured as backup on Soho). Figure I don’t need to expose wireless network if not necessary.
- On the SurfSoho - 4 WLANs configured - for work access, general home access, IOT/TV access, and general guest access.
- On a laptop connected to the work access WLAN, an “Ipconfig /all” returns the google DNS servers (8.8.8.8 and 8.8.4.4) as set (even though I did not have DNS proxy enabled on the surf soho). Flushing DNS still restores DNS servers (again - without surf soho DNS proxy enabled)
I would LIKE the DNS servers on the hotspot to propagate throughout the network. I ASSUME this would be done by enabling DNS Proxy in the LAN Network settings, and then enabling “Assign DNS server automatically” for DHCP server for all WLANs - but I’m not 100% certain (last I looked, DNS proxy was NOT enabled, and devices connected to a WLAN were still getting DNS settings - although only from google DNS servers).
I guess my DNS for Dummies questions are:
-
What would the expected behavior for DNS be with DNS proxy DISABLED on the soho, and the DNS only being set on the hotspot as near as I can tell. This is how I have things currently configured.
-
What would the expected behavior for DNS be with DNS proxy ENABLED on the Soho? (with or without Google back-up). My expectation is that having it enabled, and having “assign dns server automatically” enabled on all LANs would propagate the hotspot DNS settings to all WLAN-connected hosts.
-
Why is my laptop showing the google DNS servers, even though I can’t see them configured/used on the surf soho OR the hotspot?
TIA for any responses/clarity
The clients will use whatever DNS servers have been assigned to them via DHCP - in this case it seems that google DNS as been assigned. What do you have set in the LAN DHCP settings on your SOHO?
Manual DNS lets you set specific DNS servers for your SOHO WAN to use. Auto will likely use the ISP DNS servers.
They are being set by the DHCP server in the SOHO I would suspect. What DNS servers do you have set on your WANs currently? I think these are passed through to the LAN clients when ‘Assign DNS server automatically’ is ticked in the LAN settings on the SOHO.
Two ways. If you know what the DNS servers are you could set them in the LAN DHCP server options Manually. Otherwise you want to enable proxy, set your LAN clients to use the SOHO for DNS then set the hotspot DNS as the preferred DNS servers.
Thanks for the response. This is how I have it currently set up. Not sure how my laptop is getting the google DNS assignments:
On the Hotspot - auto-DNS, verified via log that assigned from T-Mobile:
On the USB Tether/WAN Uplink - surf soho is picking up address via DHCP from mifi. Note - wifi from hotspot is disabled - this is strictly over USB tether (but I don’t see any settings on mifi specific to tethering beside Internet Access via USB Only).
On the Soho -
WAN set to obtain DNS (from hotspot) automatically. Health check disabled to rule that out.
LAN set (all 4 similar config) to assign DNS automatically (again - presumably from hotspot):
DNS proxy disabled on all LANs.
Soho logs indicate DNS requests going to google for unknown reason:
Laptop - after ipconfig /release / renew / dnsflush etc still shows google as DNS provider:
Switching to Enable DNS Proxy on LAN does not seem to stop queries to google DNS. Searching SURF soho log still shows entries.
It wouldn’t by itself. Enabling DNS proxying just means that your SOHO will respond to DNS requests and forward on to external DNS servers as needed.
You can enable Service Forwarding which will grab LAN side dns requests and redirect them via the dns proxy.
What DNS servers are set on the current WAN connections?
It was set to auto-get them (resulting in 10.177.0.N addresses - which are presumably T-mobile or sprint DNS servers). I then switched them to Level3 4.2.2.N addresses to see if that would change anything on my laptop… but it didn’t seem to make any difference to the returned servers (still google).
Enabling that DNS Forwarding Setup did seem to get rid of the google DNS queries though. Previously, looking at logs, the Services would list Google and DNS (on 443? and 53) for the dest IP of 8.8.8.8 - Now, enabling DNS forwarding setup, there does not appear to be any DNS service listed in the logs, and Google service is being sent to lga25s73-in-f14.1e100.net (whatever that is - apparently also google-related somehow!)
EDIT - Keeping this set led to various DNS_NX_DODOMAIN errors, so disabled DNS forwarding setup and DNS caching.
)
OK. So enable DNS Proxy on the SOHO, edit your LAN DHCP Settings on the SOHO so that the SOHO IP is allocated as the DNS server to your LAN clients, then set your preferred DNS settings (which will be the T-Mobile DNS).
However, mobile ISP DNS servers are generally crap - which is why everyone uses Google and Cloudflare DNS servers…
In the old days, the router and DHCP were in charge, assuming the router client did not configure their own DNS servers.
Now, with secure DNS, the web browser is in charge. If the browser is using secure DNS, that gets used regardless of anything the router does and regardless of the manual DNS settings in the router client device. So, the client OS can be using old DNS with Google, while browser 1 is using secure DNS with Cloudflare and browser 2 is using secure DNS with Quad9.
There are assorted “testers” here
On Windows, there are two DNS tracing/logging apps at nirsoft.net that can verify whats happening.
Don’t even mention VPNs, which complicate things further. And, iOS enables each app to set its own DNS servers (pretty sure).
1 Like
