Weird issue with ER605 V2, DOH and Static Routes.
Weird issue with ER605 V2, DOH and Static Routes.
I am playing around with blocking DNS servers, after my Raspberry PiHole died. I am trying both NextDNS and ControlD and have set them up in Services/DNS Proxy/DOH and everything is working, and I can switch between them without issue.
I noticed that my Roku TV was still making calls to Google's servers at 8.8.8.8 and 8.8.4.4, so I set up two static routes, in order to push the requests back to the router/DOH. With the static routes, everything works. But if the static routes are enabled, and I switch from one DoH to the other, I lose the network, which then takes about 20 minutes to sort itself out. Now if I disable the routes and then switch the DOH servers, and then re-enable the routes, everything works right away.
I read about blocking Google's DNS servers, and it is pretty straightforward. There are many guides for multiply brands of routers. I did notice some of the guides suggest setting the metric to "2", but I have no idea if that would make a difference. TP-Link says the metric is a priority setting, yet some routers say it the number of hops, so I left it at "0", default as suggested by the "?" link in the ER605.
Any idea why it would do this?
Thanks!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
How do I know DoH is working?
I tried blocking DNS as you suggested, and seems to work when specifying an static DNS address to my clients, such 8.8.8.8
However, when I set my clients DNS address to ER605 gateway, it seems to being forwarded to WAN's default DNS servers (ISP DNS).
I think this is happening, because HTTP requests are being served even with DoH disabled (if DNS server on client is set to ER605 ip address).
- Copy Link
- Report Inappropriate Content
That is expected.
If you disable DoH (Proxy) then the router falls back to normal DNS when replying to DNS queries coming from your clients.
You can do port mirroring (Network >> Switch >> Mirrored WAN port X,Y to mirror LAN port Z) and connect/use Wireshark (on mirrot LAN port Z) to see the effect.
- Copy Link
- Report Inappropriate Content
Could you help me configure the DoH service?
I should only enable the DoH service, and in DHCP settings assign the ER605 IP as the DNS address?
- Copy Link
- Report Inappropriate Content
To check if DoH is working, would it be an option to (in case of using e.g. Cloudflare) go to https://1.1.1.1/help and it will show you if you're currently using DoH or not when resolving names?
- Copy Link
- Report Inappropriate Content
Thanks
This tool allowed to test 1.1.1.1 and seems to work fine
It seems google DoH proxy isn't working
I got DNS errors
- Copy Link
- Report Inappropriate Content
I noticed also that DoH wasn't not working sometimes, but you can use DoT and it works perfect, both for Google and Cloudflare.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3034
Replies: 16
Voters 0
No one has voted for it yet.