[SOLVED] DNS Settings Overidden by ISP during PPPOE Authentication?

Toggle sidebar Toggle sidebar
Quadacon

Quadacon

Distinguished
Feb 16, 2013
302
0
18,810
Hi everyone.

I have a TP Link SafeStream router,

I have set my DNS setting to 1.1.1.1 in my router under the WAN configuration, in the same page that the PPPOE Authentication is. Now it is connecting properly, and the router displays the following:

Connection StatusConnected
IP Addressxxx.xxx.xxx.xxx
Subnet Mask255.255.255.255
Default Gatewayxxx.xxx.xxx.xxx
Primary DNS1.1.1.1
Secondary DNS1.0.0.1

It should be noted that I blanked out my IP address, the real address is obviously present in the router information :)

Now here is my problem, when I view the router system logs I see this:

WAN1: IPCP negotiation succeeded. (Local=xxx.xxx.xxx.xxx, Peer=xxx.xxx.xxx.xxx, DNS1=MY ISP's DNS SERVER, DNS2=MY ISP's DNS SERVER2, MTU=1492)

Again, I replaced my ISP's DNS servers with placeholder names, but you get the idea... the authentication process seems to be overiding my DNS preference.
Furtheremore, when I perform a traceroute, I get a number of my ISP's addresses, but nothing related to Cloudlflares 1.1.1.1 DNS.

I have also set the DNS preferences in my routers DHCP configuration, as well as on individual devices, it does not seem like I can avoid this. I have even tried creating a routing policy that routes all DNS traffic to 1.1.1.1, however in the routers route information, it simply hops from 1.1.1.1 to my ISP's DNS server...

Is there anything else I can try? I know I could use a VPN but I would prefer my entire network simply uses 1.1.1.1

Any thoughts, comments or solutions would be greatly appreciated
 
Solution
B
It depends if the ISP REALLY is intercepting the DNS. It is not really done via ppoe or dhcp it pretty much just looks for port 53 and then forces the traffic to it dns no matter what IP you put in. You would not even see it in the router configuration.

There are generally 3 DNS things in your path on most routers. The first is the one you get via DHCP or pppoe on the wan port. This tends to be the ISP DNS. Depending on the router you may or may not be able to over ride the DNS on the WAN port.

The next DNS is the one your router sends to your local machine via its DHCP server. This default is for the router to send its lan ip and the router will act as a DNS cache forwarding the results to the wan DNS. If you over...
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,309
2,749
125,640
It depends if the ISP REALLY is intercepting the DNS. It is not really done via ppoe or dhcp it pretty much just looks for port 53 and then forces the traffic to it dns no matter what IP you put in. You would not even see it in the router configuration.

There are generally 3 DNS things in your path on most routers. The first is the one you get via DHCP or pppoe on the wan port. This tends to be the ISP DNS. Depending on the router you may or may not be able to over ride the DNS on the WAN port.

The next DNS is the one your router sends to your local machine via its DHCP server. This default is for the router to send its lan ip and the router will act as a DNS cache forwarding the results to the wan DNS. If you over ride this it will send whatever IP you type in to the end machine.

The third and most important DNS is in the end machine. It will either learn it via DHCP or it will use what ever you key in.

So if in the end machine you key in 8.8.8.8 if should always use that one no matter the setting in the router. The exception would be if the ISP was actually intercepting the traffic with a firewall. You can generally tell by using the NSLOOKUP command to see if the ISP is intercepting since it will tell you.

True interception is hard to get past. You would have to use a DNS on non standard port. In the fairly near future it will no longer be possible to intercept or monitor DNS when microsoft releases the secure DNS feature as a standard function in windows 10.
 
  • Like
Reactions: SamirD
Upvote 2 Downvote
Solution
kanewolf

kanewolf

Titan
Moderator
May 29, 2013
37,301
3,272
156,790
Quadacon said:
Hi everyone.

I have a TP Link SafeStream router,

I have set my DNS setting to 1.1.1.1 in my router under the WAN configuration, in the same page that the PPPOE Authentication is. Now it is connecting properly, and the router displays the following:

Connection StatusConnected
IP Addressxxx.xxx.xxx.xxx
Subnet Mask255.255.255.255
Default Gatewayxxx.xxx.xxx.xxx
Primary DNS1.1.1.1
Secondary DNS1.0.0.1

It should be noted that I blanked out my IP address, the real address is obviously present in the router information :)

Now here is my problem, when I view the router system logs I see this:

WAN1: IPCP negotiation succeeded. (Local=xxx.xxx.xxx.xxx, Peer=xxx.xxx.xxx.xxx, DNS1=MY ISP's DNS SERVER, DNS2=MY ISP's DNS SERVER2, MTU=1492)

Again, I replaced my ISP's DNS servers with placeholder names, but you get the idea... the authentication process seems to be overiding my DNS preference.
Furtheremore, when I perform a traceroute, I get a number of my ISP's addresses, but nothing related to Cloudlflares 1.1.1.1 DNS.

I have also set the DNS preferences in my routers DHCP configuration, as well as on individual devices, it does not seem like I can avoid this. I have even tried creating a routing policy that routes all DNS traffic to 1.1.1.1, however in the routers route information, it simply hops from 1.1.1.1 to my ISP's DNS server...

Is there anything else I can try? I know I could use a VPN but I would prefer my entire network simply uses 1.1.1.1

Any thoughts, comments or solutions would be greatly appreciated
Click to expand...
Looking at the manual, for a SafeStream router (you didn't provide a model number), you can set the DNS for your DHCP clients in the DHCP screen. This will override the ISP setting. It won't provide the caching that the router would otherwise provide.
The other option I would recommend is to create a PIHole with a Raspberry PI. Set IT to use 1.1.1.1.1 as the primary DNS and set your DHCP clients to use the PIHole as the local DNS.
 
Upvote 1 Downvote
Quadacon

Quadacon

Distinguished
Feb 16, 2013
302
0
18,810
bill001g said:
It depends if the ISP REALLY is intercepting the DNS. It is not really done via ppoe or dhcp it pretty much just looks for port 53 and then forces the traffic to it dns no matter what IP you put in. You would not even see it in the router configuration.

There are generally 3 DNS things in your path on most routers. The first is the one you get via DHCP or pppoe on the wan port. This tends to be the ISP DNS. Depending on the router you may or may not be able to over ride the DNS on the WAN port.

The next DNS is the one your router sends to your local machine via its DHCP server. This default is for the router to send its lan ip and the router will act as a DNS cache forwarding the results to the wan DNS. If you over ride this it will send whatever IP you type in to the end machine.

The third and most important DNS is in the end machine. It will either learn it via DHCP or it will use what ever you key in.

So if in the end machine you key in 8.8.8.8 if should always use that one no matter the setting in the router. The exception would be if the ISP was actually intercepting the traffic with a firewall. You can generally tell by using the NSLOOKUP command to see if the ISP is intercepting since it will tell you.

True interception is hard to get past. You would have to use a DNS on non standard port. In the fairly near future it will no longer be possible to intercept or monitor DNS when microsoft releases the secure DNS feature as a standard function in windows 10.
Click to expand...

Thank you for your response, This makes sense to me, and it seems like the DNS settings in my DHCP options do seem to propogate throughout the network. I can infer this as the nslookup command returns my 1.1.1.1 address. My only confusion at this point is caused by my tracert output (traceroute). I get alot of the followiong:

5 10 ms 5 ms 10 ms bundle-ether6.woo-core1.[MY_CITY].[MY_ISP].net
6 19 ms 15 ms 16 ms bundle-ether20.chw-core10.[MY_CITY].[MY_ISP].net
7 18 ms 16 ms 16 ms bundle-ether1.chw-edge903.[MY_CITY].[MY_ISP].net

Could you explain why despite my DNS settings set to 1.1.1.1, my traffic seems to be hopping around through my ISP's network?
Perhaps I am missing something and that these addresses in my tracert are not relevant to my DNS? When I connect my VPN, I do not see any of my ISP's addresses in the tracert output.
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,309
2,749
125,640
Not sure your question. If you were to tracert to the VPN end point you would likely see some of the same hops but it depends if the vpn server takes the same path. When you have the vpn active the traffic appears to go in 1 hop between your machine and the vpn end point but in reality it actually passes through all the intermediate routers. It is just the VPN pretends it has a long cable between your machine and the vpn server.

DNS is nothing really that special all it does is translate the name to a IP address. It has noting to do with the path data takes getting to that IP address. What confuses people sometimes is different DNS servers can resolve a name to different IP addresses. This is some of the trickery used by very large companies to make it appear that a bunch of different physical servers is actually 1 single machine.
 
  • Like
Reactions: SamirD
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom