Secondary DNS Server

[tox-pal 0]

What do you use as a secondary DNS server? According to the tutorial ( https://airvpn.org/asuswrt/ ), first server should be 10.4.0.1 (which I use) and second should be from https://www.opennicproject.org/nearest-servers/

 

However, I don't want to use external DNS servers (since I'm worried about unencrypted requestsDNS leaks). What would you recommend?

[OpenSourcerer 1435]

Primary is of course 10.4.0.1. I use 0.0.0.0 as secondary server. Will point to the server OpenVPN gets by PUSH_REPLY.

[go558a83nk 362]

is the router not switching to VPN DNS automatically upon connection? 

 

If you must have more than 1 DNS input then I would make up a fake internal address such as 10.20.40.80 or something that you know can't be routed.

 

Or give 0.0.0.0 a try.

[zhang888 1066]

For best performance it would be better to use 10.5.0.1 as the secondary DNS.

This will still work, however your system queries will not have to wait for SRVFAIL

or NXDOMAIN answers, like it will be the case if you don't specify a real address.

This might save you a few seconds while browsing, especially if your OS decides

to query those servers at a random order.

[OpenSourcerer 1435]

The time difference would be marginal.

 

(Sent via Tapatalk - this generally means I'm not sitting in front of my PC)

[Guest]

My personal points of view is that I saw countless claims from Airvpn that it Airvpn DNS is running in encrypted channel which I do not know how they did for the setup and routing. Thus I prefer using Dnscrypt with DNSSec enabled which running on third parties logless dns servers in parallel with Airvpn vpn connection.

[Staff 9972]

My personal points of view is that I saw countless claims from Airvpn that it Airvpn DNS is running in encrypted channel which I do not know how they did for the setup and routing.

 

Ok, here's the explanation once (and hopefully for the last time ) again.

 

The DNS server runs in the VPN server and has a VPN IP address, therefore you can contact it (and receive replies from it) only inside the encrypted tunnel. When the VPN DNS server must contact authoritative DNS servers etc., it follows the very same procedure of any DNSSEC-based server.

 

That's why using our VPN DNS makes DNSSEC superfluous in general terms, and sometimes better, because of performance and because with VPN DNS you can resolve host names in the OpenNIC and NameCoin namespaces, and use the experimental micro-routing system, which is cute when you need it.

 

Kind regards

[tox-pal 0]

Once I enter 10.5.0.1 as secondary DNS server into my router, VPN connection stops working because of "openvpn[11287]: RESOLVE: Cannot resolve host address: europe.vpn.airdns.org: Name or service not known" error. If I don't use it, VPN is OK.

[OpenSourcerer 1435]

Once I enter 10.5.0.1 as secondary DNS server into my router, VPN connection stops working because of "openvpn[11287]: RESOLVE: Cannot resolve host address: europe.vpn.airdns.org: Name or service not known" error. If I don't use it, VPN is OK.

 

Primary is of course 10.4.0.1. I use 0.0.0.0 as secondary server. Will point to the server OpenVPN gets by PUSH_REPLY.

 

The time difference mentioned by zhang is very negligible.

[tox-pal 0]

I can't use 0.0.0.0 because the router doesn't allow me to enter it (invalip IP address error is displayed).

[go558a83nk 362]

are you using Merlin Asus firmware?

[dj77 6]

Use 10.0.0.0