I want to change the DNS (Domain Name Service) server used by specific computers in my control.
I know how to do this on the computers and on the router.
What I want to know is if I do it on just one, which one will win?
Doing Google searches seems to garner conflicting information. Some people claim you can do either the computer or the router and that magic will happen and the one you want will be the one you get. Bunk.
I’m not at home where I could run empirical tests and I need the answer soon to apply it to some testing information I need to provide. (TMI?)
So: Let’s take it for granted that neither the router nor the PC is set to the “get DNS settings automatically” option. If I set a DNS on my PC will it override the router’s DNS? If I set a DNS at the router will it override the setting on the PC?
I did an ipconfig/all and see that my DNS Server is shown as 192.168.1.1 (my router). Makes sense as my PC is set to obtain the address automatically.
I changed my TCP/IP network properties to use Google DNS (8.8.8.8). I then did another ipconfig/all and see the DNS server is now showing as 8.8.8.8.
What I don’t know is how the router somewhere upstream of me is configured, so my question still stands–if something is programmed there, will it override what I have done?
If all of the computers use DHCP, and they get their IP and DNS addresses from the DHCP server (usually your router) then they will get the new DNS configuration the next time they request an IP configuration (computer restart or an IP release/renew, etc). Until then, they will continue to use the DNS that they have in their configuration.
If you change the DNS configuration on a specific computer, it will use those new changes immediately.
On some systems, the DHCP server also serves as the DNS server, although it may or may not actually cache DNS addresses (it may just forward all DNS requests to the ISP’s DNS server). In this case, changing the DNS configuration here would cause all computers on the local network to use the new DNS servers immediately. This appears to be the way your system is set up since the router is acting as the DNS server.
Entering a new DNS configuration in a computer will cause that computer (and only that computer) to bypass the router for DNS requests. Whenever the computer requests a new IP configuration (when its configuration expires or the computer is rebooted, etc) it will probably get the DNS configuration from the router and overwrite the change you made.
I’m confused. If I set the TCP/IP configuration to always use (let’s say) 8.8.8.8 won’t that remain true even from reboots, etc?
My guess from what you said before that (which I can’t confirm until I can get programming access to both the computer and the router) is that changing the router will affect everything connected to it. But if I also change the computer, that will override the router. Correct?
And when I re-boot the computer, I would expect it to continue overriding the router?
You should set your PCs to use your router as the primary DNS so that it handles local traffic. This is typically done by DHCP. Your router should be set to forward to an external DNS (e.g. Google) for the requests it cannot handle. If the router cannot do that, you should set DHCP so that the router hands out itself as the primary DNS and the external DNS as the secondary DNS.
Changing the router’s DNS forwarder will affect everything that has the router as its DNS server, either set through DHCP or manually entered, for addresses not on the LAN. Changing a computer to a DNS server other than the router will use that (those) DNS server(s) only and will override any DHCP DNS settings permanently.
(Answering Quartz)
Thank you and a good idea, but I still need to know what the order of the devices is.
If I set the PC for 8.8.8.8 (Google DNS) and the router for 208.67.222.222 (Open DNS), reset the PC, and then request a non-cached address, who will service the request?
I think **yoyodyne **just gave me the answer I was looking for. In my example above, then, the request would be served by Google DNS, right?
To hammer on this a bit more, and rephrase it in a different way:
The PC has two possible configurations for DNS:
Obtain DNS automatically
Manually enter DNS address
Since you entered “8.8.8.8”, you’re using option 2) and your computer will always use that DNS address until you tell it otherwise.
If you set the DNS to “automatic”, then your computer will send a DHCP request upstream to ask what DNS server it should use-- in this case it’s up to “upstream” to decide. If your router is “upstream”, and it’s set to “8.8.8.8”, your PC will use “8.8.8.8”. If your router is set to “automatic”, then *it *will go upstream and ask your ISP which DNS server it should use.
Makes sense? So nominally, your computer asks your router which asks your ISP. However, you can set either the computer or the router to “manual” mode, in which case they will use the address you set.
The difference is that if you set “manual” mode on your computer, *only *your computer will use that DNS server. If you set “manual” mode on your router, all the computers plugged into that router will use that DNS server.
Hope this helps/wasn’t long-winded and unnecessary.
The above answers are correct, and almost certainly what the OP will find with testing…
but …
The gateway device (the router or firewall) could well be running a transparent redirection for DNS traffic. In other words, any DNS connection through the gateway device will be redirected to and served from the mandated DNS server. This should be standard practice for any corporate network configuration, and many ISPs do this as well. This allows proper tracking of DNS lookups, allows DNS whitelist/blacklist systems, and restricts DNS traffic to local caches.
The same thing applies with proxies - transparent redirection of http connections via ISP/Corporate proxies for monitoring/filtering/performance.
To determine the real identity of the DNS server, use nslookup (MS version). it is depricated on Unix/linux, but is easy to use. When you start it, it will tell you the ip address of the default (current) DNS server (or type the command server). Typing a dns name will return the ip address of the responding DNS server and the ip address of the dns name requested. Type exit to quit.
The computer has a DNS (or several) server address. It obtains this either automatically (part of DHCP) or is hard coded.
Nothing overrides hard-coded.
Whatever is set on the DHCP server is what your PC uses for DNS if it is set to “obtain automatically” (which can only happen if the address is also obtained through DHCP.)
That’s how a PC can get a DNS server address.
A DNS server translates internet names (i.e. “www.google.com”, or “ftp.yahoo.com”) to IP addresses.
Your PC queries the primary DNS server to translate any addresses it does not know.
The PC keeps the answers in a local cache for a limited time so it does not ask the same question over and over. When Time to Live expires on that entry, it asks the DNS again.
(NOTE: PC’s do not ask the same question of the secondary if they don’t get an answer from primary DNS servers. The secondary only matters if the primary is completely off-line unresponsive).
A DNS server can get the answer several ways -
It has some answers hard-coded (i.e. Google has a master “authoratative” DNS for the whole google.com domain).
For other answers, it asks upstream DNS servers, or may be pointed to a certain other DNS server; “forwarder” entries.
It can ask the root servers, a*.com, b*.com, etc.
Any previous answers may be in its cache, with associated time-out values.
As mentioned above, any of the traffic sent upstream by the DNS server could easily be intercepted by a properly configured router. DNS queries are a simple format that anything can read. It is easy for a router to intercept, re-route, and have another DNS server reply to a packet as if it was addressed to that server.
In fact, your home router does something like this. It’s not a real DNS server, it just accepts DNS queries and forwards them to the DNS server it knows about from the WAN (ISP) side of the router, usually from DHCP. That way, you don’t have to know your ISP’s details.
Of course, entries in the local PC’s “hosts” file override any DNS, since an internet name is resolved against the host file first.
Virus program hav been known to either change the DNS server to a captive one or put entries in the HOSTS file. Usually this is done to prevent the PC fromacessing sites like McAfee or Windows Update where you might find programs that can remove the virus; or to wrap their own advertising around content from other sites.
As for upstream interception of DNS queries - not a lot you can do about that other than hardcode key addresses in the HOSTS file.
As others have said, I would recommend not setting the clients to have static DNS server settings that point to external DNS servers. Doing so would most likely cause internal name resolution to fail since Google doesn’t know that names of your PCs. Setting your PC to point to the router for name resolution and letting the router forward any requests it cannot itself resolve will allow internal name resolution to continue working while still allowing name resolution for external targets to work as well.
I know it’s been answered, but I’m not usually able to post to topics in GQ, so :p.
