A little background on ASUSWRT. ASUSWRT is the firmware ASUS ships on current routers. It started as a fork of the Tomato firmware project. Tomato is similar to DD-WRT. ASUSWRT-Merlin is an enhanced, and fixed (some), version of the ASUS supplied ASUSWRT.
Post Switch Concerns
After switching to ASUSWRT from DD-WRT I thought I would be losing the ability to serve local DNS. I was wrong. I loaded ASUSWRT-Merlin on my ASUS RT-N66U. After some trial and error configuration I discovered local DNS is alive and well in ASUSWRT-Merlin.
There is one minor caveat in that local DNS only works for DHCP served addresses, unless you further modify the dnsmasq configuration from the command line. I spent a lot of time managing non-DHCP addresses in that fashion with DD-WRT, and want to make management as simple as possible. The dnsmasq service used by ASUSWRT operates as a masquerading forwarding DNS server.
With DD-WRT I had non-DHCP addresses allocated in a certain range (0-99), and DHCP addresses from 100 to 255. Within the DHCP addresses I reserved the first 20 (via DHCP reservations) for our devices. Which let any guests pickup other addresses. Why?
With DD-WRT I broke the DHCP range into two and had QOS rules in place for each group. Guest addresses received tighter restrictions and lower bandwidth. Managing these in DD-WRT was a pain. The ASUSWRT makes it a lot simpler to accomplish the same things.
Local DNS Setup
I couldn’t find any definitive guides on setting this up, only that it could be done. So heres how. Before proceeding, to make things easier, make sure all devices in the ASUS Client list have a name showing up. If the name doesn’t show up, click it’s MAC address (top one) and define it in the pop-up window that appears.
Open the LAN menu, and “DHCP Server” tab. A few things to note:
a) “Enable the DHCP Server” should be Yes.
b) The routers Domain Name can be blank or you can set it to what you want, just don’t use one of the top level domains like com, net, org, etc. I chose “home”. This makes all hosts on my network resolvable as “hostname.home”.
c) Set the DHCP starting and ending range, for example 192.168.1.10 to 192.168.1.150. The subnet and final address are blocked out in the image. For the subnet, it should be the same as the routers defined subnet. If you defined the routers address as 192.168.1.1 then the IP range should be on subnet 1. I don’t use 1.
d) The “Default Gateway” is the gateway that clients will route through.
e) Now the DNS settings need special attention:
If you select Yes for “Advertise routers IP in addition to user specified DNS”, then the routers address will be appended to the DNS address list given to the clients when they lease an IP address. I said “appended” meaning it will be LAST!
So if you want to be able to resolve names on your network without specifying the routers address as the name server to do the resolution (i.e.: nslookup – 192.168.1.1), then you should make sure the Advertise setting is set to No, and put the routers address in “DNS Server 1”. This puts the router in the list FIRST! Apply your secondary (if any) in “DNS Server 2”.
The last thing surrounding DNS, which ties into the router domain defined above, is the “Forward local domain queries to upstream DNS”. This should be No. You don’t want a query for “xbox.home” to be passed up to be resolved at the internet level. You want it to stay on your network.
With DNS setup in this way, your hosts (blah.home) are answered first from the local DNS cache while external hosts (www.apple.com) are answered from your ISP (or OpenDNS, Google, etc) DNS servers.
f) Click the Apply button when done.
I typically assign a static address to devices that I want to always be at a certain address (like a printer, NAS drive, etc). I typically setup appliances like streaming players and TV’s with static addresses too since they really don’t need to change.
I still wanted to resolve the problem where these non-DCHP devices (devices with static IP assignments) could be resolved on the network WITHOUT having to modify configuration from the command line. Remember, simple, low maintenance.
To resolve this I changed all devices with static IP’s to DHCP. Bonus that makes device setup simpler too. I then setup DHCP reservations for them within the DHCP pool in a particular range (99 or less). This way I can easily identify “appliances” from computing devices.
a) Set the “Enable Manual Assignment” to Yes.
b) Use the dropdown to select a device, which will have the MAC address or device name (if it was given by the requesting client or defined manually on the ASUSWRT Client list).
c) Set the address (it will default to whatever it was assigned by the server). If you want to change it, change it.
d) Click the + button.
e) Click the Apply button.
With DD-WRT I had devices setup in ranges with guest range relegated to low bandwidth and peer to peer services blocked. I want the same thing with ASUSWRT. I also had my devices defined with particular classes of service.
The ASUSWRT firmware has defaults based on traffic type, mainly surrounding file transfer.
Once enabled you can delete the default ones, and add custom ones.
I added the peer to peer services using the service name drop down and selecting the common ones. To add, select it, set the priority, and click the + sign icon.
I then added my devices, this time using the Source IP or Mac dropdown. The name will show up if it was offered by the requesting client or was manually defined on the ASUS Client list. This makes it a cinch to add, unlike DD-WRT where you add each device by MAC address only.
Once defined, click the Apply button.
So what about the lower priority guest traffic? With ASUSWRT, any traffic not matching a rule gets routed to the “Low” setting. I have my low and lowest settings set to use very little bandwidth.
I now have ASUSWRT doing everything DD-WRT was doing, and without command line management.
Oh, and now is a good time to backup the configuration using the Administration/Save feature.
Thanks, was able to configure local DNS using your guide. One thing that I had to do though was set the router’s domain name, wouldn’t work without it.
Great article, thanks!
The only additional thing I needed to do was adjust DNS-based filtering as I had AiProtection screening for malicious sites.
Setting Global Filter Mode to Router resolved the conflicts with that.
A bit of tinkering revealed that one does NOT have to change the devices from static to DHCP. On the LAN page at the bottom, manually assign them – select by name (assigned in popup window) and then assign host names. Then they resolve!
Just an FYI – I played around with this, but found I got odd DNS behaviour (failed lookups for external addresses etc).
I found this comment from Merlin (who maintains the firmware):
“Asuswrt has the router run as a DNS proxy (that’s the short version of it). That field on the DHCP page will usually contain your router’s IP (that’s the default when it’s left empty), which means your clients will get your router’s IP as the DNS, and then the router performs all DNS lookups using the DNS obtained either from your ISP, or manually entered on the WAN page. Having this means that your router can easily act as a caching server for DNS queries for your whole LAN, which can improve performances.
So if you wanted to use custom DNS servers, you would have to enter them on the WAN page, while leaving the DNS entry on the DHCP page untouched.”
I haven’t had any issues with the way I had it setup. I did remove the DNS from DHCP and found that everything still works as expected. So caching a plus.