Different DNS Servers in SRM?

[jono]

In SRM's Network Center under Internet there's a 'Manually Configure DNS Server' option where we can add our Preferred DNS Server and an Alternative DNS Server.
Under Local Network > DHCP Server there's also fields to add Primary DNS and Secondary DNS.

What's the difference between the one under Internet, and the one under DHCP Server in Local Network settings?

 

[fredbert]

The Internet settings are for the router itself; the Local Network sets up the DHCP service for LAN/WLAN clients. In the DHCP server settings of SRM there's an option to add known DNS servers (i.e. the Internet setting's info). This gives you more configurability than some Internet routers.

When Safe Access first started it was possible to by-pass the DHCP configured DNS servers (e.g. if you had an internal DNS server resolving your own domain) if the 'add known' was enabled and those pointed to Internet DNS. It was a bit of a pain since SA wanted local devices to point to the SRM local IP for DNS and then intercept the requests. I got it working by setting Internet DNS to be the internet DNS server too. Haven't thought about if it has changed since then as I've got it working.

Internet DNS:
- primary: internal NAS DNS server
- secondary: Cloudflare 1.1.1.1

SRM's DHCP server:
- primary: SRM local IP
- secondary: internal NAS DNS server
- don't add known DNS

NAS DNS server:
- resolve my domain
- foward first to OpenDNS and then Cloudflare

It used to be common to configure Internet firewalls to block DNS 53/TCP requests and only allow 53/UDP, to stop zone transfers since UDP can't handle as much data.

 

[jono]

Great, thanks a lot for the explanation!