want to use opendns nameservers exclusively

Discussion in 'Tomato Firmware' started by najevi, Dec 19, 2007.

  1. najevi

    najevi LI Guru Member

    I suppose I am doing something wrong with configuration because my /etc/resolv.dnsmasq file contains 3 nameservers, the third nameserver corresponds to one of my ISP's default nameservers. As a result when I visit opendns.com I get the notice:

    Your current IP is 123.456.789.123, but it's not using OpenDNS.
    instead of
    Your current IP is 123.456.789.123

    If I truncate the /etc/resolv.dnsmasq file
    # head /etc/resolv.dnsmasq

    to leave just the two opendns nameservers, viz.

    # head /etc/resolv.dnsmasq

    and then wait a few minutes, the problem is corrected.
    However, eventually the third nameserver creeps back into that file.

    Here are the key pages & fields from my Tomato Configuration:
    Static DNS
    Dyn DNS 2
    Service = OpenDNS
    Use as DNS = checked
    (Current DNS:,,,

    Can you see anything wrong with how OpenDNS is configured?

    Can you explain why the static DNS settings appear to be appended with dynamically assigned nameservers from my ISP?
  2. Macskeeball

    Macskeeball LI Guru Member

    Yes, there's a checkbox somewhere in the Web GUI that tells it whether or not to use the ISP DNS in addition to the Static DNS. I think it may be in Advanced > DHCP / DNS.

    Personally, I keep the ISP DNS in there but have a line in my Dnsmasq config that says "strict-order" (without quotes). That way, my router uses OpenDNS whenever possible, but if they were to go down it would still have one of my ISP's DNS servers.

    PS- Based on this post and another, you seem to default to using your router's commandline and other more complicated solutions. I suggest looking through the Web GUI first and trying to think of simpler ways of accomplishing what you want.
  3. PeterT

    PeterT Network Guru Member

    My settings are:

    Static DNS the values for OpenDNS

    Use Internal Caching DNS Forwarder YES
    Use Received DNS With Static DNS NO
    Intercept DNS Port (UDP 53) NO

    I only use the values from OpenDNS
  4. Macskeeball

    Macskeeball LI Guru Member

    That means that a client on your network could specify the DNS server they want to use in order to bypass the one suggested by the router. Setting it to yes would force it, rather than just suggest it.
  5. PeterT

    PeterT Network Guru Member

    I know that Macskeeball; I have no concerns about that.

    All I was doing was trying to post for the original poster WHAT settings did work to have the desired effect of only using OpenDNS.
  6. najevi

    najevi LI Guru Member

    Use Received DNS With Static DNS was the key. I had that box checked and so that explains to me why the resolv.dnsmasq file kept getting a nameserver from the ISP appended.

    I also checked the wiki and acknowledge that this behaviour is clearly documented there. I guess I must have taken a microsleep when scanning that section.

    I resort to a telnet session and inspecting files in /etc when I cannot find the causal widgets in the web GUI. In this case I did not read the Wiki very carefully.
  7. Macskeeball

    Macskeeball LI Guru Member

    Except it doesn't, if someone can get around that. Najevi wants to force OpenDNS so that he gets their logging etc. If he doesn't check that box, it's possible for someone to get around that network monitoring fairly easily.
  8. PeterT

    PeterT Network Guru Member

    Macskeeball.. I was posting what MY working settings were... NOT what HE should use.

    At least MY showing him some settings led him to a solution....
  9. Macskeeball

    Macskeeball LI Guru Member

    You know, I wasn't trying to get into an argument.

    That's fine. When I read your list of three settings in your first post, it seemed to me like you were telling him that he needed all three to be set that way for it to work the way he wanted.

    Actually, if you read my first post again we were both talking about the same thing. I had said that there was a checkbox in Advanced -> DHCP / DNS that had to do with whether or not the router used the ISP provided DNS in addition to the Static DNS. We were both talking about the same thing.

    I just couldn't give as specific a name as you because I had to go from memory. This computer is in a completely stock reinstall state for troubleshooting purposes right now, and with my router password being so complex it would have been too much of a pain to actually log in and look. Normally the computer would be remembering my password, and I would have looked like you did.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice