I have question on DIR-655's "DNS Relay" check box.
Below is an excerpt from this link.........
https://www.grc.com/dns/configuring.htm
.........of which I want to know if the "DNS Relay" function what turns ON/OFF the DIR-655 being the proxy between the LAN PCs & the DNS IP Addresses listed in the router ? If I uncheck the box would the PCs go direct to the public DNS resolver ? You can see from the excerpt that the writers do not like this proxy function of routers.
Some routers pass the two public DNS IPs obtained from the ISP through to the machines located on the LAN, whereas other routers provide their own private IP on the LAN, the so-called “gateway IP,” as the IP to be used for DNS resolution by the LAN's computers. In the case of public DNS resolver IPs, the machines on the LAN send their queries directly to the publicly located DNS resolvers for resolution. In the case of having received the router's own private LAN IP for DNS resolution, machines on the LAN behind the router will send their DNS queries to the router, believing it to be a DNS resolver when, in fact, the router operates as a “proxy” for the actual public DNS resolvers. The router forwards any received DNS queries to the actual DNS resolvers on the public Internet and returns their results to the machine that originally issued the DNS query.
Pros & Cons of Router-based DNS:
If your computer(s) is/are not behind a router, then router-based DNS is not an option. But assuming that you do have a router, the greatest benefit offered by router-based DNS is that the DNS servers within your entire network can be “centrally managed” and completely changed at a single location (within the router.) It has been our experience that the best approach, if it is available from the router's configuration interface, is to have the router distribute public DNS resolver IPs to the machines on its network — as opposed to giving them its own private IP for DNS resolution. When that is done, the network's computers directly query their public DNS servers, rather than querying the router. But, as was explained above, by default many routers now issue their own local IP as the DNS server for the network, then “proxy” the DNS queries from the local network's computers.
But the larger concern is that the error-handling and retrying logic used by inexpensive routers for unanswered DNS queries is unknown and likely to be poor. Modern computers have a mature, time-tested and sophisticated system for retrying unanswered or too-long-delayed DNS queries. We like the idea of allowing that mature technology to function. But if the router is “proxying” the computer's DNS query our DNS handling is at the router's mercy. That seems wrong and less than optimal. Therefore, if you prefer to have your network's router centrally manage DNS for your computers, you might wish to see whether it's possible to have the router distribute the public DNS resolver IPs that you specify, rather than having it providing its own gateway IP as the network's DNS. That just seems a lot better, cleaner, and simpler.
Author
Topic: DIR-655 DNS Relay Question (Read 6293 times)