Disabling DHCP causes DNS issues

Thanks very much @mikeliuk for your help on this.  So at least we have got to the root cause, the ultimate solution is a bit more tricky 🙂  So it looks like the old router must leave DNS running even though DHCP is disabled.  Is there any logical reason why they would deliberately disable DNS if you didn't want the router to act as the DHCP server?

So my topology is..... I have the router on one subnet and all the internal network (routers, switch etc.) on a different subnet. I then have a PC running ClearOS which acts as the gateway (dual NIC)  between the 2 and it provides all the network services e.g. DHCP, internal DNS, Virus / Malware scanning, Firewall etc etc.

So if I understand this correctly, the edge devices will need to have the ClearOS box as the DNS server in order to resolve internal names.  Somehow I would then need to configure ClearOS to then forward to Google's DNS (e.g. or the EE ones) rather than forwarding on to the router.  Is that correct?

Thanks

Lee.

Hi @mikeliuk 

Just wanted to say a huge thank you for your help.  I have changed the DNS entries in ClearOS to the Google ones for now and it seems to be working fine again. Still can't see the logic of disabling DHCP also killing DNS as the DNS servers should be given by the ISP but hey we got to the bottom of it.  Can now go back to the original problem of solving my intermittent broadband "outage" issue.

Thanks once again

Lee.

Hi @leenowell ,

I can't immediately think of any reason why anyone would deliberately disable DNS when the option given is to disable DHCP. It seems to fail the least astonishment principle so I would guess they are inter-related behind the scenes (e.g. one service provides both and they are either tightly coupled or the developer was too lazy to decouple these functions). The GUI developer probably did not account for the laziness of the backend developer so didn't mark the option as disabling both DNS and DHCP (this seems to be the current behaviour but a future version of the firmware could change this if a developer becomes embarrassed by this thread, perhaps).

From a quick look at the ClearOS server, that is indeed the logical place to be running an alternative DNS service, forwarding to public DNS servers (Quad9 might be considered for security, your mileage may vary). You'll need to check the documentation to ensure the forwarding works ok and that devices can access DNS ok (likely via the ClearOS server). In the optimal configuration, nothing should need to be done on the device side (e.g. mobiles and laptops) as the devices default to DHCP (clients, obviously).

Edit: just noting a corner case that it's possible some other option could decouple the DNS function from the DHCP function, but looking at the webpage for ClearOS, that seems to be the correct location for the on-site DNS server anyway.

Edit2: for the avoidance of doubt, we've really not discussed the service provider's own DNS servers here much. If the DNS service is running on the service provider's router on your site, it is likely to forward to the service provider's own DNS servers by default and in the first instance (these DNS server IP addresses should be discoverable on this forum somewhere). In theory, the service provider's DNS servers should be the fastest to reach within their own infrastructure but for debugging purposes, users are often pointed to public DNS servers which are often very robust.

Hi @mikeliuk 

Yes good points particularly the use of the EE DNS servers.  I would much rather the external DNS done by the router especially since the EE ones could (in theory) change over time and as you say should be the fastest.

I will give EE a call to see if there are any other router options from them and take if from there.  Is there somewhere I can raise router "bugs"?

Thanks

Lee.

In practice, I think you will be better off with public DNS servers such as Quad9, cloudflare (1.1.1.1, 1.0.0.1), or Google DNS at least in the short term and especially if you want to disable DHCP on your service provider's router.

Although the service provider's DNS is good in theory, I've never heard anyone raving about how good they are. More commonly you will hear of people complaining of a DNS issue that is usually traced to the service provider's DNS and the solution is usually to switch to a public DNS server of high repute.

I'm not aware of the correct route to raise a router issue, that firmware updates do get released does suggest there is some way of recognizing issues. It's not even clear the problem is exactly as diagnosed as at least one other person would need to confirm they see the same thing to have confidence. If the service provider's router is based on a commercially available router, it would be good to simultaneously report to both the service provider and manufacturer (doubtless one or both parties would reject the issue as not their problem).

You also need to consider how many of the service provider's customers would choose to disable DHCP and then accidentally lose DNS (if this happens to any second person or second device at all). If you are the only person impacted, the issue will be placed at the appropriate point in the TODO list and this position could be below the "never" line.

DNS lookups are also cached for a time which could make it largely irrelevant which DNS server you forward to. Sometimes the frequency of updates is more important where a user is running a website and changing DNS entries and will often find those entries would be updated/available more quickly via public DNS servers than a service provider's DNS servers.

Many technical questions and choices have no best answer. I generally recommend going for the choice which saves the most time and reduces the amount of thinking required. The exception is if a person is actively trying to learn something, in which case go for the most difficult, fully-featured, production-ready option available.

I'm aware this is a lot of text and really no answer at all! 😂 I do believe the above is true though. 😎

---

@mikeliuk wrote:

It's not even clear the problem is exactly as diagnosed as at least one other person would need to confirm they see the same thing to have confidence.

Here! I do so confirm as I implied in post 2.

I suspect that:

1. The OP's original router which didn't have the issue was the old flat Brightbox 1.
2. The OP's new router which does have this issue is the newer upright Brightbox 1R or 2.

Hi @XRaySpeX ,

Many thanks. Just so that I am clear, please may I check that you also have the same service provider's device and when DHCP is enabled you see port 53/tcp open on that device, but that when you disable DHCP, you find that port 53/tcp is closed?

Once you have confirmed this, we will have reproduced the observation of the OP and would have reason to believe this is the current typical behaviour of that version of the firmware for perhaps a proportion of such devices, or all such devices with that firmware version.

@mikeliuk : All my ports are Stealth.

Wrong network.

This thread pertains to the internal private subnet of the service provider's router, not the WAN. 🤓