Router DNS Configuration

Secure your entire home network with encrypted DNS

Back to Knowledge Base

Quick Configuration Endpoints

DNS over HTTPS/TLS

Primary: 140.82.41.243
DoH: https://xyz01-srv.unrulycitizen.com/dns-query
DoT: xyz01-srv.unrulycitizen.com

Backup DNS

Secondary: 1.1.1.1 (Cloudflare)
Tertiary: 8.8.8.8 (Google)
Use only if primary fails

Router DNS Configuration Methods

Method 1: TP-Link Archer Series (Web Interface)

1
Access Router Admin

Open browser and navigate to: http://tplinkwifi.net or http://192.168.0.1

Default credentials: admin/admin (check router label)

2
Navigate to Advanced Settings

Click "Advanced" tab → "Network" → "Internet"

3
Configure DNS Settings

Scroll to "DNS Address" section and select "Use These DNS Servers"

4
Enter DNS Servers

Set the following DNS addresses:

Primary DNS: 140.82.41.243 Secondary DNS: 1.1.1.1
5
Save and Reboot

Click "Save" and wait for router to apply changes. Reboot if prompted.

6
Verify Configuration

Go to "Status" → "Internet" and verify DNS servers are set correctly.

Method 2: ASUS Routers (Merlin/Stock Firmware)

Configure DNS on ASUS routers with advanced features:

# ASUS Router Steps: 1. Access: http://router.asus.com or 192.168.1.1 2. Navigate: Advanced Settings → WAN → Internet Connection 3. WAN DNS Setting: Select "No" for "Connect to DNS Server automatically" 4. DNS Server 1: 140.82.41.243 5. DNS Server 2: 1.1.1.1 # For Merlin Firmware (Additional Features): 6. Advanced → DHCP/DNS → Dnsmasq Custom Configuration: server=140.82.41.243 server=1.1.1.1 all-servers cache-size=1500 # Enable DNS-based Filtering (Optional): 7. Adaptive QoS → Web History → Enable DNS-based Filtering 8. Set DNS to: 140.82.41.243

Method 3: Netgear Nighthawk Series

DNS configuration for Netgear routers:

# Netgear Router Configuration: 1. Access: http://www.routerlogin.net or 192.168.1.1 2. Default: admin/password (check router label) 3. Navigate: Advanced → Setup → Internet Setup 4. Domain Name Server (DNS) Address: "Use These DNS Servers" 5. Primary DNS: 140.82.41.243 6. Secondary DNS: 1.1.1.1 # For Dynamic DNS (Optional): 7. Advanced → Advanced Setup → Dynamic DNS 8. Use Dynamic DNS: Yes 9. Service: Custom 10. Server: xyz01-srv.unrulycitizen.com # Apply and Test: 11. Click "Apply" 12. Restart router if changes don't take effect immediately 13. Test from connected device

Method 4: OpenWrt/LEDE Custom Firmware

Advanced configuration for OpenWrt routers with full DNS control:

LuCI Web Interface
# OpenWrt DNS Configuration: 1. Access: http://192.168.1.1 2. Navigate: Network → Interfaces → WAN → Edit 3. Advanced Settings → Use custom DNS servers: 140.82.41.243 1.1.1.1 # Alternative: DHCP and DNS Settings 4. Network → DHCP and DNS → General Settings 5. DNS forwardings: 140.82.41.243 1.1.1.1 6. Resolve file: /tmp/resolv.conf.d/resolv.conf.auto
Command Line Configuration
# SSH into OpenWrt router ssh root@192.168.1.1 # Configure DNS via UCI uci set network.wan.dns='140.82.41.243 1.1.1.1' uci commit network /etc/init.d/network restart # Configure dnsmasq for DoH (Advanced) opkg update opkg install https-dns-proxy uci set https-dns-proxy.@https-dns-proxy[0].resolver_url='https://xyz01-srv.unrulycitizen.com/dns-query' uci set https-dns-proxy.@https-dns-proxy[0].bootstrap_dns='140.82.41.243' uci commit https-dns-proxy /etc/init.d/https-dns-proxy restart

Method 5: ISP Router/Modem Combos

Configuration for common ISP-provided routers:

Xfinity/Comcast (Arris/SBG)
# Xfinity Gateway: 1. Access: http://10.0.0.1 2. Login: admin/password (check device label) 3. Gateway → Connection → WiFi → Edit 4. DNS Settings: Custom 5. Primary: 140.82.41.243 6. Secondary: 1.1.1.1 # Note: Some Xfinity gateways may require: 7. Advanced Settings → LAN Setup → DNS 8. Disable "Get Automatically from ISP"
Spectrum/Charter
# Spectrum Router: 1. Access: http://192.168.1.1 or http://192.168.0.1 2. Login: admin/password (or admin/admin) 3. Advanced Settings → Internet Setup 4. DNS Settings: Manual 5. Primary DNS: 140.82.41.243 6. Secondary DNS: 1.1.1.1 # For older Spectrum routers: 7. Basic → Setup → DNS 8. Uncheck "Get Automatically from ISP"
AT&T Fiber Gateway
# AT&T BGW210/BGW320: 1. Access: http://192.168.1.254 2. Settings → Firewall → IP Allocation → DNS 3. Select "Custom" 4. Primary: 140.82.41.243 5. Secondary: 1.1.1.1 # Important: AT&T may override settings 6. Consider using "IP Passthrough" mode 7. Connect your own router for full DNS control

Router Compatibility Guide

TP-Link Archer

Excellent support. Web interface with advanced DNS options.

ASUS (Merlin)

Advanced features. DNS filtering and custom configurations.

Netgear

Good support. May require firmware updates for full features.

OpenWrt/DD-WRT

Full control. Advanced DNS over HTTPS/TLS support.

ISP Routers

Limited control. May reset settings or block custom DNS.

Very Old Routers

May not support custom DNS. Consider replacement.

Verification

To verify DNS is working correctly on your network:

Check Router DNS Settings

# Method 1: Router Admin Interface 1. Log into router admin panel 2. Navigate to Status → Internet or WAN Status 3. Verify DNS servers show: 140.82.41.243 and 1.1.1.1 # Method 2: Connected Device Test 1. Connect computer to network 2. Open terminal/command prompt 3. Run: nslookup unrulycitizen.com 4. Should show server: 140.82.41.243 # Method 3: DNS Leak Test 1. Visit: https://dnsleaktest.com 2. Run extended test 3. Should show your configured DNS servers only # Method 4: Router Logs 1. Check router system logs 2. Look for DNS resolution entries 3. Verify no errors or fallbacks to ISP DNS # Method 5: Multiple Device Test 1. Test from different devices (phone, computer, tablet) 2. All should use the same DNS servers 3. Confirm network-wide protection

Test Network Performance

# DNS Response Time Test 1. Terminal: dig @140.82.41.243 google.com 2. Note "Query time:" in milliseconds 3. Compare with previous ISP DNS # Network-wide Monitoring 1. Router QoS/Statistics page 2. Monitor DNS query success rates 3. Check for any blocked queries # Real-world Testing 1. Browse various websites 2. Test video streaming 3. Check online gaming connectivity 4. Verify VPN connections work # Advanced Monitoring (OpenWrt) ssh root@192.168.1.1 logread | grep dns cat /tmp/resolv.conf.d/resolv.conf.auto netstat -tulpn | grep :53

Troubleshooting

DNS not working?

  • Verify router admin password is correct
  • Check if ISP blocks custom DNS (common with some providers)
  • Ensure you're using the correct router IP address
  • Try rebooting router after configuration changes
  • Test with different devices on the network
  • Check router firmware is up to date

Common Router Issues

  • ISP DNS override: Some ISPs force their DNS servers
  • Router firmware bugs: Update to latest firmware
  • DHCP conflicts: Router may provide different DNS to clients
  • Parental controls: May interfere with DNS settings
  • VPN passthrough: Ensure VPN traffic can pass through
  • IPv6 conflicts: Disable IPv6 if causing issues

Advanced Configuration

DNS Over HTTPS on Supported Routers

Some modern routers support DNS over HTTPS natively:

# ASUS with Merlin Firmware: 1. Advanced → WAN → WAN DNS Setting 2. Connect to DNS Server automatically: No 3. Forward local domain queries to upstream DNS: Yes 4. Enable DNS-based Filtering: Yes 5. DNSFilter Mode: Router 6. Global Filter Mode: No Filtering 7. DNS 1: 140.82.41.243 # For DoH on ASUS: 8. Install YazDHCP or Diversion scripts 9. Configure dnsmasq for DoH upstream # OpenWrt with https-dns-proxy: opkg update opkg install https-dns-proxy luci-app-https-dns-proxy uci set https-dns-proxy.@https-dns-proxy[0].resolver_url='https://xyz01-srv.unrulycitizen.com/dns-query' uci set https-dns-proxy.@https-dns-proxy[0].bootstrap_dns='140.82.41.243' uci commit https-dns-proxy /etc/init.d/https-dns-proxy enable /etc/init.d/https-dns-proxy restart

Enhanced Network Security

Recommended Router Security Settings

Combine encrypted DNS with these router security enhancements:

# Router Security Hardening: 1. Change Default Admin Credentials - Use strong, unique password - Change default username if possible - Enable automatic logout 2. Disable Remote Administration - Turn off WAN/admin access - Restrict admin access to LAN only - Use VPN for remote management 3. Update Firmware Regularly - Check for security updates monthly - Enable automatic updates if available - Consider open-source firmware (OpenWrt) 4. Wireless Security - Use WPA3 or WPA2-AES encryption - Disable WPS (WiFi Protected Setup) - Use strong WiFi password (20+ characters) - Hide SSID if desired (minimal security benefit) 5. Firewall Settings - Enable SPI firewall - Disable unused ports and services - Block WAN ping requests - Enable DoS protection 6. Network Segmentation - Use guest network for untrusted devices - Create separate VLANs if supported - Isolate IoT devices from main network 7. DNS Security - Use encrypted DNS (as configured) - Disable DNS rebinding protection if blocking encrypted DNS - Set short DNS cache times (300-600 seconds) 8. Regular Security Audits - Check connected devices monthly - Review router logs for suspicious activity - Test network for vulnerabilities - Consider periodic router reboots 9. Physical Security - Place router in secure location - Disable unused physical ports - Consider router lock if in shared space

Need More Help?

Join our community forums for personalized assistance and support

Join Community Forums Back to Knowledge Base