I've noticed DHCP gives out the ISPs DNS servers by default on Vigor 2860.

Is this change in behaviour intentional? Older models would give out the router IP as DNS proxy if no DNS servers were manually specified in DHCP option settings.

That has been the behaviour for the last 2-3 years, I think - it can be confusing though because if you get a DHCP lease before the router has connected to the internet, it will give out its own IPs. Once the router is on the internet though, it will give out the DNS servers of its WAN interfaces. One way to make it more predictable is to specify the DNS servers under LAN > General Setup > LAN1 Details Page, which makes it always provide the DNS servers specified on that page.

Bumping a slightly old thread as I'm having the same problem. This may be the default behaviour but seems inconsistent with the description in the User's Guide:

"If both the Primary IP and Secondary IP Address fields are left empty, the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache.
If the IP address of a domain name is already in the DNS cache, the router will resolve the domain name immediately. Otherwise, the router forwards the DNS query packet to the external DNS server by establishing a WAN (e.g. DSL/Cable)"

These DNS server addresses are blank in my setup but my DHCP clients still appear to be configured to use the DNS server addresses provided by my ISP rather than that of the router. The above is from the section on LAN DHCP configuration, DNS server settings, p.151 of v.4.5 of the User's Guide (November 2017) so I would assume should reflect current behaviour. Am I missing something here? Are there additional settings that will result in the 2860 behaving as described? If not, I'm not sure what purpose the DNS cache table available from diagnostic settings serves.

Appreciate any suggestions!

Hello @IanDL

I reported this to Draytek support some time ago. As @Admin3 says above the behaviour was changed a couple of years ago but the manual was not updated. Here is the email I sent to Draytek support with my analysis of the situation.

DNS Cache table does not populate [#DQ946268]

The situation with unexpected behaviour in the DNS Cache table has been resolved.

The problem was that the allocation of DNS servers by the router is not as described in the user manual (V4.5 page 151)

If both the Primary IP and Secondary IP Address fields are left
empty, the router will assign its own IP address to local users
as a DNS proxy server and maintain a DNS cache.


After rebooting the router, and while the router is training and establishing a connection to the ISP, if the fields described above are left blank then any client querying the router's DHCP server for an IP address will get primary and secondary DNS servers set to 192.168.1.1

After the router has established a connection with the ISP, if the fields described above are left blank then any client querying the router's DHCP server for an IP address will get primary and secondary DNS servers set to the ISP's DNS servers as shown on the "Physical Connection" screen.

What this means is that if the router is rebooted while local clients are connected and switched on, those clients will get DNS servers set to 192.168.1.1 and the DNS Cache table will show entries. This will continue until the DHCP lease expires for those clients (3 days later) when they then get the ISP's DNS servers assigned. So some clients have the local router acting as a proxy, while other clients query the (ISP's) DNS servers.


RESOLUTION / WORKAROUND

Add 192.168.1.1 as primary and secondary server addresses (Router acts as proxy and caches DNS entries).

OR

Add ISP's DNS server addresses (Clients access external DNS server directly, no cached entries on router).


RESOLUTION FOR DRAYTEK

Change the wording of the user manual.

OR

Change the behaviour of the router firmware to match the user manual.


I hope this is of use to you

Many thanks

John.

Hope this helps

John.

Thanks John. Sounds like you've got it figured out + saved me a lot of head scratching. Let's hope DrayTek finally update the manual sometime soon.

Although I had written this off as a simple inconsistency of actual behaviour from documentation, recent experience suggests it can actually lead to real problems:

I recently switched ISPs from PlusNet (VDSL) to Virgin (Cable) and had a couple of days overlap when both were working. Having set the Virgin hub into modem mode and plugged it into the WAN 2 port on the 2860, I was able (with a little effort) to get internet access via both connections - basically the 2860 doing what it is supposed to. However, DNS resolution became extremely patchy. After a bit of investigation I worked out why...

Unless it is set up to do otherwise, the 2860 uses the DNS server addresses issued by the ISP and passes these on to LAN clients when it issues DHCP leases. It then tries to distribute traffic between both WAN connections, depending on whatever traffic balancing rules have been defined. However, clients are sending DNS requests to whichever DNS address they were issued with when they got their DHCP lease. If traffic is being directed via the other WAN connection to that for which the DNS address was issued, and if the ISPs DNS servers are not public, then DNS resolution fails. It turns out both my ISPs have private DNS servers (i.e. I can't use Plusnet's servers for DNS lookups when connected via Virgin and vice-versa). Even if I disable one WAN, if the working connection is not the one for which the DNS address was issued by the 2860 to the client, I can't resolve IP addresses until I renew the DHCP lease, thus updating the DNS address used by the LAN client.

I guess the obvious way around this is to use public DNS servers on both WAN connections rather than those provided by the ISP. However, if the 2860 was working as described in the documentation, I assume it would issue it's own address to LAN clients for DNS resolution and then forward DNS requests to which ever server it was using at the time, making the whole process transparent from the client side.