Cascading Routers (LAN to WAN) and DNS

4

1

I live in a shotgun style house and thus am required to have to wireless routers to reach every room.

  • The first router is in my roommate's room and has an IP address of 192.168.1.1 with a DHCP pool of 192.168.1.2-192.168.1.150.
  • I have the first router set to use Google's DNS servers (8.8.8.8 and 8.8.4.4).
  • I am currently cascading my second router (ethernet runs from LAN on first router to WAN on second router).
  • My second router is set to a static IP of 192.168.1.2 (the MAC address of the second router is used to be sure the first router doesn't let any other devices use that IP address), and the gateway and DNS server is set to 192.168.1.1, the IP address of the first router.

Everything seems to be working fine, but I was wondering two things:

  1. Will my second router use Google's DNS servers that are set on the first router if my second router's DNS server IP address is set to the first router's IP address?

  2. Am I understanding correctly, by placing my second router's IP address in the DMZ of the first router, all ports will be forwarded to my second router?

Steven

Posted 2015-02-10T21:33:50.740

Reputation: 45

Answers

0

  1. The second router will first check its cache for anything it gets asked by clients attached to it. If it doesn't know, it will query the first router. If the first router has it cached, it will reply with an answer, otherwise the first router will query Google's DNS for what it doesn't know and respond back to the second router with the answer.
  2. Different routers handle DMZ differently - it isn't always cut and dry. For the most part, only certain services are exposed (common ports such as 80, 21, 25, etc), so only a few ports will be opened up to the world, not all of them.

MaQleod

Posted 2015-02-10T21:33:50.740

Reputation: 12 560

Would forwarding the ports on my first router to my second router's IP address and taking my second router out of the DMZ be a better option? – Steven – 2015-02-10T22:02:28.227

That is a better option to be absolutely sure what is open and what is not. I prefer to know exactly what is exposed on my own network. That being said, port forwarding with double-NAT doesn't always go as expected. – MaQleod – 2015-02-10T22:05:25.740

One last question, I suppose forwarding all the ports I need from my first router to my second router, and then forwarding the ports again on my second router to the my various devices would be ideal? – Steven – 2015-02-10T22:10:58.830

That is pretty much the best option for double-NAT and in most cases that will work, however I have seen that type of setup fail in the past. – MaQleod – 2015-02-10T22:23:59.960

0

  1. Yes, your second router will direct DNS requests to your primary router, which will then forward them to a Google DNS server for lookup.
  2. Not quite. The DMZ is actually a more "restricted" network layer that is used with security in mind. Therefore, the connectivity of machines placed in the DMZ are more limited than others so as to protect the other machines on your network - should "DMZ machine" become compromised. Wikipedia actually has a pretty good article on it.

Ubunfu

Posted 2015-02-10T21:33:50.740

Reputation: 236

Asked: 2015-02-10T21:33:50.740

Viewed: 5 630 times

Active: 2015-02-10T21:58:11.033