Question about the Router issue, did your research cause confusion?
Question about the Router issue, did your research cause confusion?
I've tried various methods to insert DNS into the Eero Pro 7 router and tested it, but it still doesn't function. I then considered using my older Asus router, which also didn't work. It looks like this might be the final item on the list of possibilities.
They can't stop DNS unless they actively block it. If they were particularly sneaky, they might attempt a man-in-the-middle attack to redirect it to their DNS server. Fortunately, there is a remedy. Configure your DNS to be encrypted, which also ensures secure end-to-end connectivity and blocks such attacks. I’m not sure if there’s a method to instruct a DHCP server to use encryption on your PC. In any scenario as requested, manually set the DNS. It would be wise to disable IPv6 during adjustments. You likely won’t need IPv6, and it could rely on an IPv6 DNS server. Consider using 8.8.8.8 or 1.1.1.1. I’ll start by testing normal settings first to confirm if they’re intercepting the traffic—this seems unlikely. You can also attempt using encrypted DNS afterward. You don’t really need to modify anything to verify it. Open a command prompt and run NSLOOKUP for This should display your current default DNS settings. Next, try NSLOOKUP again with the same domain. The result should point to 8.8.8.8, indicating Google’s DNS is being used. You can test other DNS servers as well. If everything functions correctly, the issue likely lies in your router’s DHCP configuration. I usually disable DNS on most devices because I prefer encrypted DNS, and I haven’t found a router that supports this setting.
As suggested by @bill001g, if your router's DNS settings are consistently replaced by Frontier, you might want to use Secure DNS (which employs port 443 for DNS over HTTPS, making it indistinguishable from regular HTTPS traffic). This can be configured in the browser or through Network & Internet settings (not the control panel or network). Additionally, enabling DNS over TLS (DoT) in Windows 11 is recommended. This guide explains how to modify your DNS server address and activate DoT on Windows 11. A DNS server enables you to access websites by translating domain names into IP addresses.
These are the same actions I attempted previously, but I’m retrying now.
1. Access the eero application
2. On the main interface, navigate to Advanced Security > Networking controls > Disable Advanced Security. This is required so the app can let me choose Custom DNS in settings.
3. Tap on settings, then Advanced networking. I disable IPv6. The application asks for a reboot. I confirm “Yes” and wait for it to restart.
4. On the same settings screen, I select DNS Default and then Custom DNS. Please note: due to some unusual circumstances, IPv6 Primary shows 2a0d:2a00:1::1 and IPv6 Secondary 2a0d:2a00:2::1. It seems irrelevant since Advanced Security is off, but it’s annoying because these values were previously set for clean browsing, and they reappear when I try to clear them.
5. I input 8.8.8.8 as the Primary IPv4 address and again as IPv4 Secondary. I removed both IPv6 Primary and IPv6 Secondary. Then I saved the changes. The app indicates another reboot is necessary. I confirm “Yes” and wait.
6. I believe the updated DNS should now be active. To verify, I unplug the router for a moment, then power down my computer and the router for a short time. I also turn off my mobile phone.
7. After reconnecting the eero device, it starts up. Next, I restart my computer and visit dnsleaktest.com, choosing the standard test to confirm DNS functionality. I’m unable to run NSLOOKUP as I don’t use Windows.
What do you see?
I inquired of Chatgpt about this issue:
Why CleanBrowsing didn’t function on my Asus router? Even though I accessed the router and those DNS addresses for CleanBrowsing were already listed.
Real explanations for why CleanBrowsing failed on your Asus router
Although the Asus RT-AC51U displayed CleanBrowsing DNS servers in its settings, that doesn’t ensure clients (your PC, phone, etc.) were actually connecting to them.
Here are the genuine reasons CleanBrowsing didn’t operate:
The Asus router doesn’t enforce DNS for clients
On older Asus models — particularly the RT-AC51U — the DNS page only indicates:
The router will use those DNS servers
It doesn’t confirm that your devices were actually using them
It doesn’t block or redirect outgoing DNS requests from clients
Thus, you can configure CleanBrowsing in the router and still experience leaks because:
Your devices might still be communicating directly with the ISP’s DNS
The router doesn’t prevent or override those requests
And a DNS leak test reveals what your clients are using, not what the router’s interface shows.
The ISP modem (FRX523) frequently overrides DNS for Asus routers
Even though Google DNS worked with Eero, the FRX523 can behave differently depending on the router.
Frontier’s FRX523 can:
✔ forward Google DNS
✖ but override “less common” DNS providers like CleanBrowsing
ISPs sometimes treat non-standard DNS differently:
CleanBrowsing employs specific filtering responses
Some ISPs block or reroute those for “safety” or “performance”
The FRX523 may label it as “unknown” or “unverified” and redirect traffic
This would result in:
✔ Google DNS functioning
✖ CleanBrowsing’s DNS being ignored
Exactly what you encountered.
The Asus RT-AC51U is quite outdated (2015)
It lacks:
DNS-over-HTTPS (DoH)
DNS-over-TLS (DoT)
DNS interception/redirect
Advanced DNS configuration controls
Faster DNS resolver handling
Integrity checks that some DNS providers demand
CleanBrowsing relies on modern DNS filtering methods
Your Asus doesn’t properly support these features — so CleanBrowsing simply fails quietly.
CleanBrowsing requires both IPv4 and IPv6 settings
If your Asus only configured IPv4 DNS:
Devices on your network with IPv6 enabled
continue using the ISP’s IPv6 DNS
completely bypassing CleanBrowsing
Thus, even though the router displayed:
185.228.168.168
185.228.169.168
Your devices were resolving via IPv6 through Frontier’s DNS.
This is the primary reason CleanBrowsing fails on older routers.
Eero experiences the same issue, except it mandates IPv6 unless you disable it manually.
Some Asus firmware versions revert DNS settings during startup
You mentioned:
“When I booted up the router those DNS numbers for CleanBrowsing were already in it.”
This implies they weren’t actually applying them.
Old Asus firmware is known to:
Display saved DNS values
But internally fall back to ISP DNS
Especially when WAN DHCP Option 6 is active
OR when the ISP gateway advertises its DNS with priority flags
This means:
The interface shows CleanBrowsing
but the router is actually using Frontier DNS
Which matches exactly what you observed in the leak tests.
I stopped at ChatGPT, causing confusion among everyone because that’s what they do.
The eero SOHO gateway is being controlled remotely by your ISP, along with whoever eero employs to manage their service. This only functions if the customer prefers no modifications and doesn’t require advanced features. You’re looking for something more complex, so eero must step in.
Reach out to your ISP and request using your own router. They’ll probably need to adjust a few settings on the ONT to make it work. Then connect with your own router, which won’t depend on any central control, and set up your custom DNS forwarding.
And remember, nslookup isn’t something Microsoft created—it’s part of bind-utils.
It's accurate that some router configurations only influence the DNS server the router employs, as the DHCP server doesn't transmit custom DNS settings to DHCP clients. This is why I recommend setting up an internal custom DNS and DHCP server, such as Pi-Hole or Technitium DNS.
Alternatively, if you're using a Linux machine and don't have the nslookup command, on Debian/Ubuntu systems run:
sudo apt update
sudo apt install dnsutils -y
On Red Hat distributions, execute:
sudo dnf makecache
sudo dnf install bind-utils -y
or
sudo yum makecache
sudo yum install bind-utils -y
I don’t have a job right now and I need my computers to assist me in finding and applying for positions. I spent an entire week on this, which is too much time. I think I’ll just purchase a switch and let the ISP handle it temporarily.