Understanding Configured vs. Actual DNS Servers

RouterCheck runs multiple checks when it tests your router’s security. One of the most important tests checks the configuration of the DNS servers, which are crucial to your router’s security. That’s why RouterCheck tests both the configured servers and the actual servers that are used.

So what are DNS servers and why are there two types?

DNS Servers are like fast-food workers

Consider a typical fast-food restaurant: When you walk up to the counter, you give your order to a cashier, pay your money, and ultimately receive your food. The cashier is responsible for the entire transaction except for the most important part –actually making your food. The cashier doesn’t make your food because that would be inefficient: she’s really just the point of contact for receiving your order.

Instead, the kitchen staff makes your food. You rarely see the team in the kitchen that’s responsible for grilling the patty, frying the fries, and shaking the shakes. This team can work very efficiently by sharing the work. When you come back to the restaurant tomorrow, you may order from the same cashier, but the kitchen worker who makes your sandwich may be different. You don’t need to know or care.

It works the same way when you configure your router to use a certain DNS server:

The DNS server that you choose to use (the configured server) acts like that cashier. It doesn’t look up and respond to all your DNS queries (and those from millions of other people) because it would be overwhelmed. Instead, it receives your DNS request and then passes it onto another DNS server (the actual server) that it works with to do the actual work. Just like in the restaurant, you usually don’t need to know the identity of the server that satisfies your request.

The configured server is the intermediary between you and the actual server, which does the actual DNS lookup.

RouterCheck looks at all aspects of your DNS configuration

When RouterCheck tests your router security, it looks at all the elements needed for DNS.

First, it checks that your configured DNS server is trustworthy. This is like checking whether the restaurant has any health-code violations or other safety issues.

Next, RouterCheck looks at the actual DNS server that processes your requests:

  • It checks whether there are any known problems with that server. This is like checking that the worker in the kitchen washed his hands before making your food.
  • It checks whether the identity of this server is reasonable for your configuration. This is like walking into SuperBurger only to learn that your sandwich was made by someone working at Joe’s Garage: If you have configured your router to use Google DNS, but your DNS requests are being processed by an unknown server in another country, it’s reasonable to raise an alarm.

At RouterCheck, we strive to test your router’s configuration as thoroughly as possible to keep you secure. By checking the actual DNS Server and verifying that it looks safe, RouterCheck helps you feel confident about the security of your home network.