rick722



I have a question about entering a primary/secondary dns server in airport utility.  I want to use a local dns server for my primary, and google dns as secondary.  But when I set it up like this it always uses google dns even though it's in the secondary box.  I can confirm this by going to  Am I missing something here?  How can I setup a secondary dns server that only gets used if the primary fails?





  LaPastenague

    Exactly what AE is this on what firmware?


    It is not something I have noticed but to make a test valid I really need to have more details.


    What sort of modem? It is bridged I presume?


    Is the AE getting IP via dhcp?


    What DNS would it use automatically??


    I can then do a check.

  rick722

    1.  Latest AE (ac model) running latest firmware (7.7.2)

    2.  DSL modem from phone company.  Don't know if it's bridged I don't control the settings...

    3.  Yes AE is getting IP via dhcp

    4.  If I leave dns fields blank it will get the dns from the phone company.  But I could put for example OpenDNS in the first field and GoogleDNS in the second and it would still use GoogleDNS.


    FWIW I have noticed this behavior for a long time.  I don't think it's specific to my AE model or firmware.  Not sure what else could cause this though?  Thanks for the help!

  LaPastenague

    Please look at the Network Tab in the AE.. is it set to bridge mode?


    Screen Shot 2013-12-23 at 8.21.05 AM.png


    If so then the DNS setting in the TC is irrelevant. DHCP is being handled by the modem.. all changes must be made on the modem.


    Or do you have a double NAT error.. if so the Main modem can still be controlling DNS.


    You should bridge the modem and use PPPoE client on the TC.. but you say that is not possible..


    Or you must live with the fact that you do not control the network setup.

  rick722

    No it is not in bridge mode and I control the dns:




    I can change the dns to whatever I want and it works, but if I enter 2 dns servers it always takes the secondary for some reason I cannot understand???

  LaPastenague

    If you are getting the IP from a DSL modem by DHCP and you are also routing.. you are running double NAT..


    Please fix the double NAT then see what happens.

  rick722

    Ok I'm very confused.  According to this I'm not running double NAT:


    How to tell if you are using "double NAT"

    While every network setup is different, here is a simple way to tell if your computer is on a "double NAT" network:

    1. Open Network Utility.
    2. Click Traceroute.
    3. In the field, enter "".
    4. Click Trace.

    After starting the trace, look for the line beginning with the number 2. If the address in that line is any IP address in either of the following ranges:

    • 10.x.x.x
    • 192.168.x.x

    ... then your network has multiple layers of NAT.

    If I will change it to bridge mode then how can I use my router?


    Please do explain I'm eager to learn what I'm doing wrong.  I think it's always been like this and Airport Utility sets it up like this by default...


  Bob Timmons

    I suggest that we start at the beginning.


    What is the make and model number of your DSL modem?


    Who is the Internet Service Provider (ISP) that you are using?


    Might you have a link for the setup guide or installation manual?

  rick722

    Modem is zyxel p-600 series autovolt.  ISP is PLDT in Philippines.  It's a modem only no wifi included.  I don't do the setup on it the phone company does.  I might be able to find out how to get into the interface if it's absolutely necessary.  It gives a dynamic ip address via dhcp.  Let me know if I missed any details thanks!


    If it helps this is what the modem looks like:



  Bob Timmons
    It gives a dynamic ip address via dhcp.



    This is what a router does. A router does not have to have wireless capability and it may only have one Ethernet port. Most "modems" these days are really "routers".


    Based on the information that you have provided, my opinion would be that In order to work correctly with an AirPort Extreme, the Zyzel p-600 needs to be in bridge mode. There are any number of links on how to do this. See below. Your ISP may have instructions as well.


    zyxel p-600 bridge mode


    Once the modem is configured correctly in bridge mode, then the AirPort Extreme must be configured to Connect Using PPPoE......not using DHCP.


    On the PPPoE setup page in AirPort Utility, enter your user name with your ISP and your password.  Leave the Service Name area blank.


    Once the AirPort has been set up, you can go back in and change the DNS settings.


  LaPastenague

    It is not the standard way adsl works but it is possible you are on some other method of connection..


    Please post the traceroute for us to see.


    So my traceroute to look like this.


    Miniray:~ Ray$ traceroute

    traceroute to (, 64 hops max, 52 byte packets

    1 (  3.633 ms  0.714 ms  0.667 ms

    2 (  6.826 ms  7.443 ms  6.757 ms

    3 (  7.183 ms  6.831 ms  7.221 ms

    4 (  7.547 ms  8.387 ms  7.115 ms

    5 (  22.017 ms  18.622 ms  18.649 ms

    6 (  19.923 ms  22.621 ms  20.027 ms

    7 (  18.747 ms  18.394 ms  18.940 ms

    8 (  19.115 ms  22.314 ms  19.126 ms



    And let me go back to the start..


    If you always have it use the secondary DNS.. put the google address as the primary and the address you want to use as secondary.. Does that trick the Airport to use the secondary DNS.. ??


    If not then please also post a traceroute to whoever you are using for DNS other than google.


    If it is slow.. the Airport may simply swap to google because it is faster.. the issue has nothing to do with position it is because the primary dns is not resolving the address quickly enough.


    Therefore leave out the secondary DNS and just force it to use the primary.

  rick722

    Ok I found out how to get into my modem interface:




    Pretty sure it's already in bridge mode.  Pretty sure I can also not change anything in that interface without a modem reset.  So I guess nothing else to do there?


    For reasons I don't fully understand a few years back the phone company recommended to stop using PPPoE and use DHCP whether with modem or connected directly to my computer.  They said they switched to an "always on" connection.  At this moment I don't even have a username and password to use with PPPoE.  I might be able to get one though what would the difference be if I switched because it does work with the DHCP, although I must admit my connection ***** most of the time...

  rick722

    Here is my traceroute going to google:


    Traceroute has started…


    traceroute to (, 64 hops max, 72 byte packets

    1 (  1.480 ms  0.682 ms  1.339 ms

    2 (  34.954 ms  35.396 ms  34.725 ms

    3 (  34.556 ms  34.921 ms  33.498 ms

    4 (  57.399 ms  145.163 ms  68.147 ms

    5 (  56.154 ms  78.088 ms  56.542 ms

    6 (  55.086 ms  55.872 ms  96.734 ms

    7 (  79.111 ms  79.636 ms  78.672 ms

    8 (  86.561 ms (  83.303 ms *

    9 (  77.497 ms  77.717 ms (  78.687 ms

    10  * * *

    11 (  79.696 ms  76.879 ms  77.368 ms


    About the dns questions you asked let me make some tests and get back to you...thanks!

  Bob Timmons
    For reasons I don't fully understand a few years back the phone company recommended to stop using PPPoE and use DHCP whether with modem or connected directly to my computer.


    I don't understand that either, but maybe LaPastenague will.


    Your modem seems to be assigning a "private" IP address a "public" IP address.


    Due to the unusual way that your ISP is operating, there just may not be anything else that you can do.

  rick722

    Ok I have called the phone company and tried to get a PPPoE password from them, but they told me I should be connecting DHCP.  Now one thing I did do is put my router in bridge mode.  I can notice one less hop (no more but other than that what advantage does it have?

