Wiki / Subnet DNS question

[bbwolfe]

(I hope this is correct Forum category)

First off, hats off and much thanks for all the work that went into the Wiki on BlueIris, etc. Incredible information!

I had a question about configuring my BlueIris cameras on the subnet. (two NIC's). Protecting the BI and the cameras for the Internet.
The Wiki recommends setting the camera's "Default Gateway" to the dedicated subnet: 192.168.55.254. This all works just fine.

My question is that the DNS setting. The recommendation is 8.8.8.8, which is Google.
Is this appropriate? Does this expose the Camera? Does this setting even do anything since the Default Gateway is set to the 2nd NIC subnet?

Of course the goal is to keep the Cameras inaccessible from the internet except through my BI app when I'm remote.

 

[jmhmcse]

If possible leave Default Gateway field on the camera blank. When you can’t leave it empty, enter a non-used local IP address from the same subnet. Whether the camera(s) are on a separate subnet or not, don’t enter an active address or one that may be used in the future.

Never enter an actual DNS server’s IP into the camera; e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.

Disable UPnP on each of the cameras as well as your router.

 

[bbwolfe]

If possible leave Default Gateway field on the camera blank. When you can’t leave it empty, enter a non-used local IP address from the same subnet. Whether the camera(s) are on a separate subnet or not, don’t enter an active address or one that may be used in the future.

Never enter an actual DNS server’s IP into the camera; e.g. 1.1.1.1, 8.8.8.8, 9.9.9.9, etc.

Disable UPnP on each of the cameras as well as your router.

Thank you for this! I was following the guidance on setting up a two NIC system like I have with the cameras on a separate subnet. It showed setting the cameras with that DNS server address (8.8.8.8) and it felt wrong!

Again, appreciate this help!

 

[wittaj]

While it shouldn't matter what is in there, it is best to not put an actual working IP. If you can't leave it blank, then point it back to itself. Many of us do that with the camera DNS and point it back to the IP address of the camera.

Further, it is good to not make you internet subnet be that of the default IP of cams.

For example, someone wiresharked one time the camera trying to reach 192.168.1.1 (a typical default router IP address) even though the camera was on a different subnet. The camera default was 192.168.1.108 and either accidentally or intentionally the camera was hard-coded to try the 192.168.1.1 IP regardless of what someone typed into the camera.

The local IP has to will fall under these ranges as these are reserved for the "home side" of the service

10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

So if your router IP address happens to be 192.168.1.1, consider changing the last two numbers, say 192.168.3.3 as an example.

 

[bbwolfe]

While it shouldn't matter what is in there, it is best to not put an actual working IP. If you can't leave it blank, then point it back to itself. Many of us do that with the camera DNS and point it back to the IP address of the camera.

Further, it is good to not make you internet subnet be that of the default IP of cams.

For example, someone wiresharked one time the camera trying to reach 192.168.1.1 (a typical default router IP address) even though the camera was on a different subnet. The camera default was 192.168.1.108 and either accidentally or intentionally the camera was hard-coded to try the 192.168.1.1 IP regardless of what someone typed into the camera.

The local IP has to will fall under these ranges as these are reserved for the "home side" of the service

10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

So if your router IP address happens to be 192.168.1.1, consider changing the last two numbers, say 192.168.3.3 as an example.

Perfect. Thank you!

Here were the config settings I was following from a different post:

 

[wittaj]

Perfect. Thank you!

Here were the config settings I was following from a different post:

In theory, it needs an active gateway to get to the DNS IP addresses.

I point them all back to the device.