Openai/695ec913-1960-800f-9931-656c6b18e01b

User: how can i log DNS requests on a Netgear Nighthawk RAXE290 router edit

how can i log DNS requests on a Netgear Nighthawk RAXE290 router

Assistant: On the NETGEAR Nighthawk RAXE290, there isn’t a “true DNS query log” feature in the stock firmware like “log every A/AA… edit

On the NETGEAR Nighthawk RAXE290, there isn’t a “true DNS query log” feature in the stock firmware (like “log every A/AAAA/TXT lookup per client”). What you can do is one of these:

1) Use the built-in “Activity Log” (limited, not full DNS logging) edit

This is the only native logging that will show target hostnames sometimes, but it’s tied to keyword blocking and is limited in size.

Enable keyword blocking (required for log entries):

• Log into the router UI
• Go to ADVANCED > Security > Block Sites
• Turn keyword blocking Always (or per schedule) and add a keyword/domain as needed Netgear Downloads^[2] Note: Netgear’s manual says keyword blocking only works for http:// URLs, not https://. Netgear Downloads^[3]

View the logs:

• ADVANCED > Administration > Logs Netgear Knowledge Base^[4] The log shows date/time, source IP, target address (name or IP), and action. Netgear Knowledge Base^[5] Netgear also notes that log entries display only when keyword blocking is enabled, and it stores up to 256 entries. Netgear Knowledge Base^[6]

✅ Good for: “what sites were attempted/blocked” (sometimes) ❌ Not good for: “log all DNS requests” (record types, every lookup, encrypted DNS, etc.)

2) The practical way: log DNS using a real DNS resolver (Pi-hole / AdGuard Home) edit

If your goal is “log every DNS request, per device”, run a DNS server on your network (Pi-hole is the popular choice) and point clients to it.

Point the router to your DNS server (basic approach):

• In the router UI go to Internet
• Under DNS, select Use these DNS Servers and enter your Pi-hole/AdGuard IP(s). Netgear Knowledge Base^[7]

Important detail (to get per-device logs): Many setups end up with Pi-hole showing the router as the client for everything. The usual fix is to make Pi-hole the DHCP server so clients use it directly for DNS.

• Disable DHCP on the router: ADVANCED > Setup > LAN Setup and clear Use Router as DHCP Server. Netgear Downloads^[8]
• Enable DHCP on Pi-hole/AdGuard instead, then renew DHCP leases on clients.

✅ Best option for: accurate, searchable, per-device DNS logs

3) Packet-capture DNS traffic (advanced; still not perfect) edit

If you have a managed switch (or another way to mirror traffic), you can capture UDP/TCP 53 with Wireshark. This logs DNS packets—but…

• It won’t capture DNS over HTTPS (DoH) or other encrypted DNS traffic.
• Even Netgear notes that DoH is handled between the client device and DNS server and can change how DNS behaves on the network. Netgear Knowledge Base^[9]

✅ Useful for: troubleshooting spikes, seeing raw DNS packets ❌ Not complete if devices use DoH/DoT

If you tell me what you’re trying to accomplish (kid/smart TV monitoring? troubleshooting a “chatty” device? security?), I’ll recommend the best of the three and the cleanest setup for your network. edit