Hi,

Last week, I replaced my Archer C80 with the BE400 as my primary router, which is connected to my upstream ISP router (Jio). The initial setup was fine.

In my configuration, I use my own DoH server hosted on Azure with AdGuard Home, running in Ultra Secure Mode on the BE400. Everything worked as expected — all network DNS traffic was redirected to DoH. At the time of setup, my upstream router’s firewall was not configured. Once the BE400 configuration was complete, I blocked port 53 on the ISP router, and everything continued working smoothly.

However, yesterday after rebooting the BE400, the WLAN took about 5–6 minutes to come up. During this time, my laptop and phone connected, but none of them were able to resolve DNS. This was strange, because the BE400 interface showed no issues.

To test, I manually set the DNS in my device’s network settings to the ISP router’s IP (192.168.29.1). Everything immediately worked. To confirm, I rebooted the BE400 again — same issue occurred.

Next, I captured packets on the ISP router’s LAN interface during a BE400 reboot. I noticed multiple DNS requests were being sent to 8.8.8.8. When I allowed DNS traffic to 8.8.8.8 on the ISP router, rebooted the BE400, the issue was resolved: the router came up in about 2 minutes, clients got IP addresses, and DNS lookups worked normally.

The strange part is that the BE400 seems to depend on 8.8.8.8 for bootstrapping. This should not be the case. Requiring DNS access to 8.8.8.8 means any client on the BE400 can also bypass my DoH setup by querying 8.8.8.8 directly, which defeats the purpose of a secure configuration. Ideally, the BE400 should bootstrap against the ISP router’s DNS (192.168.29.1), which is already allowed by default.

Please fix this issue. It creates a security gap, which is not what I expected from this router.