Available Now: Buy the new iPhone 14, iPhone 14 Pro and iPhone 14 Pro Max from AT&T!
Get superfast AT&T Fiber internet

New Member


2 Messages

Tue, Jan 11, 2022 4:22 AM

BGW320-505 Modem not allowing DNS Mods

Yeah real nice AT&T... So you just up and decide to hijack DNS by not allowing me to modify it on the modem. Sure I set my DNS to on the device and think I'm all well and good, but when I do a 'show ipconfig /all' I see it. My DNS Suffix Search List is set to attlocal.net. NEAT! So when I hop over into the modem I see that it didn't transfer all the settings from the old one to the new one. You have now set your DNS to primary. Ok, no biggie I'll just set it back. Oh wait, what's that? You CAN'T?!?!? Well apparently so! Cute... very disgustingly cute... So now I'm going to chill on my VPN until someone finally comes to the area and offers up 1Gbs speeds (that you have never been able to actually provide). I wonder if the FCC would have something to say about this? I sure as (Edited per community guidelines) know I'm going to check and see. But I thought I'd pass on this little chestnut of trash. This is why I'll happily switch to StarLink or another service when I can get it in my area. Y'all have gone to the dark side. 

New Member


8 Messages


If you want to use a different DNS, just set up your own router via IP passthrough and then you can configure your router to use any DNS server you desire. 


Community Support


200.4K Messages


We're here to help get your Gateway setup for networking, ryokox37!


If you are wanting to use features not available in your AT&T Gateway, we suggest you Configure IP Passthrough by using a third party router that allows those features.


Keep in mind that before following these settings, you may need to Factory Reset your AT&T Gateway to make sure all settings are correct. Here are the instructions for setting it up:

  1. Open a browser on a computer that is directly connected to the Gateway.

  2. In the address bar, enter http://sm.att.com/d4ea8c40.

  3. In the GUI select Settings, then Firewall, and then Applications, Pinholes, and DMZ.

  4. Under Select a Computer, click the device name or IP address of the device you wish to put in DMZplus mode.

  5. Select the Allow all Applications(DMZplus mode) radio button.

  6. Select Save.

Let us know if you have any further questions or concerns.


Donovan, AT&T Community Specialist




209 Messages


Umm, @ryokox37  I think you may be mistaken on how DNS works.

The DNS search domain or suffix search list is an automatic addition to host name that is applied when looking for a host on the network.  So, when you do a nslookup my_local_PC, nslookup will know to append .attlocal.net to the end. All clients on your network will have this provided by the DHCP server.  It is purely to aid in local network host name resolution.  Additionally, if your computer attempts to resolve my_local_PC.attlocal.net, it will work if using the ATT RG, but will fail when attempted with a public DNS server like (you can try this yourself and see that when your computer is set to use, looking up any .attlocal.net will fail.

No you cannot change the DNS servers in the ATT RG.  They built it that way for several reasons, including (and probably not in this order): simple configurations that work out of the box, provide fancy landing page when a DNS lookup fails, keep track of every hostname you ever look up.  Item 3 would allow them to basically track every website you visit and then target ads or relay to the NSA... But, setting the DNS server manually on your PC should force resolution to your chosen servers with a few caveats (below).

By default, DNS is unencrypted, so any device that the packet passes through would be able to see the host name that you looked up (and change the response), so even changing the DNS servers on your PC, in theory, ATT could still see what you looked up because the GW is under their control. This would be the case in IP Passthrough as well. This same sentiment would apply to the next router up in the connection, so you really cannot get around them (or anyone) sniffing what you are up to without encrypting the traffic. So, what to do? DNS requests can be encrypted using TLS or HTTPS and therefore hidden from view or modification during transit, so only you and the DNS server know what host you looked up.

On my network, I actually do a NAT redirect on outbound connections destined for UDP port 53 and redirect to my internal DNS server which will perform the lookup over TLS, thereby preventing my ISP from seeing what I looked up. In addition to privacy, another benefit is that all normal DNS requests are routed through my DNS block list (adware and malware) even if a host has different DNS servers manually configured.

Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.