What your router actually logs — and what it does not
Most home routers log connection-level data: DHCP lease assignments (which device got which IP address), firewall hits (blocked connection attempts), and sometimes outbound connection logs showing destination IPs and ports. What consumer routers typically do not log by default: full URLs, page content, search queries, usernames, passwords, or anything inside HTTPS connections.
If your router runs a DNS resolver — which most do — it may also log DNS queries: the domain names queried by devices on your network. This is the closest thing to "browsing history" a router can record. What DNS query logs capture:
- Domain name (e.g.
reddit.com,netflix.com) — not the full URL - Timestamp of the query
- Device IP address — which local device made the request
Important: Many consumer routers have DNS logging disabled by default to conserve storage. You may find no logs unless logging was previously enabled. Check your router admin panel under System Log or DNS settings to see what is currently being captured.
What DNS Query Logs Actually Reveal
DNS query logs show every domain name your devices contacted — which reveals far more than most people expect. From domain-level logs you can infer which apps are installed and active (each app phones home to its own domains), which streaming services are used and approximately when, which news sites and social platforms are visited, and whether any devices are contacting known ad, tracking, or malware domains. What DNS logs do not reveal: the specific URL path, what was searched, what was read, or any content within the page — only that the device contacted that domain at that time.
How to access router logs (by brand)
- Log in to your router admin panel — go to 192.168.1.1, 192.168.0.1, or your gateway IP.
- Look for a Logs, System Log, or Traffic Monitor section:
- Netgear: Advanced → Administration → Logs. Enable "Resolve Names" to see domain names instead of raw IPs.
- Asus: System Log → General Log (shows DNS queries if logging is enabled). Also check Traffic Analyzer → Traffic Monitor for bandwidth per device.
- TP-Link: Advanced → System → System Log. DNS query logging may require enabling under Advanced → Network → DNS.
- Linksys: Administration → Log → Enabled. Logs show outbound connections.
- Xfinity / ISP gateways: Most ISP gateways provide very limited logging in the admin panel. Xfinity shows connected devices and bandwidth but not DNS queries by default.
ISP Logging: What They See Beyond Your Router
Your router logs are only visible to people with access to your router admin panel. Your ISP operates at a different level and sees traffic before it even reaches your router's log:
- DNS queries (unencrypted): If you use your ISP's default DNS resolver, every domain name lookup is visible to the ISP. US ISPs can legally sell anonymized aggregate browsing data. UK ISPs are legally required to retain connection logs for 12 months under the Investigatory Powers Act.
- IP connection records: Your ISP can see which IP addresses you connect to, even when DNS is encrypted, because the IP address appears in the connection itself.
- Content of HTTPS pages: Not visible to your ISP — the payload is encrypted end-to-end.
What HTTPS Hides — and What It Does Not
HTTPS encrypts the URL path and all page content between your browser and the server. Your ISP and router cannot read what you typed into a search bar, what article you read, or what you watched. However, two pieces of information remain visible even over HTTPS: the destination IP address (necessary for routing the packet) and the SNI (Server Name Indication) hostname, which your browser sends in plaintext during the TLS handshake so the server knows which certificate to present. SNI effectively leaks the domain name to anyone observing the connection — including your router and ISP — even when the page content itself is encrypted.
Encrypting DNS to Limit Visibility
Two standards encrypt DNS queries to prevent your router and ISP from reading domain-level lookups:
- DNS-over-HTTPS (DoH): Wraps DNS queries inside standard HTTPS to port 443. Configured in browsers (Firefox, Chrome) or system-wide on Windows 11 and Android. Sends queries to resolvers like Cloudflare (1.1.1.1) or Google (8.8.8.8) instead of your ISP's resolver.
- DNS-over-TLS (DoT): Encrypts DNS over a dedicated TLS connection on port 853. Supported natively in Android 9+ (Private DNS setting) and configurable on routers running custom firmware.
Note: DoH and DoT hide your queries from your ISP's DNS resolver but not from the DoH/DoT provider you use. You are shifting trust, not eliminating it.
Pi-hole and AdGuard Home as DNS Logging Tools
If you want comprehensive DNS-level visibility into your own network, tools like Pi-hole and AdGuard Home act as local DNS resolvers and log every query from every device. The query log dashboard shows which device queried which domain, at what time, and whether it was blocked. This is genuinely useful for identifying misbehaving apps, tracking-heavy devices, or unauthorized activity. The privacy trade-off is that all DNS queries on your network pass through a single local device — if that device is compromised or misconfigured, it becomes a single point of failure for network DNS.
Enable DNS query logging for detailed history
For a comprehensive view of all domains visited, use a local DNS resolver with logging:
- Pi-hole (Raspberry Pi or Docker container on your network) — logs every DNS query from every device, with timestamps and device names.
- NextDNS — cloud DNS service with a free tier that logs all queries and lets you view history per device from any browser.
- OpenDNS — similar to NextDNS, with usage statistics and category-level reporting.
How to clear router logs
In your router admin panel, find the Logs section and look for a Clear Log or Delete All button. On most routers, logs are also cleared automatically when the router restarts. For routers with persistent storage logging (rare in consumer gear), check the admin panel for a log rotation setting.