DNS Filtering - Custom DNS?

[DarkWolfSLV]

I like to manually configure DHCP and therefore for IPv4 I have configured 9.9.9.9 (Quad9) as DNS server and for IPv6 I have 2620:fe::fe (Quad9 IPv6).

ALL my devices correctly receive the following IP settings:
IP: 172.16.0.X
M: /24
DG: 172.16.0.1
DNS: 9.9.9.9

IP: 2001:A:B:C::1001
M: /64
DG: 2001:A:B:C::1
DNS: 2001:A:B:C::1

If everything is configured correctly I should only being using Quad9 as DNS Server, right? Then I was wondering how DNS-based Filtering actually works.
If it is forcing my DNS queries to whatever service I have configured, then what's the point for all the "custom" DNS you can configure?

Thank you!

 

[Vexira]

dns filter global mode will force all devices to use the dns server you set, custom dns is for if you want to server a specific dns server that's not listed, no filtering will bypass the global dns filter if you set it to a device.

 

[DarkWolfSLV]

Hi Vexira!
It was so obvious but I totally overlook the manual config! hahahah

Thank you so much for the reply!

 

[dave14305]

You didn’t ask, but you might consider a modified setup to enforce Quad9 for your network:

• Remove the LAN DHCP DNS entries.
• Enable “Advertise router IP as DNS.”
• Set WAN DNS servers to Quad9.
• Set the DNSFilter global rule to “Router”.

This offers a few benefits:

• Local caching of DNS replies on the router.
• Local LAN hostname resolution for your device names.
• Ability to use router-based Adblocking solutions like Diversion.

 

[DarkWolfSLV]

Actually I was reading about Diversion a few days ago.
I'll play with the settings following your suggestions.

Thanks Dave.

 

[Treadler]

You didn’t ask, but you might consider a modified setup to enforce Quad9 for your network:

• Remove the LAN DHCP DNS entries.
• Enable “Advertise router IP as DNS.”
• Set WAN DNS servers to Quad9.
• Set the DNSFilter global rule to “Router”.

This offers a few benefits:

• Local caching of DNS replies on the router.
• Local LAN hostname resolution for your device names.
• Ability to use router-based Adblocking solutions like Diversion.

This.

Works very well for me.

 

[Vexira]

Hi Vexira!
It was so obvious but I totally overlook the manual config! hahahah

Thank you so much for the reply!

View attachment 15939

You are welcome I'm using pi hole for network based ad blocking, it's what I use for my DNS as a server that what my custom server is set to my rock64 use to be a raspberry pi, my 88u is not powerful enough to run some of the awesome scripts here that do the same thing.

 

[Zonkd]

You didn’t ask, but you might consider a modified setup to enforce Quad9 for your network:

• Remove the LAN DHCP DNS entries.
• Enable “Advertise router IP as DNS.”
• Set WAN DNS servers to Quad9.
• Set the DNSFilter global rule to “Router”.

This offers a few benefits:

• Local caching of DNS replies on the router.
• Local LAN hostname resolution for your device names.
• Ability to use router-based Adblocking solutions like Diversion.

Second This! No need to send all dns queries upstream.

 

[smunro622]

great comments, i have been using the same, and i just set dns per device AIProtection dns filtering.
I have my printer and IOT devices using DNS home and use web and apps protection on these devices.
basically check all of these boxes and put them on 2.4 ghz and enable isolation mode and use 5 ghz for everything else.

 

[sbsnb]

This offers a few benefits:

• Local caching of DNS replies on the router.
• Local LAN hostname resolution for your device names.
• Ability to use router-based Adblocking solutions like Diversion.

Another benefit is that devices with hard coded DNS resolvers (like Netflix) will be forced to use your DNS without even knowing it.