I've been using Asuswrt-Merlin for awhile now (Great Firmware BTW), but I've only recently begun to use the new DNS Filtering options under AiProtection. Here the steps I followed:
1. On my RT-AC68U router (192.168.2.1) I enable DNS Filtering.
2. I set Global Filter Mode to OpenDNS Home (DDNS is configured with DNS-O-Matic) for filtering on all guest devices and any other devices that are not specifically configured.
3. I specifically configure some devices (Apple TV, Printers, etc) to no filtering just in case OpenDNS blocks some random IP specifically needed by those devices.
4. For testing purposes I specify a Custom IP and apply that to a few devices. (See note @ bottom for explanation)
I also tested each option (OpenDNS, No Filtering, and Custom) on my MacBook using ping to make sure that Devices that should be filtering are filtering and devices that don't have filtering are not filtering. All of my devices are set to Configure using DHCP and for the most part, everything seems to be working fine.
So this brings us to my question:
I notice that on each of my client devices, DNS show my router's IP of 192.168.2.1 instead of the IP chosen using the filtering options. Is this normal intended behavior, or a bug?
I was expecting to see the router IP for Gateway, but i was hoping the DNS server would be set based on the specified settings under DNS Filtering (See note @ bottom for explanation).
Note:
I've also been tinkering with a Bind9 server on my Windows 7 Pro Machine (the Custom IP in DNS Filtering points to this computer). I do web design/hosting as a side business, and my eventual goal is to be able to setup a dev environment on my LAN that would mirror my clients live sites.
It would be ideal if I could create the sites in a Linux VM on my MacBook, and have some of my LAN devices (iPad, iPhone, Androids, etc) be able to resolve to the domain names set on the VM so that I could test CSS and Responsive layouts directly on these mobile devices. I would also avoid having to deal with managing multiple host files and wacky host file workarounds on mobile devices. I could simply configure the device to point to the Custom IP in DNS Filtering. And once I'm done making changes locally and finish uploading the changes to the live site, I could easily switch these devices back to OpenDNS or any other option and be able resolve the live sites.
However the above is not currently working because the DNS settings of the client devices are being populated with the router's IP. Since the router is already running dnsmasq, this creates a conflict with the Bind9 server. If client devices were able to pull the appropriate DNS setting based on the DNS Filtering applied to each client, this would eliminate the conflict.
I have tested this by using the Bind9 server as the DNS server under LAN>DHCP. This allows client devices to show the Bind9 server as the DNS Server and completely ignore the dnsmasq server on the router and properly resolve local domains. However, this breaks the DNS Filtering functionality.
I also thought about doing this in dnsmasq directly on the router itself using the JFFS partition, but I couldn't find a way to do this with out affecting all of the DHCP clients or without having to write to the JFFS partition multiple times when I'm trying to configure an new dev domain.
On the other hand, most of this is still really new to me, so I'm probably approaching this in completely the wrong way. If anyone has any suggestions, I would greatly appreciate it.
1. On my RT-AC68U router (192.168.2.1) I enable DNS Filtering.
2. I set Global Filter Mode to OpenDNS Home (DDNS is configured with DNS-O-Matic) for filtering on all guest devices and any other devices that are not specifically configured.
3. I specifically configure some devices (Apple TV, Printers, etc) to no filtering just in case OpenDNS blocks some random IP specifically needed by those devices.
4. For testing purposes I specify a Custom IP and apply that to a few devices. (See note @ bottom for explanation)
I also tested each option (OpenDNS, No Filtering, and Custom) on my MacBook using ping to make sure that Devices that should be filtering are filtering and devices that don't have filtering are not filtering. All of my devices are set to Configure using DHCP and for the most part, everything seems to be working fine.
So this brings us to my question:
I notice that on each of my client devices, DNS show my router's IP of 192.168.2.1 instead of the IP chosen using the filtering options. Is this normal intended behavior, or a bug?
I was expecting to see the router IP for Gateway, but i was hoping the DNS server would be set based on the specified settings under DNS Filtering (See note @ bottom for explanation).
Note:
I've also been tinkering with a Bind9 server on my Windows 7 Pro Machine (the Custom IP in DNS Filtering points to this computer). I do web design/hosting as a side business, and my eventual goal is to be able to setup a dev environment on my LAN that would mirror my clients live sites.
It would be ideal if I could create the sites in a Linux VM on my MacBook, and have some of my LAN devices (iPad, iPhone, Androids, etc) be able to resolve to the domain names set on the VM so that I could test CSS and Responsive layouts directly on these mobile devices. I would also avoid having to deal with managing multiple host files and wacky host file workarounds on mobile devices. I could simply configure the device to point to the Custom IP in DNS Filtering. And once I'm done making changes locally and finish uploading the changes to the live site, I could easily switch these devices back to OpenDNS or any other option and be able resolve the live sites.
However the above is not currently working because the DNS settings of the client devices are being populated with the router's IP. Since the router is already running dnsmasq, this creates a conflict with the Bind9 server. If client devices were able to pull the appropriate DNS setting based on the DNS Filtering applied to each client, this would eliminate the conflict.
I have tested this by using the Bind9 server as the DNS server under LAN>DHCP. This allows client devices to show the Bind9 server as the DNS Server and completely ignore the dnsmasq server on the router and properly resolve local domains. However, this breaks the DNS Filtering functionality.
I also thought about doing this in dnsmasq directly on the router itself using the JFFS partition, but I couldn't find a way to do this with out affecting all of the DHCP clients or without having to write to the JFFS partition multiple times when I'm trying to configure an new dev domain.
On the other hand, most of this is still really new to me, so I'm probably approaching this in completely the wrong way. If anyone has any suggestions, I would greatly appreciate it.
