What's new

Disable dns changing in ui

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Dee dee

Regular Contributor
All,

Is there a way that I can make it so that any connected device must use the DNS servers that I specify in my ASUS router.

I have the rt-ax3000 running Asus Merlin.

I remember I used open wrt or tomato many years ago and there was an option I did that made it if you change your DNS server on your Windows machine or anything you wouldn't get internet access.

I saw this article but I wasn't sure what it was I don't remember Website example
 
DNSFilter in LAN section set to Router
I did that and then on my laptop I set the custom DNS to 1.1.1.1 and I'm still able to access the internet on the same Wi-Fi device.

Is there anything else I have to be doing
 
DNSFilter doesn't block access to the internet. It forces any change by the client to a different DNS server than you intended to use your intended server. And ultimately, that's what you want, right?
 
Ok and possibly amateur q. How do I in Windows make sure that it's using that DNS server that I specified and not the one that they're using.
 
DNSFilter doesn't block access to the internet. It forces any change by the client to a different DNS server than you intended to use your intended server. And ultimately, that's what you want, right?
Yes basically so the kids are always using next DNS and it blocks any malicious or spyware or any of that stuff
 
P.S. Personally, I always verify what DNS is being used via connection tracking. That's absolute proof and doesn't rely on a third party.

Code:
watch -tn5 "cat /proc/net/nf_conntrack | egrep 'dport=(53|853) '"

What you'll see are various LAN clients communicating w/ DNSMasq based on its LAN ip, then DNSMasq forwarding those public queries over the WAN.

This technique is particularly useful when you're concerned not just what DNS server is being used, but which network interface is being used for that DNS server (e.g., WAN vs. VPN).
 
Last edited:
P.S. Personally, I always verify what DNS is being used via connection tracking. That's absolute proof and doesn't rely on a third party.

Code:
watch -tn5 "cat /proc/net/nf_conntrack | egrep 'dport=(53|853) '"

What you'll see are various LAN clients communicating w/ DNSMasq based on its LAN ip, then DNSMasq forwarding those public queries over the WAN.

This technique is particularly useful when you're concerned not just what DNS server is being used, but which network interface is being used for that DNS server (e.g., WAN vs. VPN).
Ty will see if they have a Windows equivalent or would work in wsl
 
Ty will see if they have a Windows equivalent or would work in wsl

That command needs to be executed on the *router*, using ssh. The idea is to watch DNS traffic come into the router from various clients, and watch as DNSMasq forwards DNS queries out the WAN on their behalf.
 
Last edited:
ty @eibgrad im confused on the output. Ran it on SSH and showed my IP.

I tried cnn.com and such, but then blocked a site on NEXTDNS and set my computer's IP to 1.1.1.1 and it was still blocked. So i assume working :)

@Tech9 where do i go to block IPV6 and where do i block port 853.

I haven't used diversion in a while so will look for the "nuke guide" as i recall.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top