Hi,
I am not a network guru here; I am just trying to use the functions of my Asus router to the fullest,
in any possible way.
I have downloaded the AsusWRT manual from the Asus website.
and found that there is no reference or documentation about DNS Director.
Reference: https://github.com/RMerl/asuswrt-merlin.ng/wiki/DNS-Director
The link above has some brief documentation but does not show the real nitty gritty details
of its configuration.
So naturally, I just want to ask the community: has anyone tried this DNS Director feature before?
I have tried & tinkered over the weekends, and I have determined the following findings to be true.
If anyone finds my statement to be false, Please feel free to correct me by showing
screenshot of the findings. For me, I have prepared enough screenshots to back up
my investigation.
1) DNS Director: What is the purpose?
DNS Director overrides the router's WAN DNS settings when activated and properly configured.
[DNS Director, when enable, will just take over "the whole ship he is the captain"]
2) DNS Director: What is the purpose?
You can have a group of LAN devices send DNS queries to DNS A.
And you can have another group of LAN devices send DNS queries to DNS B.
DNS A = less restrictive for a grown-up adult to access the internet
DNS B is very restrictive for underage kids to access the internet.
3) Let's say DNS B (very restrictive) is configured to be used in the router's WAN setting.
A smart underage user went to the Windows TCP/IP properties and changed its
DNS setting to DNS A (less restrictive).
Under this condition, DNS Director has no way to intercept and force all the DNS queries back to DNS B.
Hence, the user has successfully circumvented the restriction by simply changing the DNS server.
4) Presumably, all underage users do not have access to a VPN.
How to prevent underage users from surfing the internet to adult sites is actually not by activating DNS Director.
Here are the following steps:
(A) Diable DNS Director.
(B) Use CleanBrowser Family DNS servers (or any free DNS servers of your choice) at the WAN setting.
(C) Go to Firewall >> Network Services Filter >> Create a deny list >> Add 2 lines to block traffic TCP and UDP port = 53
Done.
The above 3 steps will stop any user trying to access restrictive website. Once the DNS setting is tampered with,
Accessing the internet will be blocked.
Thank you.
I am not a network guru here; I am just trying to use the functions of my Asus router to the fullest,
in any possible way.
and found that there is no reference or documentation about DNS Director.
Reference: https://github.com/RMerl/asuswrt-merlin.ng/wiki/DNS-Director
The link above has some brief documentation but does not show the real nitty gritty details
of its configuration.
I have tried & tinkered over the weekends, and I have determined the following findings to be true.
If anyone finds my statement to be false, Please feel free to correct me by showing
screenshot of the findings. For me, I have prepared enough screenshots to back up
my investigation.
1) DNS Director: What is the purpose?
DNS Director overrides the router's WAN DNS settings when activated and properly configured.
[DNS Director, when enable, will just take over "the whole ship he is the captain"]
2) DNS Director: What is the purpose?
You can have a group of LAN devices send DNS queries to DNS A.
And you can have another group of LAN devices send DNS queries to DNS B.
DNS A = less restrictive for a grown-up adult to access the internet
DNS B is very restrictive for underage kids to access the internet.
3) Let's say DNS B (very restrictive) is configured to be used in the router's WAN setting.
A smart underage user went to the Windows TCP/IP properties and changed its
DNS setting to DNS A (less restrictive).
Under this condition, DNS Director has no way to intercept and force all the DNS queries back to DNS B.
Hence, the user has successfully circumvented the restriction by simply changing the DNS server.
4) Presumably, all underage users do not have access to a VPN.
How to prevent underage users from surfing the internet to adult sites is actually not by activating DNS Director.
Here are the following steps:
(A) Diable DNS Director.
(B) Use CleanBrowser Family DNS servers (or any free DNS servers of your choice) at the WAN setting.
(C) Go to Firewall >> Network Services Filter >> Create a deny list >> Add 2 lines to block traffic TCP and UDP port = 53
Done.
The above 3 steps will stop any user trying to access restrictive website. Once the DNS setting is tampered with,
Accessing the internet will be blocked.
Thank you.
Last edited: