1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DNS Filtering - Custom DNS?

Discussion in 'Asuswrt-Merlin' started by DarkWolfSLV, Jan 16, 2019.

  1. DarkWolfSLV

    DarkWolfSLV New Around Here

    Joined:
    Dec 6, 2018
    Messages:
    3
    I like to manually configure DHCP and therefore for IPv4 I have configured 9.9.9.9 (Quad9) as DNS server and for IPv6 I have 2620:fe::fe (Quad9 IPv6).

    upload_2019-1-16_21-11-44.png

    upload_2019-1-16_21-11-56.png

    ALL my devices correctly receive the following IP settings:
    IP: 172.16.0.X
    M: /24
    DG: 172.16.0.1
    DNS: 9.9.9.9

    IP: 2001:A:B:C::1001
    M: /64
    DG: 2001:A:B:C::1
    DNS: 2001:A:B:C::1

    If everything is configured correctly I should only being using Quad9 as DNS Server, right? Then I was wondering how DNS-based Filtering actually works.
    If it is forcing my DNS queries to whatever service I have configured, then what's the point for all the "custom" DNS you can configure?

    upload_2019-1-16_21-18-42.png

    Thank you! :)
     
  2. Vexira

    Vexira Very Senior Member

    Joined:
    Jan 20, 2017
    Messages:
    1,439
    Location:
    Australia
    dns filter global mode will force all devices to use the dns server you set, custom dns is for if you want to server a specific dns server that's not listed, no filtering will bypass the global dns filter if you set it to a device.
     
  3. DarkWolfSLV

    DarkWolfSLV New Around Here

    Joined:
    Dec 6, 2018
    Messages:
    3
    Hi Vexira!
    It was so obvious but I totally overlook the manual config! hahahah

    Thank you so much for the reply! :)

    upload_2019-1-16_21-41-45.png
     
    Vexira likes this.
  4. dave14305

    dave14305 Senior Member

    Joined:
    May 19, 2018
    Messages:
    345
    You didn’t ask, but you might consider a modified setup to enforce Quad9 for your network:
    • Remove the LAN DHCP DNS entries.
    • Enable “Advertise router IP as DNS.”
    • Set WAN DNS servers to Quad9.
    • Set the DNSFilter global rule to “Router”.
    This offers a few benefits:
    • Local caching of DNS replies on the router.
    • Local LAN hostname resolution for your device names.
    • Ability to use router-based Adblocking solutions like Diversion.
     
    Zonkd, Treadler and DarkWolfSLV like this.
  5. DarkWolfSLV

    DarkWolfSLV New Around Here

    Joined:
    Dec 6, 2018
    Messages:
    3
    Actually I was reading about Diversion a few days ago.
    I'll play with the settings following your suggestions.

    Thanks Dave.
     
  6. Treadler

    Treadler Senior Member

    Joined:
    Nov 9, 2017
    Messages:
    248
    Location:
    South Australia

    This.

    Works very well for me.
     
  7. Vexira

    Vexira Very Senior Member

    Joined:
    Jan 20, 2017
    Messages:
    1,439
    Location:
    Australia
    You are welcome I'm using pi hole for network based ad blocking, it's what I use for my DNS as a server that what my custom server is set to my rock64 use to be a raspberry pi, my 88u is not powerful enough to run some of the awesome scripts here that do the same thing.
     
  8. Zonkd

    Zonkd Senior Member

    Joined:
    Oct 19, 2014
    Messages:
    297
    Second This! No need to send all dns queries upstream.
     
  9. smunro622

    smunro622 New Around Here

    Joined:
    Jun 3, 2017
    Messages:
    8
    great comments, i have been using the same, and i just set dns per device AIProtection dns filtering.
    I have my printer and IOT devices using DNS home and use web and apps protection on these devices.
    basically check all of these boxes and put them on 2.4 ghz and enable isolation mode and use 5 ghz for everything else.
     
  10. sbsnb

    sbsnb Regular Contributor

    Joined:
    Aug 9, 2017
    Messages:
    143
    Another benefit is that devices with hard coded DNS resolvers (like Netflix) will be forced to use your DNS without even knowing it.
     
    dave14305 likes this.