What's new

DNS filtering

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

kreotoDR

New Around Here
Good day dear Dear RMerlin, forum!!

Please forgive me for machine translation of text...))

Updating 380,xx there is the possibility of DNS filtering
Thus, each client can be assigned multiple services.
Such as OPEN DNS + NORTON DNS + etc.

For example:


The essence of my question. DNS filtering is consistent across all services or only through the first or the last in the list assigned to this client?
 
Last edited:
if you apply multiple services it would automatic choose one of the assigned services

to explain it easy

you connect to the internet by DNS
so if i connect to a webpage , it will use the dns to look up ( in this case google 8.8.8.8 as primairy )
if that connection is slower then the second dns , it will take the second dns ( or primary the first dns that response )

in your case , if you use multiple dns settings , it will ping them all at the same time and the first to response is the one you will get the page from

so to explain it differend
opendns blocks google.com
norton blocks yahoo.com
yandex blocks msn.com

so you go to google.com -> opendns dns will NOT response but norton will -> you see google.com even when blocked
same for the other sites , as those second and third dns will response on your request when the first one will fail

so using multiple dns providers is good if you want to make sure your page load , but not good for dns filtering as you wont filter anything unless all those providers blocks the same page

then for priority , probaly the one on top is the first in list ( primary dns ) and so on ( second , third .. ) , but the order does basicly not mather as it is the fastest that response will provide the webpage you ask

dns -> Domain Name Service -> Translation of ip adress to a url/web adress
blocked dns -> prevent resolving of a domain as it would not exist -> no response from dns server ( not found error )

the first dns that response the fastest will get used , as you use multiple dns servers will there always be one that response as the dns block will fail to response so the filter that does not have that block will always be faster to response

ps: this methode get mainly used by users who like to access torrent sites that get blocked by the isp ( like belguim ) so they can still access it even when blocked

Greets From PowerChaos
 
if you apply multiple services it would automatic choose one of the assigned services
to explain it easy
you connect to the internet by DNS....

Strange, I thought that the SCHEME works differently..
Here is an example: Inclusive service for TrendMICRO And enabled filter NORTON DNS.
So. Missing TrendMICRO, NORTON DNS does not pass.
Or am I wrong?

Thank You for the answer!
 
you can only use 1 dns setting to make it work

example
if you use 208.67.222.222 then you use opendns server and all traffic will use that way
if you use 8.8.8.8 then you use google dns , ( public with no filtering) and all traffic will use that way

if you use both , then the first ip to send a reply will be used ( mostly google as it is faster in my opinion )

in your case , the dns filtering will only work if you use the router ip as dns server ( 192.168.1.1 )
so the router need to resolve the ip adress and then it will use the assigned dns service you assigned ( opendns for example )

if you like to try it out , in windows put the following dns , 8.8.8.8 - 8.8.4.4 ( google dns) and go to this page
http://welcome.opendns.com

in your router , put a setting of opendns , you will see it will still says that it fails
then the second test , put the router ip (192.168.1.1 basic ) as dns in windows , and then you see that it will work

here is some info how to change your dns manual
https://support.opendns.com/hc/en-us/articles/228007207-Windows-10-Configuration

if you are talking about a program to use dns , then the router will get bypassed and no settings on the router will work ( the program just change your network settings like a vpn program , nothing more xD )
 
THIS IS ENTIRELY WRONG. DNS Filter does not work this way.

@PowerChaos You appear to be confusing DNS lookups with DNS Filtering, they are different things. Also, your understanding of how DNS lookups work is not 100% correct. The exact behaviour varies depending on how the client and server have been configured. For Windows that means it will query its primary DNS server first and wait for a reply. If it does not get a reply it will query it again and wait. If it still fails to get a reply it will query all it's DNS servers at once. (This is for IPv4, IPv6 brings a different behaviour ;))
if you apply multiple services it would automatic choose one of the assigned services

to explain it easy

you connect to the internet by DNS
so if i connect to a webpage , it will use the dns to look up ( in this case google 8.8.8.8 as primairy )
if that connection is slower then the second dns , it will take the second dns ( or primary the first dns that response )

in your case , if you use multiple dns settings , it will ping them all at the same time and the first to response is the one you will get the page from

so to explain it differend
opendns blocks google.com
norton blocks yahoo.com
yandex blocks msn.com

so you go to google.com -> opendns dns will NOT response but norton will -> you see google.com even when blocked
same for the other sites , as those second and third dns will response on your request when the first one will fail

so using multiple dns providers is good if you want to make sure your page load , but not good for dns filtering as you wont filter anything unless all those providers blocks the same page

then for priority , probaly the one on top is the first in list ( primary dns ) and so on ( second , third .. ) , but the order does basicly not mather as it is the fastest that response will provide the webpage you ask

dns -> Domain Name Service -> Translation of ip adress to a url/web adress
blocked dns -> prevent resolving of a domain as it would not exist -> no response from dns server ( not found error )

the first dns that response the fastest will get used , as you use multiple dns servers will there always be one that response as the dns block will fail to response so the filter that does not have that block will always be faster to response

ps: this methode get mainly used by users who like to access torrent sites that get blocked by the isp ( like belguim ) so they can still access it even when blocked

Greets From PowerChaos
you can only use 1 dns setting to make it work

example
if you use 208.67.222.222 then you use opendns server and all traffic will use that way
if you use 8.8.8.8 then you use google dns , ( public with no filtering) and all traffic will use that way

if you use both , then the first ip to send a reply will be used ( mostly google as it is faster in my opinion )

in your case , the dns filtering will only work if you use the router ip as dns server ( 192.168.1.1 )
so the router need to resolve the ip adress and then it will use the assigned dns service you assigned ( opendns for example )

if you like to try it out , in windows put the following dns , 8.8.8.8 - 8.8.4.4 ( google dns) and go to this page
http://welcome.opendns.com

in your router , put a setting of opendns , you will see it will still says that it fails
then the second test , put the router ip (192.168.1.1 basic ) as dns in windows , and then you see that it will work

here is some info how to change your dns manual
https://support.opendns.com/hc/en-us/articles/228007207-Windows-10-Configuration

if you are talking about a program to use dns , then the router will get bypassed and no settings on the router will work ( the program just change your network settings like a vpn program , nothing more xD )
 
Last edited:
THIS IS ENTIRELY WRONG. DNS Filter does not work this way.

@PowerChaos You appear to be confusing DNS lookups with DNS Filtering, they are different things. Also, your understanding of how DNS lookups work is not 100% correct. The exact behaviour varies depending on how the client and server have been configured. For Windows that means it will query its primary DNS server first and wait for a reply. If it does not get a reply it will query it again and wait. If it still fails to get a reply it will query all it's DNS servers at once. (This is for IPv4, IPv6 brings a different behaviour ;))
@ColinTaylor
My mistake. I got small exp with nameservers and webservers. Mostly I used local dns for addc with then google dns on it ( mainly vps servers and Cpanel )But if I use google as second dns then most of the time my local refuse to work ( when it should work as it is primary )
So by assigning only the addc dns it works perfectly
In other side. My knowledge goes for about 10 years back ( windows xp ) so a lot of things could have Beein changed by then xd
And yes I mean dns lookup. If it isn't the same for filtering then sorry for wrong info


Greets from PowerChaos
Verzonden vanaf mijn iPhone met Tapatalk
 
@ColinTaylor
My mistake. I got small exp with nameservers and webservers. Mostly I used local dns for addc with then google dns on it ( mainly vps servers and Cpanel )But if I use google as second dns then most of the time my local refuse to work ( when it should work as it is primary )
So by assigning only the addc dns it works perfectly
In other side. My knowledge goes for about 10 years back ( windows xp ) so a lot of things could have Beein changed by then xd
And yes I mean dns lookup. If it isn't the same for filtering then sorry for wrong info


Greets from PowerChaos
Verzonden vanaf mijn iPhone met Tapatalk
Sounds like a job for dnscrypt but I don't want to hijack things.
 
Aiprotect is differend
So you can use aiprotect and norton



Greets from PowerChaos
Verzonden vanaf mijn iPhone met Tapatalk
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top