What's new

DNS Settings for WAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TheLyppardMan

Very Senior Member
My ISP is British Telecommunications PLC (Usually just referred to as BT). As BT offer some security settings, such as content filtering, I am wondering what would be the effect of changing my current DNS settings from Quad9 to either automatic (which would presumably then use BT's DNS) or specifying BT's DNS settings manually (in a similar way that I have specified Quad9 in the screenshot, once I knew what numbers to specifiy). Would both the automatic and manual options work in the same way and would they prevent any users from circumventing what I had set if I kept the settings shown in the second screenshot unchanged? One final thing, would either or both the Trend parental controls continue to work, i.e., the time controls and the content filters, although I would probably switch off the latter if I went for the BT option?
 

Attachments

  • Screenshot - 05_01_2022 , 21_05_03.jpg
    Screenshot - 05_01_2022 , 21_05_03.jpg
    61.7 KB · Views: 178
  • Screenshot - 05_01_2022 , 21_06_21.jpg
    Screenshot - 05_01_2022 , 21_06_21.jpg
    45.6 KB · Views: 179
Can not speak for the BT upstream resolvers. To improve your DNS security enable DNSSEC and DoT. Quad9 or another filtering DNS resolver, such as Cloudflare Secure (1.1.1.2 - 1.0.0.2), would be a better option than BT. DNS Filter set to Router is good as any hard coded resolvers in IoT devices will use the router/Quad9 or whatever upstream resolver you choose.
 
As BT offer some security settings, such as content filtering,

Your local BT DNS is perhaps the fastest and the features it offers are paid with other DNS providers. Quad9/Cloudflare don't offer any level of control.

If the service you have is the same or similar to the service shown below, I would use it. On-router Parental Controls will continue working as before.

 
Your local BT DNS is perhaps the fastest and the features it offers are paid with other DNS providers. Quad9/Cloudflare don't offer any level of control.

If the service you have is the same or similar to the service shown below, I would use it. On-router Parental Controls will continue working as before.


BT are a money pit, they collect/sell DNS data and store user information for the "authorities."
 
BT are a money pit, they collect/sell DNS data and store user information for the "authorities."
How do you know this is the case? Have you evidence you can point me to in order to verify your statement?
 
How do you know this is the case? Have you evidence you can point me to in order to verify your statement?



Look for the "Snoopers Charter " or "Investigatory Powers Act " .

DNS records have been used by many ISP's to earn money which is why so many people use other DNS servers.
 
I've just had a look at the Wiki for the IPA and the following paragraph seems quite interesting:-

"In April 2018 the High Court of Justice ruled that the Investigatory Powers Act violates EU law.[6][69] The government had until 1 November 2018 to amend the legislation.[70] On 31 October 2018 The Data Retention and Acquisition Regulations 2018[71] came into force to address this ruling. These regulations increased the threshold for accessing communications data only for the purposes of serious crime (defined as offences which are capable of being sentenced to imprisonment for a term of 12 months or more) and requires that authorities consult an independent Investigatory Powers Commissioner before requesting data. The regulations also included a loophole where rapid approval can be made internally without independent approval but with a three-day expiry and with subsequent review by the independent body. Most debates about the regulations have been about the definition of "serious crime" with many arguing that the threshold should be at three years."

I'll see if I can find anything in BT's terms and conditions about using customers' details to earn money.
 
BT are a money pit, they collect/sell DNS data and store user information for the "authorities."

The ISP doesn't need to see your DNS queries to collect your browser history. They see the IP's you connect to. ISP's in all five/fourteen eyes countries store user information, no matter what. If you use VPN, they know which one and the exact server. If you use Tor, you may be monitored more closely. If you run Tor exit node, you may get a visit. Since most of us have nothing to hide, BT free filtering service with user categories looks pretty good to me.
 
Hi, I am new to Merlin and it has more features. Could you help me to identify the best parameters for the optimal functioning of DNS in the WAN part:
What I have:
WAN:?
LAN - DHCP Server -DNS Setting: Empty
OpenVPN Client: Exclusive (I use ExpressVPN DNS) When connected.
It would be helpful if you could see the attached image and explain me the best way to configure this part.

Thanks!
 

Attachments

  • Screen Shot 2022-08-15 at 6.05.25 PM.png
    Screen Shot 2022-08-15 at 6.05.25 PM.png
    199.4 KB · Views: 121
Assuming that your router is behind your ISP modem (double NAT): If you use your VPN permanently I would set the rebind to Yes and leave it further as is. Make sure DNS filter (under LAN is switched on and set to router (do not fill any DNS in that section). Your expressvpn will do the rest for you.
 
Assuming that your router is behind your ISP modem (double NAT): If you use your VPN permanently I would set the rebind to Yes and leave it further as is. Make sure DNS filter (under LAN is switched on and set to router (do not fill any DNS in that section). Your expressvpn will do the rest for you.
Yes, I’m behind ISP and I use my VPN permanently. Talking about the DNS filter, when you say “set to router” didn’t understand very well that part. I have set some devices with clean family DNS for my Kids in the DNS filter but I could set manually on their devices. I will delete it and leave it blank.
 
Yes, I’m behind ISP and I use my VPN permanently. Talking about the DNS filter, when you say “set to router” didn’t understand very well that part. I have set some devices with clean family DNS for my Kids in the DNS filter but I could set manually on their devices. I will delete it and leave it blank.
Set the global filter to router and leave the kids' DNS as is for the individual devices by adding them to the client list on the DNS filter page (and setting a custom user-defined DNS if needs be and selecting from the drop-down for each client). Setting DNS manually on their devices with the global setting set to router will override entries made on the device itself.

If you do set on the devices, you'll still need to add them to the client list and set "no filtering" per device so that the global setting is ignored for those clients.
 
Set the global filter to router and leave the kids' DNS as is for the individual devices by adding them to the client list on the DNS filter page (and setting a custom user-defined DNS if needs be and selecting from the drop-down for each client). Setting DNS manually on their devices with the global setting set to router will override entries made on the device itself.

If you do set on the devices, you'll still need to add them to the client list and set "no filtering" per device so that the global setting is ignored for those clients.
I left the family DNS installed on the devices manually and configured individually as you recommended on the global settings. Thanks!
 

Attachments

  • Screen Shot 2022-08-18 at 12.49.26 PM.png
    Screen Shot 2022-08-18 at 12.49.26 PM.png
    154.7 KB · Views: 95
I use isp (diff one) with adguard as well for the kids devices because of the nice filters it has, and 9.9.9.9 for the adults devices. You can also force each device to use either dns with DNS filter so the kids can't change it their end.

They could of course use a vpn to change it but I would notice if they did as they would disappear off adguard and being the nerd I am I have a look at adguard daily.
 
I use isp (diff one) with adguard as well for the kids devices because of the nice filters it has, and 9.9.9.9 for the adults devices. You can also force each device to use either dns with DNS filter so the kids can't change it their end.

They could of course use a vpn to change it but I would notice if they did as they would disappear off adguard and being the nerd I am I have a look at adguard daily.
Thanks! for the tip
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top