Equivalent of DNS resolver, Host Overrides feature in pfsense

peter_cd.cn

New Around Here
Hi, I am following a post where this blogger is using Pfsense to setup rules for DNS to resolve to local IP when device(client) are within the subnet. (Connected to local wifi network).

Here is what he did in Pfsense:
Screen Shot 2021-06-11 at 20.08.44.png


He added this override, so whenever a device visits this website "lawrencesystems.com" it will resolve to this IP: 192.168.3.9.
Screen Shot 2021-06-11 at 20.09.08.png


What is the equivalent feature for this in Asus-Merlin (DNS Filter, or dnsmasq?). I am not ready to put Pfsense in my network yet unless I have too.

I only want this rule for some host/domain combination.

Other alternative solution came up when I do my research is NAT Reflection. Looks like NAT reflection is not supported in Merlin build now.

Can someone please chime in on what I could do? If I am wrong, or additional information is needed. I am happy to provide that.

Best,
Peter
 

RMerlin

Asuswrt-Merlin dev
Can't read these blurry screenshots, so I'd ask: what is the intended goal?

If it's to replace a hostname's IP by a different one, then you can do that by customizing the dnsmasq config.

If it's to enforce the use of a specific nameserver on your LAN, then DNSFilter would be your solution.
 

dave14305

Part of the Furniture
I would expect that these equivalent lines in /jffs/configs/dnsmasq.conf.add would do the same thing.
Code:
address=/lawrencesystems.com/192.168.3.9
cname=www.lawrencesystems.com,lawrencesystems.com
 

Jack Yaz

Part of the Furniture
I would expect that these equivalent lines in /jffs/configs/dnsmasq.conf.add would do the same thing.
Code:
address=/lawrencesystems.com/192.168.3.9
cname=www.lawrencesystems.com,lawrencesystems.com
that reminds me, that was my next new project after YazDHCP, YazHosts for GUI hostfile editing....
 

peter_cd.cn

New Around Here
Better Pfsense screenshot.
2018-03-21-15_28_56.png


Thanks for jumping on this. I am going to read up on dnsmasq. Have not used that feature before. I am going into study mode for a bit.
1. If it's to replace a hostname's IP by a different one, then you can do that by customizing the dnsmasq config.

2. If it's to enforce the use of a specific nameserver on your LAN, then DNSFilter would be your solution.
What are the differences? Can you please give a common example?
For 1, When dnsmasq setup correctly to redirect a host+domain, hitting -> "*.lawrencesystems.com" will direct (resolve) to any IP I set locally. In top example would be 192.168.3.9. This can by pass request going to public DNS and look for real IP.

For 2, when DNS filter setup correctly to filter a host+domain, hitting -> "*lawrencesystems.com" will still go to public DNS and lookup IP. If the IP comes back match DNSfilter IP setting, it will allow access. If not match, the request is blocked.

Is this the right summary? :)
 

ColinTaylor

Part of the Furniture
1. Yes.

Everything you need to know about dnsmasq can usually be found here: https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

2. No, see the explanation on the DNS Filtering GUI page. DNSFilter intercepts client DNS requests and redirects them to a DNS server of your choosing. So for example, if your client uses 8.8.8.8 for DNS and has no option to change that you can use DNSFilter to redirect it to 1.1.1.1 instead.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top