Help with DNS filtering please

[danswan]

Hi

I'm using an Asus RT-N66U with Merlin firmware 380.58 and I've been trying to set up DNS filtering so that my kids' machines are filtered but the rest aren't. I've come at it from two different angles -

Firstly I set the router DNS to use Google's DNS, and then applied OpenDNS Family to the machines I want to filter. With my setup like this, ALL machines use Google's DNS no matter what filter mode I apply to individual machines. So with the setup as below, no machines are actually using OpenDNS

I then tried coming at it from the other angle, setting OpenDNS as the router's default DNS servers, and applying Google's DNS to the machine I don't want DNS filtering on, as below:

With this setup, ALL clients are getting filtered by OpenDNS. It seems I can get all or nothing, but I can't get individual machines to use different DNS servers. Help!

 

[martinr]

I expect there's a glaring error staring out from your screenshots, but I can't see it. However, it might be worth trying Merlin's advice:

"Take the Global setting as a default, if you prefer. Clients entered below will be exceptions to that default value.

If you only need to filter out 2-3 specific devices, then I recommend leaving the Global list to "None", and specifically configuring those clients below."

in

http://www.snbforums.com/threads/qu...tering-in-3-0-0-4_374-39_0.15284/#post-103594

Please report back if that fixes it (and if it doesn't!).

 

[john9527]

Try not making entries for those PCs that match the Global setting.....i.e. if global is set to router, there is no need to make an entry for PCs to use router.

 

[danswan]

Great advice, and kind of obvious now you pointed it out. I have the router's DNS set to OpenDNS IPs now, and just a couple pointing to Google's, I've rmoved the unnecessary entries. I think that's done it, on a quick test on my tablet it seems to be working, the kids are asleep so can't test on their machines until tomorrow.

Many thanks!

 

[john9527]

Great advice, and kind of obvious now you pointed it out. I have the router's DNS set to OpenDNS IPs now, and just a couple pointing to Google's, I've rmoved the unnecessary entries. I think that's done it, on a quick test on my tablet it seems to be working, the kids are asleep so can't test on their machines until tomorrow.

Many thanks!

Theoretically, it still should have worked. But sometimes things can get a little bit confused in iptables as you add redundant entries. Glad to hear it may have helped.