local name resolution issue with DNS filter enabled

[qacafe-matt]

Hi -

First post, but I'm avid SNB reader. Thank you Merlin for the wonderful firmware!

I've been testing the latest released build (RT-AC56U_378.55_0.trx) on an RT-AC56U. I believe I have found an issue with local name resolution. I have the DNSFilter feature enabled and working with 'OpenDNS Family'. This appears to work perfectly and does in fact redirect all DNS queries, even those sent directly to other DNS servers, to OpenDNS. This is makes it very difficult for local users to bypass the filtering which is a great feature.

The issue I've discovered however is that when DNSFilter is enabled it seems that local name resolution stops working. In fact, all local name queries are sent to the WAN DNS servers (OpenDNS in this case). Disabling DNSFilter results in local name resolution working as expected again. Is there a configuration option that I need to set for both DNSFilter and local name resolution to work at the same time?

-Matt

 

[ColinTaylor]

This is by design, see the README section on DNS Filter (https://raw.githubusercontent.com/RMerl/asuswrt-merlin/master/README-merlin.txt)

Note that DNSFilter will interfere with resolution of local
hostnames. This is a side effect of having devices forced to use
a specific external nameserver. If this is an issue for you, then set
the default filter to "None", and only filter out specific devices.

As an alternative you could set the filter to "Router" and then set the router's WAN DNS to OpenDNS. That way you would get local name resolution and still force the use of OpenDNS.

 

[qacafe-matt]

Thank you for the excellent information Colin. If I understand this correctly, by setting the default rule in DNSFilter to 'Router' all DNS traffic will be sent to the RT-AC56U's LAN IP. These queries will then be sent upstream by the RT-AC56U to the static DNS servers (OpenDNS) configured on the WAN page. Local name resolution will still work since all DNS queries are being handled directly by the RT-AC56U.

I just gave this a try and it works perfectly. Thank you! I apologize for not reading the README more thoroughly.

-Matt

 

[ColinTaylor]

If I understand this correctly, by setting the default rule in DNSFilter to 'Router' all DNS traffic will be sent to the RT-AC56U's LAN IP. These queries will then be sent upstream by the RT-AC56U to the static DNS servers (OpenDNS) configured on the WAN page. Local name resolution will still work since all DNS queries are being handled directly by the RT-AC56U.

Correct. Enjoy.

 

[ILMostro]

Thanks for pointing this out, Matt. I completely forgot about reading this before I installed the firmware!

 

[ApK]

This is by design, see the README section on DNS Filter (https://raw.githubusercontent.com/RMerl/asuswrt-merlin/master/README-merlin.txt)

As an alternative you could set the filter to "Router" and then set the router's WAN DNS to OpenDNS. That way you would get local name resolution and still force the use of OpenDNS.

Great tip! This works perfectly for my needs.
I wonder why Merlin's readme doesn't mention this option when it talks about local dns ane filtering? Could this configuration have some issue we're not realizing?