Merlin fw 386.7.2 Asus rt ax56u -possible problem

pattox

Regular Contributor
I've been using the DNS filter option (custom 1 -applied to TV and raspberry pi computer)-both which have been given fixed ip addresses, to allow access by these 2 devices to some specific geo blocked websites.
Today our internet service changed from a VDSL service to a direct fibre one. In essence, apart from the IP address provided by the ISP the only change involved (apart from reboots etc) unplugging the vdsl modem and plugging in the fibre modem.

Then I found some strange anomalies when trying to browse -some sites would not load at all, others took forever to resolve etc. Was using the google DNS 8.8.8.8 and 8.8.4.4.

It took a while to realise that these anomalies were arising because the custom dns filter (meant to apply to only 2 devices) was now applied to all devices on the network.


Initially I thought that disabling and then re enabling the filter would fix the problem but I don't think it did. In the end I changed everything to Custom 2 and that seems? to have worked
But I think it shouldn't have happened. So perhaps there is a firmware bug.
 
Last edited:

Adooni

Senior Member
unplugging the vdsl modem and plugging in the fibre modem.
are you sure for Fibre is a modem not modem-router? what you describe is common when you have double NAT. Are this Fibre "modem" have only one LAN port? if more please check exactly what it is and google how to put this device in bridge mode. Same times you cannot do it alone u need to call ISP to do it for you. I had situation that for example need to ask ISP to change IPv6 to IP4 as bridge mode was only available when modem-router is connected/ authorized via IPv4.
 

DJones

Senior Member
are you sure for Fibre is a modem not modem-router? what you describe is common when you have double NAT. Are this Fibre "modem" have only one LAN port? if more please check exactly what it is and google how to put this device in bridge mode. Same times you cannot do it alone u need to call ISP to do it for you. I had situation that for example need to ask ISP to change IPv6 to IP4 as bridge mode was only available when modem-router is connected/ authorized via IPv4.

A common fibre setup is a Modem-Router ONT is remotely programmed by ISP with LAN 1 in snap bridging mode in Wan of main router. Then the user connects via pppoe from his Main router.

In this setup usually the user won’t be behind double NAT as NAT and firewall will be disabled on the Modem-Router provided by the isp.

If however your Modem-Router does not use snap-bridging then the Modem-Router likely handles the pppoe directly within the Modem-Routers interface or uses a dhcp dynamic connection of some sort that is handled on the ISP’s end. This can cause double NAT situations.

For end devices; dns is usually handled by the router which either obtains the dns provider from your router which gets it from your ISP or you specify one such as 8.8.8.8. End Devices within themselves can also have a fallback dns address so DNS filter “router” forces those fallback address’s not to be used and the routers ip will be the only provider usually that can be used.

I’ve personally never used DNS filter to geo block content I prefer to just use Skynet and country block 90% of the world and whitelist those domains I really need. In most cases this isn’t a issue because CDN’s exist from most major platforms that will locally host content within my country. But if your looking to filter content then yes DNS filter might be what you want for those specific devices; it’s a option, but one that is handled up stream by a provider rather then on device. Just know not all https or encrypted traffic can be filtered either on router or by provider.

If ad blocking is a concern then I recommend using Diversion over DNS filtering.

AI protection enabling “Malicious Sites Blocking” also provides some filtering.

“Parental Controls - Web & Apps Filters” also offers some content filtering.

These alternatives to DNS filtering are on device solutions rather then using a up stream provider. Maybe play around with them instead as I’m not sure what your use case is they might play nicer with your over all network performance.
 
Last edited:

pattox

Regular Contributor
Firstly, am certain that it is a modem only, not a modem router. Secondly I use the dns filter to force the 2 devices I mentionioned to use a specific DNS value to allow them to access websites in a different country. ie to ungeoblock these sites for the devices. These sites, mainly media, would check your ip address and would not allow you to connect, or to interact with the site unless you were in the right country.
Normally, the router would force only those 2 devices to use that specific dns, while all the other network devices continue to use the normal google ones.

In this case it seems that with the change of modems, and very specifically with the change in my isp assigned ip address, this problem arose. In essence, on reflection, after the changeover the dns filter was applied to all the network devices, not just the 2 that I wanted. Disabling/renabling the dns filter and rebooting didn’t fix the problem. Reconfiguring the dns filter label from custom 1 to custom 2 and reassigning the two devices to custom 2 seems to have worked.
 

DJones

Senior Member
Firstly, am certain that it is a modem only, not a modem router. Secondly I use the dns filter to force the 2 devices I mentionioned to use a specific DNS value to allow them to access websites in a different country. ie to ungeoblock these sites for the devices. These sites, mainly media, would check your ip address and would not allow you to connect, or to interact with the site unless you were in the right country.
Normally, the router would force only those 2 devices to use that specific dns, while all the other network devices continue to use the normal google ones.

In this case it seems that with the change of modems, and very specifically with the change in my isp assigned ip address, this problem arose. In essence, on reflection, after the changeover the dns filter was applied to all the network devices, not just the 2 that I wanted. Disabling/renabling the dns filter and rebooting didn’t fix the problem. Reconfiguring the dns filter label from custom 1 to custom 2 and reassigning the two devices to custom 2 seems to have worked.

Apologies I read geo blocked websites and thought you were trying to geo block not access them. That makes much more sense, as to reconfiguring the filter and setting custom 2 made any difference I’m not too sure why. More then that shouldn’t have applied it to the whole network because you specify devices.

I assume you don’t use googledns as your main dns to the rest of your network.

Perhaps try running a extended dns leak test on a non filtered device and a filtered device. And try it with your old method verses new method. Curious if you see multiple servers conflicting. Normally you should only see your dns be that from your isp or the one you set. If their is both or extra something is leaking.

https://www.dnsleaktest.com/
 

pattox

Regular Contributor
Re: setting custom 2 made any difference I’m not too sure why. More then that shouldn’t have applied it to the whole network because you specify devices.

That's exactly the puzzle.
1) I don't think it should have happened and changing the setting of he custom 1 to 2 shouldn't have made a difference. But it did happen and did make a difference.
2) It seems that after the isp ip change the custom 1 dns filter setting then applied to all network devices and, further became "welded onto" custom 1 and couldn't be fixed by disabling/renabling custom 1.

There is no dns leak. As I said. the problem is now fixed but I don't think it should have happened in the first place...firmware bug?
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top