What's new

Need help with parental controls on RT-AX58U V2: Trying to use OpenDNS but open to other ideas

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
Hi everyone! I'm needing some help with figuring out how to set up parental controls the way I want them:

I bought the Asus RT-AX58U intending to use Merlin with something like YazFi to direct the guest network to a different DNS server than the one our primary network uses. I didn't realize when purchasing that V2 isn't supported by Merlin, which is 100% my bad. I can't return the router now, so I'm trying to set things up as best as I can.

I need my young kids to have access to only whitelisted sites for schoolwork, which I can do with OpenDNS. I would like to be able to use DNS settings at the router level instead of the device level. However, I don't want all of the devices in our household to be restricted. I really don't want to have to run two routers if at all possible. Unfortunately, the parental controls that Asus provides are not sufficient for our needs at this time. Any ideas on how I can use different DNS settings for different networks or other ideas for things I can do to achieve this functionality?
You could add your kid's devices to static IP list and assign them a custom DNS server IP, in LAN -> DHCP Server.
Note that if they search around they will figure out how to bypass it.
You could make it a bit harder by preventing them from accessing known DNS ports (53 TCP/UDP, 853 TCP, 443 TCP) towards any IP that does not match OpenDNS IP in Firewall -> Network Services Filter, note that this will break PC/mobile apps that use hardcoded DNS services.

Alternatively you can run a custom script that will add filtering rules to the firewall to forward their DNS requests to the DNS server of your choice, this will be much harder to bypass though it will require more work to create. I am running something similar to force all clients in my LAN to use my local Pi-hole instance.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!