What's new

Possible to run CIRA in DOT mode with DNSFilter and dnsmasq?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

corporate_gadfly

New Around Here
Running 386.1_2 (will go to 386.2 soon) on RT-AC1900P.

Current setup:
  • DNSFilter enabled in LAN -> DNSFIlter
    1618444676607.png
    • Kids devices going to OpenDNS Family, e.g.:
      1618444779715.png
  • WAN DNS as follows:
    1618444816717.png
  • dnsmasq to resovle some domains:
    • Code:
      # cat /jffs/configs/dnsmasq.conf.add
      address=/ip2location.com/209.141.xxx.xxx
      address=/ip.me/209.141.xxx.xxx
      
      # Teksavvy DNS (ns.teksavvy.com, ns2.teksavvy.com)
      server=206.248.182.3
      server=206.248.182.4

Is it possible to have a future setup where:
  • I can keep using dnsmasq
  • Utilize DOT
    • default DNS goes to CIRA Protected
    • kids devices go to CIRA Family
Thanks for your responses and listening.
 
DoT will not change your DNSMASQ add on settings.
In WAN Connect to DNS Server Automatically No
DNS Server 1 149.112.121.20
DNS Server 2 149.112.122.20
Enable DNSSEC and Rebind Protecton
Enable DNS ovet TLS and select the CIRA servers, two of them at least.

Set the kids to use the CIRA family. They will not have DoT protection, though. One way to work around this is to set up a Pi-Hole with Stubby added to connect to CIRA Family.
Might be better to set the whole router to CIRA Family and use other DNS servers for the Adult clients. Keep in mind that DNS filtering is not fool proof and kids can easily defeat it.

Can get complicated but can be made to work
 
You can only do a global DOT configuration, you cannot have different clients use different DOT servers.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top