WAN DNS Settings Filter Mode: Family doesn’t work

Sunny786

Regular Contributor
WAN DNS Settings Filter Mode: Family doesn’t work. Tried all filter types none of them worked. I’m running Raspberry Pi-4 AdGuard that also didn’t work. I was running original Asus firmware on my GT-AX11000 router and Pi AdGuard was working flawlessly. Please help me to fix this issue on latest flashed Merlin firmware.
9DC0D151-9448-4856-880D-B5E4BCC202C4.jpeg
0D986C13-AB13-44C9-940E-AC9C4CA5346D.jpeg
 
Last edited:

Crimliar

Senior Member
A quick test here and it appears to work. It'll of course be overwritten if you've DNS set up in LAN>DHCP, or certain settings in LAN DNS filter!
 

Paliv

Senior Member
Don't put anything in the LAN DNS settings. Leave it as Advertising the router's IP, that is if you are wanting to use the Router as the DNS resolver for the network. Then if you want to force all devices to use that DNS go to LAN DNSFilter and set it to router.

What result do you get if you go to dnsleaktest.com?
 

Sunny786

Regular Contributor
Don't put anything in the LAN DNS settings. Leave it as Advertising the router's IP, that is if you are wanting to use the Router as the DNS resolver for the network. Then if you want to force all devices to use that DNS go to LAN DNSFilter and set it to router.

What result do you get if you go to dnsleaktest.com?
IPHostnameISPCountry
143.244.60.24unn-143-244-60-24.datapacket.com.Datacamp LimitedChicago, United States
185.246.209.161unn-185-246-209-161.datapacket.com.Datacamp LimitedChicago, United States
 

Paliv

Senior Member
IPHostnameISPCountry
143.244.60.24unn-143-244-60-24.datapacket.com.Datacamp LimitedChicago, United States
185.246.209.161unn-185-246-209-161.datapacket.com.Datacamp LimitedChicago, United States
I'm pretty sure Datacamp is one of the datacenters that Clean Browsing uses. Is the device you're using to check for filtering using DoH?
 

Sunny786

Regular Contributor
ok, i just want to go with my own pi AdGuard. what are settings i need to do on my router? i don't want to get confuse. please simplify this for me.
 

eibgrad

Part of the Furniture
ok, i just want to go with my own pi AdGuard. what are settings i need to do on my router? i don't want to get confuse. please simplify this for me.

If you specify the AdGuard IP *and* advertise the router's IP (which means DNSMasq) on the DHCP server, then your clients will be directly configured w/ those DNS servers, and have the option to use either one for name resolution, w/ no particular priority. In fact, they will likely use BOTH to increase performance. Obviously this is NOT what you want, since it will mean your clients will arbitrarily lose local name resolution, or bypass AdGuard.

What you want is to maintain local name resolution with (and any other benefits of) DNSMasq, but forward public IPs to AdGuard. You do that by leaving the DHCP server alone (i.e., w/ defaults), and reconfiguring the WAN w/ the AdGuard IP as its sole DNS server. That DNS server will be used to configure DNSMasq as its upstream resolver for public IPs.

That is essentially what the above link is doing.
 
Last edited:

bennor

Very Senior Member
ASUS's own directions should get you started:
How to configure Router to use Pi-Hole?

Note: running the latest firmware you should be able to put the pi's IP in the WAN dns settings. Make sure you don't change anything in the default LAN DNS settings.
worked, thanks.
Just a standard warning about putting the Pi-Hole into the WAN DNS fields. If one does so and they also have Use Conditional Forwarding enabled on the Pi-Hole; one can setup a situation where they'll experience a "loopback" of DNS requests that can flood/cripple local network traffic.
 

Paliv

Senior Member
Just a standard warning about putting the Pi-Hole into the WAN DNS fields. If one does so and they also have Use Conditional Forwarding enabled on the Pi-Hole; one can setup a situation where they'll experience a "loopback" of DNS requests that can flood/cripple local network traffic.
Good to know. I've never used a pi-hole and was in fact wondering about this.
 

Sunny786

Regular Contributor
Just a standard warning about putting the Pi-Hole into the WAN DNS fields. If one does so and they also have Use Conditional Forwarding enabled on the Pi-Hole; one can setup a situation where they'll experience a "loopback" of DNS requests that can flood/cripple local network traffic.
please explain with proper correct setting example and another example step by step which is not correct.
 

Sunny786

Regular Contributor
Hrere are my current settings screenshots, please see them and check if i'm doing it correct way?
 

Attachments

  • Screenshot (15).png
    Screenshot (15).png
    171.9 KB · Views: 88
  • Screenshot (16).png
    Screenshot (16).png
    189.1 KB · Views: 90
  • Screenshot (17).png
    Screenshot (17).png
    134.7 KB · Views: 86

eibgrad

Part of the Furniture
Hrere are my current settings screenshots, please see them and check if i'm doing it correct way?

You're doing exactly what I said you shouldn't, at least wrt the DHCP server.

 

Sunny786

Regular Contributor
You're doing exactly what I said you shouldn't, at least wrt the DHCP server.

these settings are to run AdGuard which is running on my RPi 192.168.1.177 and don't understand what are you trying to tell that what to correct in order to run smooth network? i can see all the querries are going through my RPi AdGuard.
 

eibgrad

Part of the Furniture
these settings are to run AdGuard which is running on my RPi 192.168.1.177 and don't understand what are you trying to tell that what to correct in order to run smooth network? i can see all the querries are going through my RPi AdGuard.

As I stated in that prior post, by configuring the DHCP server as you did, BOTH the AdGuard DNS server and the router's DNS server (DNSMasq) are pushed to the client as possible DNS servers. From the perspective of the client, either one is just as qualified as the other to resolve domain names, whether local or public. It's entirely up to the client to choose which one they prefer. They may even use BOTH to increase throughput! If they chose the AdGuard IP, they lose local name resolution. If they chose the router's IP, they retain local name resolution, and are eventually routed through to the AdGuard server as necessary.

IOW, it may be working NOW, but over the long haul, w/ different types of clients, you may find it's NOT working. It's just like when you have two DHCP servers on the same network. You may get away w/ it initially provided the *good* DHCP server responds first, but sooner or later the other *bad* DHCP server will respond first, and then you're misconfigured.

You can eliminate this problem by simply NOT messing w/ the DHCP server. Just leave it to its defaults. Then all clients will ONLY receive the router's IP as their DNS server, thus retaining local name resolution, and DNSMasq will forward as necessary to the AdGuard server.
 

bbunge

Part of the Furniture
You can do the same thing without the Pi-Hole. Diversion can use the same block lists as Pi-Hole and with Merlin firmware on your router you can set the DNS Filter to direct everything through the router. Except if you have DoH enabled on your web browsers which will by-pass the router and the Pi-Hole.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top