YazFi: Guest Networks and DNS Director?

[chigden]

I have an Asus RT-AC3100 with 386.5.2. I'm using guest networks to isolate some devices and the DNSFilter feature to use OpenDNS to block some websites.

DNSFilter works as expected on the main network, but does not work when I move a device over to the any of the 3 guest networks.

Also, I can manually set the DNS with YazFi and the Force DNS option, but I'd like to configure the router so the DNS Filter page is the main dashboard for this and is easily toggleable.

What else should I have configured to make this work?

 

[bennor]

I have an Asus RT-AC3100 with 385.5.2.

What firmware are you using? There isn't a 385.5.2 firmware for the RT-AC3100:

Asuswrt-Merlin - Browse /RT-AC3100/Release at SourceForge.net

Alternative firmware for Asus wireless routers

sourceforge.net

There is a 386.5.2 firmware but it is out of date, being over a year old (2022-03-25). You may want to consider updating to the latest firmware 386.10 or 386.11. No issues with Guest WiFi and DNS Director (formerly DNS Filter) on a RT-AC68U running 386.10 or 386.11 (using YazFi).

 

[chigden]

There is a 386.5.2 firmware but it is out of date, being over a year old (2022-03-25). You may want to consider updating to the latest firmware 386.10 or 386.11. No issues with Guest WiFi and DNS Director (formerly DNS Filter) on a RT-AC68U running 386.10 or 386.11 (using YazFi).

I'm using 386.5.2. Post has been edited to fix that.

Regardless, you're correct I'm using an old build. It wasn't clear from reading the changelogs that this could be a bug fixed in an upgrade.

 

[chigden]

I have upgraded to the latest asuswrt merlin 386.11 and YazFi v4.4.3 and I still cannot control DNS of guest networks through DNS director.

I need DNS director to control the DNS regardless of which network the device is using. Right now, no matter what I configure for the device in DNS director, the device ignores it and uses the DNS addresses from the YazFi configuration page.

 

[bennor]

I still cannot control DNS of guest networks through DNS director.

Post a screen shot of your DNS Director settings so others can see how it's configured.

How are you determining DNS Director isn't working?

 

[Martinski]

...
DNSFilter works as expected on the main network, but does not work when I move a device over to the any of the 3 guest networks.

Also, I can manually set the DNS with YazFi and the Force DNS option, but I'd like to configure the router so the DNS Filter page is the main dashboard for this and is easily toggleable.

...
I need DNS director to control the DNS regardless of which network the device is using. Right now, no matter what I configure for the device in DNS director, the device ignores it and uses the DNS addresses from the YazFi configuration page.

I'm not quite sure that I'm fully understanding the problem you described so, as @bennor suggested, providing some screenshots of the various "pieces" that you're trying to work with would be very helpful, and also explain the method you're using to check/verify the results.

For example, if you're using DNS Director to set the "Global Filter Mode" to the "Router" option:

And then in YazFi you set the DNS Servers to your router's LAN IP address with "Force DNS" set to Yes. Does that not work for you as expected?

 

[chigden]

Here is my set-up:

1. I have DNS Director set to use OpenDNS Home Server.
2. I have guest network set to my LAN IP 192.168.1.1 for its DNS entry in YazFI.

Here is my test: I use an `ipconfig /all` to verify the DNS server is set to 192.168.1.1 and I browse to https://welcome.opendns.com/ to check if the Open DNS is being used.

I do this while the device is connected to the primary network and then while the device is connected to the guest network. In both cases, ipconfig reports a DNS server of 192.168.1.1. However, when I'm on the primary network the Open DNS page reports a correct configuration, but when I'm on the guest network, Open DNS reports a failed configuration.

The only way I can have a guest network properly use the OpenDNS server is to manually set the entry in the YazFi configuration to OpenDNS's server (i.e. 208.67.220.220)

The Force DNS flag seems to force the first of the two DNS fields and doesn't really do anything in my case.

 

[Martinski]

Here is my set-up:

1. I have DNS Director set to use OpenDNS Home Server.
2. I have guest network set to my LAN IP 192.168.1.1 for its DNS entry in YazFI.
...

On the "WAN - Internet Connection" webpage, are your DNS IP addresses set to the "OpenDNS Home" servers as well?

If not, are you saying that you want only some specific client devices to use OpenDNS (i.e. "Client List" from DNS Director) while the rest of your clients use a different set of WAN DNS servers?

 

[chigden]

If not, are you saying that you want only some specific client devices to use OpenDNS (i.e. "Client List" from DNS Director) while the rest of your clients use a different set of WAN DNS servers?

That's correct, I'm using DNS Director to specify DNS servers for only some of the devices. Any device not listed in DNS Director uses the Global 'router' setting, which in the WAN settings is Cloudflare's 1.1.1.1 (testable here: https://one.one.one.one/help/)

So it looks like guest networks ignore DNS director. Regardless of any setting on the DNS Director page (Global or device), when I use 192.168.1.1 as the guest network's DNS, YazFi only uses the router's WAN DNS server setting.

 

[bennor]

As a troubleshooting step, have you rebooted the router and lan/wifi clients?

Double check that the wifi client you are attempting to redirect isn't playing games with it's MAC address. Some devices (like iPhones apparently) will use different MAC addresses on different wifi connections.

As a troubleshooting step, put the DNS address for OpenDNSHome into the User Defined DNS 1 field and change the client redirection from OpenDNSHome to User Defined DNS 1, then hit the apply button and retest to see if it works as expected.

 

[chigden]

As a troubleshooting step, have you rebooted the router and lan/wifi clients?

Yes.

Double check that the wifi client you are attempting to redirect isn't playing games with it's MAC address. Some devices (like iPhones apparently) will use different MAC addresses on different wifi connections.

Wouldn't I see a mysterious device the YazFi client connection page? I see the same MAC address when it's connected the guest networks.

As a troubleshooting step, put the DNS address for OpenDNSHome into the User Defined DNS 1 field and change the client redirection from OpenDNSHome to User Defined DNS 1, then hit the apply button and retest to see if it works as expected.

Better yet, I used Quad 9:
1. In DNS Director, I specified Quad9's 9.9.9.9 in user defined DNS 3 slot.
2. In DNS Director, I set the device to use user defined DNS 3.
3. I reboot the router.
4. On the device, I connect to the primary network, and navigate the http://on.quad9.net. It tells me that I am using 9.9.9.9.
5. On the device, I connect to the guest network, and navigate the http://on.quad9.net. It tells me that I am not using 9.9.9.9.
6. On the device, still on the guest network, I navigate to http://1.1.1.1/help, and it tells me that I am using Cloud Fare, the Router's WAN DNS.

 

[bennor]

Wouldn't I see a mysterious device the YazFi client connection page? I see the same MAC address when it's connected the guest networks.

It is just something to watch out for or check.

What you are experiencing could simply be another example of how the Asus firmware doesn't see or recognize the YazFi IP addresses outside the main LAN and Guest WiFI IP address scope. Similar to how the YazFi clients are not listed in the Network Map.

 

[chigden]

What you are experiencing could simply be another example of how the Asus firmware doesn't see or recognize the YazFi IP addresses outside the main LAN and Guest WiFI IP address scope. Similar to how the YazFi clients are not listed in the Network Map.

Thanks for your help bennor. Am I the only person experiencing this problem?

 

[bennor]

Am I the only person experiencing this problem?

Possible. If you haven't done a site search for your issue give it a try and see if any other posts are made on your specific issue.

In my case I use DNS Director to force wayward client DNS requests to use my Pi-Holes/Unbound. It works to catch both main LAN/Wifi and YazFi clients and route their requests to the Pi-Hole if they try to bypass the Pi-Hole's. For example if I manually change the YazFi client's network settings to use DNS servers other than the the YazFi provided (Pi-Hole) DNS IP address values, DNS Director catches those requests and routes them to my Pi-Holes that are specified in DNS Director. My Pi-Hole's log shows the request coming from the router not the YazFi client.