What's new

DNS-based filtering: is it really working?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

vrapp

Senior Member
I tried a number of malicious URL's found at https://www.malwaredomainlist.com/mdl.php

With AI Protection/Malicious sites blocking, practically every URL was indeed blocked.

With AI Protection/DNS filtering/enable dns-based filtering = on, not one was blocked. I tried all providers - Yandex, Comodo, Opendns, and Norton. Also tried "router" with Opendns's dns specified at WAN page. So I'm wondering, are they all so inefficient compared to TrendMicro, or something does not work, or I did something wrong?
 
Here it is, with opendns configured.
screenshot.png
 
You might try setting the global mode to Router and then on the WAN page setting the 2 DNS servers to the OpenDNS Home IP addresses ( 208.67.222.222 and 208.67.220.220 ?) and leave everything else as it is and see if that produces the desired effect.
 
Last edited:
I doubt that OpenDNS would be as efficient as Trend Micro's Reputation database.
 
Also one big difference is AiProtection's reputation system works on the whole URL, not just the target server. See this post from Asus's engineer regarding WRS. A DNS can only filter on the hostname, it can't analyze the whole URL.
 
You might try setting the global mode to Router and then on the WAN page setting the 2 DNS servers to the OpenDNS Home IP addresses ( 208.67.222.222 and 208.67.220.220 ?) and leave everything else as it is and see if that produces the desired effect.

Yes, did that as well: "Also tried "router" with Opendns's dns specified at WAN page". Same result.
 
you might want to catch DNS requests if you want to use DNS filtering. Using RMerlin's firmware and IPTables look at hijacking DNS requests.
 
you might want to catch DNS requests if you want to use DNS filtering. Using RMerlin's firmware and IPTables look at hijacking DNS requests.

I think it's actually even simpler. Run nslookup of a domain hosting known malware using supposedly-protecting dns service. If it returns different IP than google's 8.8.8.8 , then it does protect. I tried that, and they all return the same IP. This makes me wonder what their claim of protecting anybody from anything is based on. If I'm not mistaken, they all have a similar commercial product.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top