What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DNS Director :: Add more custom options

Yes, and every byte of storage DOES matter in this case. An RT-AC68U running with basic configuration typically has less than 2 KB of NVRAM space left, and users are frequently running out of NVRAM space already.

Adding a fourth custom server would add:

Code:
dnsfilter_custom4=8.8.8.8
dnsfilter_custom64=

That's 50 bytes for something that maybe 3 persons in the entire userbase could use. Make that 100 bytes for the two settings you wanted added. That's significant in a scenario where we are talking about routers actively running out of nvram space already. 100 bytes would be enough for these users running out of NVRAM to add an extra 2-3 DHCP static leases, for example.

This is not worth it.
This isn't an ask to change upstream. This is an ask on how to do it local since there's already 20 other options in the custom DNS filter dropdown I don't use, and just need to get 1-2 extras in there that I would use. Not to mention, I can just mount configs in place like other addons that can be installed. The userbase reference also makes me wonder, how many people actually use the numerous dns filter dropdown options? Having that many seems like a waste of NVRAM too then if you ask me :D
 
Last edited:
This isn't an ask to change upstream. This is an ask on how to do it local since there's already 20 other options in the custom DNS filter dropdown I don't use, and just need to get 1-2 extras in there that I would use.
You can't. The changes would need to be done at the code level, the dropdown is just a UI to access presets that are built into the firmware code itself, it's not a web-only issue.

Your best option is to manually configure the firewall rules yourself. Look at the content of the filter and mangle iptables, the rules are in chains that start with DNSFILTER in their names. That's where you'd add your own entries through a firewall-start script.
 
That's a personal opinion. My blocklist consists of 11.1 million garbage domains and the VPS does way more than my router/a pihole for $3/mo


Sure, if you have ~100k blocked domains


No, it doesn't. I don't need to change my router, or setup, just to get ~4 iptables rules added in. I just felt like asking the community for the "preferred way" to get a new custom DNS server in the list, I can get it done just fine without the "preferred way".

Most of the info I received in reply to my question is just based on personal opinions on why I should change my setup, to fit someone else's view, instead of simply addressing the question at hand "How to add another Custom DNS in the list". It's fine if you don't understand my setup, I've already been where you're at and upgraded :)
About ~400k actually.

11.1 million is compeltely overkill and unneccessary, and you're probably using blocklists that contain other blocklists and so on, leading to many, many (unnesccessary) entry duplications.
 
You can't. The changes would need to be done at the code level, the dropdown is just a UI to access presets that are built into the firmware code itself, it's not a web-only issue.

Your best option is to manually configure the firewall rules yourself. Look at the content of the filter and mangle iptables, the rules are in chains that start with DNSFILTER in their names. That's where you'd add your own entries through a firewall-start script.

Thanks, that's all I needed to know - it looked pretty baked in but I couldn't tell what you even use /www/ajax/dns_db.json and /www/ajax/DNS_List.json for then when they seem to have the list that's displayed in the UI. The UI opts should be dynamically built based on those JSON's..
 
About ~400k actually.

11.1 million is compeltely overkill and unneccessary, and you're probably using blocklists that contain other blocklists and so on, leading to many, many (unnesccessary) entry duplications.
Nope, your assumptions are incorrect. Of course the list is deduped, and covers more than just porn/telemetry. If you haven't noticed already, I have advanced knowledge on the topic, and fwiw I work in tech as a DCTO.
 
Nope, your assumptions are incorrect. Of course the list is deduped, and covers more than just porn/telemetry. If you haven't noticed already, I have advanced knowledge on the topic, and fwiw I work in tech as a DCTO.

Ah. The old “I work as therefore know more than thou”. Got it.

And I hadn’t noticed. Based on your previous comments above.
 
So it's OK for you to tell other people what they should be doing, based on a personal opinion, but when they refute with reason, you drop an oldschool quote that's supposed to hold value? Comical.


Great! This isn't a board meeting.

Pot-kettle comes to mind.

Anyway, moving swiftly on
 
If you’re serious about building your own, this is a starting point of all the places you need to start looking to expand the firmware code. It’s not for the faint of heart, especially when you need to compile it all into a working firmware image.





 
Thanks, that's all I needed to know - it looked pretty baked in but I couldn't tell what you even use /www/ajax/dns_db.json and /www/ajax/DNS_List.json for then when they seem to have the list that's displayed in the UI. The UI opts should be dynamically built based on those JSON's..
These lists are specific to WAN DNS servers, and they are just presets used to fill the input fields on the webui. DNS Director cannot make use of dynamic/editable tables because it needs to be hardcoded in the firmware code itself. That was a deliberate design decision to deal with the various nvram limitations. Going with a fully customizable list of DNS servers would have roughly doubled the size taken by each client (since each client would need to also specify the full IP address of the server), and Broadcom limits the size of a single nvram variable to 255 bytes max on any of its more recent platforms.
 
If you’re serious about building your own, this is a starting point of all the places you need to start looking to expand the firmware code. It’s not for the faint of heart, especially when you need to compile it all into a working firmware image.






Awesome, thanks! I was reading over dnsfilter.c/h the other day, then ran across the json files and figured I'd just ask in here instead

These lists are specific to WAN DNS servers, and they are just presets used to fill the input fields on the webui. DNS Director cannot make use of dynamic/editable tables because it needs to be hardcoded in the firmware code itself. That was a deliberate design decision to deal with the various nvram limitations. Going with a fully customizable list of DNS servers would have roughly doubled the size taken by each client (since each client would need to also specify the full IP address of the server), and Broadcom limits the size of a single nvram variable to 255 bytes max on any of its more recent platforms.
Gotcha, thanks!

I appreciate all the input. I'm just going to take the custom iptables managing approach with API calls to PiHole so I can automate it all down to adding/removing new client IPs/dummy interfaces on the PiHole server.
 
If you ever had to share DoT/DoH+LAN across 20+ devices you would understand
Family of 4 here, 40-50 devices connected at all times. Use a single AdGuard Home server for blocking and have it set as the DNS in DHCP + DNS Director as backup if anything tries to be sneaky. AdGuard uses DoT servers for upstream resolution. Works great.
 
What is the technical difference between DNS-over-TLS Server List and DNS director?
Which one would be better? I'm currently using DNS-over-TLS Server List
 
As DNS director includes the option to set an alternate IPv6 DNS server for any user defined DNS I had assumed that it would apply to IPv6. If it doesn't what is the function of those fields?
 
As DNS director includes the option to set an alternate IPv6 DNS server for any user defined DNS I had assumed that it would apply to IPv6. If it doesn't what is the function of those fields?
My mistake, I was looking at an older version of the firmware. I've deleted my original post.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top