What's new

DNS Director

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ok above is the list of all the DOH servers.
How to import the list into my router? Or I need to type in 1 by 1 by?
Generally, I assume the most common way to use the OneOffdallas DoHServers list is to import it into AdGuard Home or Pi-Hole if one is using either of those two programs. Or if one is using a similar DNS request filter/block program on a client machine or firewall (for example PFSense and the pfBLocker-NG package) that has the capability to import/use such blocking lists.
 
Generally, I assume the most common way to use the OneOffdallas DoHServers list is to import it into AdGuard Home or Pi-Hole if one is using either of those two programs. Or if one is using a similar DNS request filter/block program on a client machine or firewall (for example PFSense and the pfBLocker-NG package) that has the capability to import/use such blocking lists.
Thanks, I googled and found this information about importing in bulk:
I have pfSense running at home with DNS forwarding enabled.
This will forward all DNS requests to my Adguard Home Docker container running on my UnRaid server.
Now, I will test, how can my pfSense firewall LAN rule block DOH queries initiated from the LAN network.
 
Hi,

I am not a network guru here; I am just trying to use the functions of my Asus router to the fullest,
in any possible way.

I have downloaded the AsusWRT manual from the Asus website.
and found that there is no reference or documentation about DNS Director.


Reference: https://github.com/RMerl/asuswrt-merlin.ng/wiki/DNS-Director
The link above has some brief documentation but does not show the real nitty gritty details
of its configuration.

So naturally, I just want to ask the community: has anyone tried this DNS Director feature before?

I have tried & tinkered over the weekends, and I have determined the following findings to be true.
If anyone finds my statement to be false, Please feel free to correct me by showing
screenshot of the findings. For me, I have prepared enough screenshots to back up
my investigation.

1) DNS Director: What is the purpose?

DNS Director overrides the router's WAN DNS settings when activated and properly configured.
[DNS Director, when enable, will just take over "the whole ship he is the captain"]

2) DNS Director: What is the purpose?

You can have a group of LAN devices send DNS queries to DNS A.
And you can have another group of LAN devices send DNS queries to DNS B.
DNS A = less restrictive for a grown-up adult to access the internet
DNS B is very restrictive for underage kids to access the internet.

3) Let's say DNS B (very restrictive) is configured to be used in the router's WAN setting.
A smart underage user went to the Windows TCP/IP properties and changed its
DNS setting to DNS A (less restrictive).

Under this condition, DNS Director has no way to intercept and force all the DNS queries back to DNS B.
Hence, the user has successfully circumvented the restriction by simply changing the DNS server.

4) Presumably, all underage users do not have access to a VPN.
How to prevent underage users from surfing the internet to adult sites is actually not by activating DNS Director.
Here are the following steps:

(A) Diable DNS Director.
(B) Use CleanBrowser Family DNS servers (or any free DNS servers of your choice) at the WAN setting.
(C) Go to Firewall >> Network Services Filter >> Create a deny list >> Add 2 lines to block traffic TCP and UDP port = 53
Done.

The above 3 steps will stop any user trying to access restrictive website. Once the DNS setting is tampered with,
Accessing the internet will be blocked.

Thank you.
Sorry to pull up an old thread, but did you find an answer that worked for you in the end?

I have the NextDNS CLI installed on my ASUS Merlin router, and would love to find a means to block people from changing a windows setting, or android private DNS setting etc just to get around the NextDNS profile configured on the router (Them promiscuous kids eh?!?) that blocks things like you know what, and more.

Does anybody have a suggestion to achieve such a thing?
 
Sorry to pull up an old thread, but did you find an answer that worked for you in the end?

I have the NextDNS CLI installed on my ASUS Merlin router, and would love to find a means to block people from changing a windows setting, or android private DNS setting etc just to get around the NextDNS profile configured on the router (Them promiscuous kids eh?!?) that blocks things like you know what, and more.

Does anybody have a suggestion to achieve such a thing?

If someone configures DOH on their PC or browser you can't stop them other than installing a blacklist of known DNS servers, but that blacklist will never be 100%. Even with a blacklist, all they have to do is connect to a VPN to bypass your DNS, so then you'd have to blacklist known VPNs which is an even harder task as they change their IPs daily specifically to defeat blacklists.

Your best hope is to either control and punish the users of the PCs should you catch them bypassing it, or lock the PCs down so they can't change those settings.

DNS director helps, but it is not a 100% solution.

You can utilize parental controls in conjunction with DNS Director bug again, a VPN can bypass that.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top