Menu
What's new
By:
Filters Better Search

Solved DNS Filtering not working on Merlin LTS fork

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

cminus

Occasional Visitor
For some reason, it does not appear that DNS filtering is working on my RT-AC66U Running 374.43_45EAj9527 (Merlin LTS Fork from @john9527 ). I've made sure that DNS over HTTPS is disabled in the browser and I've also just run a simple nslookup and I am getting returned the true IP of sites that should be blocked as a result of the filter. In my case, I am testing "Cloudflare Adult" and I am still able to browse to sites with adult content. If I manually put in the DNS server 1.1.1.3, it blocks as expected. However, when I just use the DNS filtering, the adult sites are allowed. Is there a good way to troubleshoot this? Thank you!
 
cminus said:
For some reason, it does not appear that DNS filtering is working on my RT-AC66U Running 374.43_45EAj9527 (Merlin LTS Fork
Click to expand...

Can you give me an example test site so I can try and recreate?
 
Are you using any VPN clients?

Maybe post screen shots of your DNSFilter settings, LAN DHCP settings and WAN DNS settings.
 
cminus said:
For some reason, it does not appear that DNS filtering is working on my RT-AC66U Running 374.43_45EAj9527 (Merlin LTS Fork from @john9527 ). I've made sure that DNS over HTTPS is disabled in the browser and I've also just run a simple nslookup and I am getting returned the true IP of sites that should be blocked as a result of the filter. In my case, I am testing "Cloudflare Adult" and I am still able to browse to sites with adult content. If I manually put in the DNS server 1.1.1.3, it blocks as expected. However, when I just use the DNS filtering, the adult sites are allowed. Is there a good way to troubleshoot this? Thank you!
Click to expand...
Are you experiencing issues on Apple devices or Android. Is it only happening with certain devices that are assigned specific filters to their mac address or is this global filtering? The reason why I ask is because users have been reporting issues with newer android and Apple devices that have received an update that turns on a mac-address randomization feature. The only way around this is to disable it within the wifi settings on the device. With mac address randomization enabled, the device that has a specific filtering rule listed does not go through the filter because the router does not recongnize the mac address assignment since the devices is "hiding" it through mac address randomization. The router only sees the new random mac address. This does not happen if the filter is the "global" setting and not just a client specific filter since all traffic is sent through the filter. I suppose your device may be set to a specific filter rule and is able to randomize the mac address of the device thus by passing the routers filter rule for the device.
 
Thanks everyone. Here is what I am trying. If I setup my test pc mac address (which is static) in the DNS filter and set it to use "Cloudflare Adult", and then I attempt to do an nslookup for www[.]pornhub[.]com, the dns lookup is successful and I actually am also able to get to the adult site. I would expect the DNS filter to intercept this request and return the actual reply from the 1.1.1.3 cloudflare dns server but this does not appear to be the case. If I manually set my DNS server to 1.1.1.3 and lookup www[.]pornhub[.]com then I get a response of 0.0.0.0. I would expect the same behavior with the filter setting but no luck. any ideas? thanks!
 
cminus said:
Thanks everyone. Here is what I am trying. If I setup my test pc mac address (which is static) in the DNS filter and set it to use "Cloudflare Adult", and then I attempt to do an nslookup for www[.]pornhub[.]com, the dns lookup is successful and I actually am also able to get to the adult site. I would expect the DNS filter to intercept this request and return the actual reply from the 1.1.1.3 cloudflare dns server but this does not appear to be the case. If I manually set my DNS server to 1.1.1.3 and lookup www[.]pornhub[.]com then I get a response of 0.0.0.0. I would expect the same behavior with the filter setting but no luck. any ideas? thanks!
Click to expand...
So you only have one connection to the internet Via this computer correct? you are not mixing wired and wireless correct? And this computer is not tunneling through a vpn correct?
 
cminus said:
Thanks @dave14305 I bet it is the missing commas based on that source snippet. Looks like an easy fix if that's true. Thanks!
Click to expand...
Could be meaningless, but it looks "not like the others" and it starts at Cloudflare Family. Let's see. :)
 
So do you think that would break all of the dns filters? Based on my testing, I don't think any of them are working
 
cminus said:
I get an unknown option -S but if I do run the following it does not look like there is a chain called DNSFILTER. Could be the problem?
iptables -L DNSFILTER
iptables: No chain/target/match by that name
Click to expand...
You need to specify -t nat
 
You must log in or register to reply here.

Similar threads

B
DNS Director - not working for me?
Replies
4
Views
1K
bumpengrinder
B
Divader
DNS not working directly from router but works fine everywhere else on network - nslookup server 0.0.0.0
Replies
18
Views
946
Ripshod
Ripshod
bsnelson
External IoT access is erratic with Merlin, not with stock
Replies
1
Views
1K
bennor
B
C
WhatsApp/Facebook iOS apps not working on WiFi
Replies
17
Views
1K
cauz4concern
C
G
Cloudflare Malware/Adult Content DNS Not Working
Replies
15
Views
4K
intr0
intr0
Similar threads
Thread starter Title Forum Replies Date
R DNS filtering when using cloudflare DNS? Asuswrt-Merlin 6
S Solved New ISP - WAN Setup - Will not work with custom WAN DNS - dnsmasq.conf Asuswrt-Merlin 1
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
Preskitt.man DNS Issue?? AX5800 Pro Issue?? Asuswrt-Merlin 2
H DNS-rebind attack detected: farm.plista.com. etc...?? Asuswrt-Merlin 3
plapic DNS Director Asuswrt-Merlin 7
P DNS Director - Proprietary? Asuswrt-Merlin 6
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
Panic Button Wireguard client optional DNS Server setting Asuswrt-Merlin 2
M RT-AX86U and DNS Privacy over USB WAN Asuswrt-Merlin 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 831 (members: 35, guests: 796)
Top