DNSFilter does not work unless "DNS Server 1" is entered on DHCP Server tab?

[DeepWoods]

@DeepWoods is it only certain scenarios that don't work? Or is it that DNS filtering is not working for anyone when you don't have an entry there?

If DNS Server 1 is left blank, NO filtering is done for any clients. If I fill it in, all DNSFiltering works great. (and in my wacky test, if I put my router's IP into DNS Server 1, it also doesn't work). Odd.

 

[RMerlin]

If DNS Server 1 is left blank, NO filtering is done for any clients. If I fill it in, all DNSFiltering works great. (and in my wacky test, if I put my router's IP into DNS Server 1, it also doesn't work). Odd.

What DNS is used by your clients when you leave that field empty?

 

[DeepWoods]

What DNS is used by your clients when you leave that field empty?

When I left the field empty, the clients had the Router's DNS.

The problem is NOW SOLVED! THANK YOU for everyone's help!
Sadly, I did not capture the bash output requested by dave14305 while it was in the failing state.
I did run those commands, after it was working, and all output makes a lot of sense.
I would have loved to capture it while it was BAD, since that may have provided insight.

SUPPOSED FIX: As I learned more about DNSFilter, I decided to move the clients which I didn't want filtered by OpenDNS from "No Filtering" to "Router", since I would then get some amount of DNS caching and whatnot. While reviewing the list, I found that MANY of my MAC addresses appeared 3 times on the Client List? Once I deleted all of the duplicates (and there were MANY), the feature started working properly... I do not know why.

I can't understand how I would have had so many TRIPLICATE entries on the DNSFilter Client List? I could have easily entered some MACs twice, since there is no checking for duplicates on the UI, but I can't imagine entering many MACs 3 times! I was confirming for myself that I hadn't done anything silly, like copying nvram variable contents between releases, and I just discovered that there are actually 6 lists used (dnsfilter_rulelistX, where X is blank or 1 to 5). I am certain that I never messed with any of this (though I often copy a few variables, like DHCP info, between releases). I did attempt to recreate my problem by entering in a whole bunch of duplicates in the Client List, but I was unable to recreate the problem. I can't say that the duplicates was the cause of my problem, and MANY of the clients which weren't working properly were not duplicates (including clients which weren't even on the Client List), but I can say that my problem went away after performing this housekeeping. Coincidence?

In short, if anyone experiences a problem with DNSFilter, make sure you don't have duplicates (or triplicates) in your Client List. I can't say for sure that will fix it, but you shouldn't have duplicates anyhow ;-)

 

[shabbs]

Have you ever re-imported a JFFS backup or restored a previous config after an upgrade? Wondering if that created duplicates?

Also, many iOS devices now randomize their MAC address so unless you change the way they connect, you will get a different MAC for the same device later on. I know I've had to go into all of our family's devices and force the use of a Phone MAC address.

 

[MarkyPancake]

I've set DNS in WAN settings to the ones I want to use, advertise router/gateway IP in addition to DNS is enabled (I think this is the default for this), DHCP DNS is blank, DNS Filter Global Mode is set to router, which to my understanding means devices use the gateway IP as their DNS server and in turn means the WAN DNS servers will be used.

 

[DeepWoods]

Have you ever re-imported a JFFS backup or restored a previous config after an upgrade? Wondering if that created duplicates?

Also, many iOS devices now randomize their MAC address so unless you change the way they connect, you will get a different MAC for the same device later on. I know I've had to go into all of our family's devices and force the use of a Phone MAC address.

I think this might remain a mystery.

When configuring from scratch, I have never imported anything from backup.
I commission everything by hand, with the exception of saving a few nvram variables (custom_clientlist, dhcp_staticlist). I know, for certain, I have never messed with the dnsfilter_rulelist values (I have only used the GUI for the Client List).
I can't imagine how I got all those triplicate entries on my DNSFilter Client List, but it had nothing to do with different MACs for the same devices, but simply multiple entries for the same MAC.

Anyhow, the DNS server 1 & 2 are both blank. All clients only see the same single DNS server (the router) and all of my filtering is working.

The mystery is not solved, but the problem has been fixed.

 

[shabbs]

Very strange... glad it's working as expected now for you.