Re. Global DNS Filtering

[Zonkd]

My current understanding is as follows: enabling DNS Filtering sets firewall to redirect clients bypassing dnsmasq forcing all DNS queries (including for local hostnames) to be resolved by the specified remote DNS server.

Question: how might you apply Global DNS filtering - force clients to use the router's manually set WAN DNS - but restrict local hostnames to be resolved via router. Any possible workarounds or extra hardware required? Completely impossible? Been reading forums for an answer to this and no luck yet.

 

[ColinTaylor]

That is the default behaviour without DNS Filtering turned on. Except, clients can override the routers settings and set their own DNS values if they choose to.

If you want to force all your clients to use the routers DNS irrespective of what they set themselves then choose Router as the Global Filter.

DNS requests for local names will be answered by the router, non-local names will be forwarded to your WAN DNS.

 

[System Error Message]

One thing you can do is create a destination NAT for UDP on port 53 from LAN that isnt headed towards the router and redirect it to the router. This sort of thing would require scripts or modifying some files and cannot be done in the web interface unless you could port forward LAN traffic to LAN instead of from WAN.

Doing the same for port 123 would work for NTP if say you wanted to redirect all time sync's to a particular server because microsoft's NTP servers fail to sync half the time.

The redirect doesnt have to be the directed to the router but it can even be a server on LAN or WAN that you want to have to perform the service.

 

[ColinTaylor]

One thing you can do is create a destination NAT for UDP on port 53 from LAN that isnt headed towards the router and redirect it to the router.

Isn't that exactly what the DNS Filtering > Global Filter Mode = Router does???