Thanks for the help, for the moment it works well!
One thing leaves me perplexed, the fact of being without protection and with the DDNS not enabled.
If it should be the solution, in these conditions what risk would I run?
I thank
Router abnormal behavior cpu
- Thread starter alpha45
- Start date
Thanks for the help, for the moment it works well!
One thing leaves me perplexed, the fact of being without protection and with the DDNS not enabled.
If it should be the solution, in these conditions what risk would I run?
I thank
dave14305
Part of the Furniture
You can use the DDNS without worry. You don’t need to withdraw consent for Asus on that tab.
without AiProtection, the collective wisdom of this forum is to run the Skynet script to block incoming and outgoing traffic to known “bad” addresses.
For the moment it works well, the RAM consumption is halved and the dow and up speed has doubled.
Is it because of the changes?
Many thanks.
P.s. link to Skynet please ...
L&LD
Part of the Furniture
@alpha45 you may want to follow the link below too. 
amtm Step-by-Step https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/#post-483421
You will find more links which you might find useful in my signature too.
amtm Step-by-Step https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/#post-483421
You will find more links which you might find useful in my signature too.
Thanks.Ok,@alpha45 you may want to follow the link below too.
amtm Step-by-Step https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/#post-483421
You will find more links which you might find useful in my signature too.
I'll try to follow the whole procedure hoping to do it ...
Val D.
Very Senior Member
If you don't feel comfortable with scripts, you can use filtering DNS server like Cleanbrowsing DNS - https://cleanbrowsing.org/
It is one of the most effective ones against malicious sites and malware, as well as adult content filtering. It's free to use as Security Filter, Adult Filter and Family Filter with default settings.
Thank you very much for the advice.
I will try to use Cleanbrowsing DNS!
Hope for the best.
Hello
P.S. It is sufficient to put the DNS as in the attachment without changing other options eg. DNS Privacy Protocol etc.?
I noticed that it loses slightly in speed is correct.?
Is it possible to view sites that have been blocked by Cleanbrowsing DNS?
Thanks
Attachments
Last edited:
Val D.
Very Senior Member
Cleanbrowsing was just as an example, other DNS services are available as Quad 9, OpenDNS, etc.
- you can use DNS-over-TLS DNS privacy with Cleanbrowsing, there are even presets in Asuswrt-Merlin firmware
- filtering DNS servers are usually a bit slower, they have to do a bit more work, but hardly noticeable during normal Internet use
- you can view blocked sites if you use temporary a non-blocking DNS server set on the device, for example
Kindly, look at the screenshot if the setup for the you gave me is correct?
In particular the dns1 and 2 are those of my isp, are they ok?
Thanks
Attachments
Val D.
Very Senior Member
Since we are talking about Cleanbrowsing, I would do it this way:
DNS Server 1 : 185.228.168.9
DNS Server 2 : 185.228.169.9
(those two are used only when DNS-over-TLS is not working)
DNS-over-TLS Profile: Opportunistic
(this will allow DNS resolutions for unauthenticated servers)
In this case, you will be using Cleanbrowsing DNS servers with Security Filter no matter if DNS-over-TLS is working or not.
I want to go back a bit, because there is a better way to filter clients. Asuswrt-Merlin has a DNSFilter option in LAN section.
Go to LAN -> DNSFilter and assign different DNS servers for different clients on your network by MAC address. For example:
- your PC -> Cloudflare DNS, no filtering, faster servers (or Cleanbrowsing DNS with Security Filter only)
- your kids laptop -> Cleanbrowsing DNS, Adult Filter (includes Security Filter), slower DNS servers but secure Internet
- your smart TV -> Cleanbrowsing DNS, Family Filter (includes Security Filter + Mixed Content + VPN/Proxy Filters)
Get the idea?
You can define on a router level what device will have filtering and what type of filtering.
If you want ad-blocking DNS on a specific device, use AdGuard DNS, it works similarly to Diversion script.
https://adguard.com/en/adguard-dns/overview.html
It also blocks malicious websites and adult content.
So, playing with different DNS services you can achieve similar results to running popular scripts on the router. There are differences of how scripts and DNS servers protect your Internet connection, but the end result is very similar and easy to setup for people who don't really want to mess with Custom Scripts options in Asuswrt-Merlin.
Finally, my network is fairly simple and straightforward, I don't need special things like you see from the client list, I just need a general security protection that doesn't slow down the speed too much.
Thanks for your patience.
Annex 3
P.S. in this forum you know how to keep a MAC Address fixed in a Blackview Smartphone A10, because at each start it changes Address?
Attachments
Val D.
Very Senior Member
Not yet...
- If you don't need per-device DNSFilter, better disable it. With your current setup DNS-over-TLS in not working.
(the yellow message under DNS-over-TLS in WAN section, it says where the problem is)
- You don't need to specify Custom DNS 1/2/3 in DNSFilter section, if no clients in the table below are using those.
sfx2000
Part of the Furniture
I would suggest opening a new thread in the Wireless/General sub-forum
So can it go?
if it is OK, is the PC's LAN protected?(all this and because (my) mental cleansing, linguistic incomprehension and incompetence!)
Sorry!
Attachments
dave14305
Part of the Furniture
If you want to ensure performance and enforce CleanBrowsing for the entire network, you can consider:So can it go?
(all this and because (my) mental cleansing, linguistic incomprehension and incompetence!)
Sorry!
- Disable DNS-over-TLS. I had bad performance using it with DoT a while ago. If you are not concerned DNS snooping by ISP or other governing entity, disable it.
- Set WAN DNS 1 and 2 to the Cleanbrowsing Security IP addresses.
- Set DNSFilter Global mode to Router.
- Ensure LAN DHCP DNS Server 1 is blank.
Let's see if it's okay!
in # 1 (DNS Privacy Protocol) there is a warning!
in # 1 Set WAN DNS 1 and 2 to the Cleanbrowsing Security IP addresses.
in #3 Set DNSFilter Global mode to Router.
in #4 Ensure LAN DHCP DNS Server 1 is blank.
Attachments
Val D.
Very Senior Member
It's all good now! You have Cleanbrowsing DNS with Security Filter for all your devices.
If you need Adult Filter on some devices, then add those to DNSFilter section with corresponding DNS.
Val D.
Very Senior Member
Prego, our Italian friend!
There is a small town called Laveno near Lago Maggiore. I used to live there for about a year, beautiful place.
Similar threads
Similar threads
Similar threads
-
Why can't I associate my router with my iOS account in the app?
- Started by lenovomen
- Replies: 7
-
-
Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware
- Started by psimaker
- Replies: 9
-
-
Latest (Oct 2024) "best" recommended router for Merlin?
- Started by sthornington
- Replies: 19
-
-
Asus RT-AX58U v2 Merlin: Route all traffic to Pi-hole (running directly on router itself)
- Started by hamensman
- Replies: 12
-
-
-