What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ver. 380.58 Policy rules, The DNS for Local ISP Leaks VPN IP. This is a serious problem. Caution

Cake said:
Yogi, give dnscrypt a try. After setting up optware/entware you can force all clients to use it with a couple lines in a script.
This way you won't need to worry about that setting because port 53 gets intercepted by the router, dns request gets encrypted, then sent out to a dns server of your choice(s) on a different port that your isp doesnt sniff/block/attach a tracker/etc.

I wish this was include in RMerlins code because I think most of Asus buyers bought these routers either for the AC, or for the VPN. I am in the latter camp (just look at all topics and posts on openvpn. The optware/entware way is fine however doing power failures sometimes my sdcard corrupts. I would prefer a solution that does not involve using sdcard. I also think dnscrypt is going to be around a while.
Click to expand...
I got it working. When I am on ISP it shows OpenDNS :) I don't need that dnsfiltering anymore
and the VPN works right as well.
Only problem is this. I need to write a rule when I am in policy rules that whatever traffic is going out from the VPN to WAN ISP it needs to use openDNS as well.

the rule would need to say example;
when you see IP 192.168.1.50 which is on VPN and you see specific traffic from IP 173.252.64.0/18 facebook use DNS of OpenDNS

can it be done?
if so what is the rule that I need to add in dnsdcrypt?
thanks in advance.
 
yorgi said:
the rule would need to say example;
when you see IP 192.168.1.50 which is on VPN and you see specific traffic from IP 173.252.64.0/18 facebook use DNS of OpenDNS
Click to expand...

I think you are still misunderstanding what a DNS server does and how it's used. You cannot select a DNS based on traffic - you got it backward. The DNS query is done BEFORE there is any traffic at all to a given site. It's what tells you the IP of that site. By the time you have any traffic with that site, you are done doing any DNS lookups about it.
 
RMerlin said:
I think you are still misunderstanding what a DNS server does and how it's used. You cannot select a DNS based on traffic - you got it backward. The DNS query is done BEFORE there is any traffic at all to a given site. It's what tells you the IP of that site. By the time you have any traffic with that site, you are done doing any DNS lookups about it.
Click to expand...
Thats what I understood from your earlier post.
Cake says with DNSCrypt you can set rules that can redirect the DNS
Is there anyting I can do with DNSCrypt or am I wasting my time?
From what I understand DNSCrypt encrypts the DNS and tunnels it via OpenDNS and one can set rules as to what traffic gets directed for DNS
that is why I was trying to fill in the holes as you said it with OpenDNS
Am I wasting my time with DNSCrypt?
 
yorgi said:
Thats what I understood from your earlier post.
Cake says with DNSCrypt you can set rules that can redirect the DNS
Is there anyting I can do with DNSCrypt or am I wasting my time?
From what I understand DNSCrypt encrypts the DNS and tunnels it via OpenDNS and one can set rules as to what traffic gets directed for DNS
that is why I was trying to fill in the holes as you said it with OpenDNS
Am I wasting my time with DNSCrypt?
Click to expand...

All it does is encrypt your DNS communications to prevent eavesdropping. Otherwise, its client handling will be identical to what you'd do with DNSFilter, where you can select it based on the client's IP.
 
RMerlin said:
All it does is encrypt your DNS communications to prevent eavesdropping. Otherwise, its client handling will be identical to what you'd do with DNSFilter, where you can select it based on the client's IP.
Click to expand...
That's what I thought. I took it out and went back to my old way.
I appreciate all the help.
I guess I can't rewrite the way routers work!
to bad because it would have been a great way to work.
 
RMerlin said:
All it does is encrypt your DNS communications to prevent eavesdropping. Otherwise, its client handling will be identical to what you'd do with DNSFilter, where you can select it based on the client's IP.
Click to expand...
are there any plans to add DNSfilter as an option in future firmware releases?
its right up the alley for VPN users
 
yorgi said:
are there any plans to add DNSfilter as an option in future firmware releases?
its right up the alley for VPN users
Click to expand...

I suppose you mean DNSCrypt, not DNSFilter.

There are no plans for now to add DNSCrypt support.
 
You must log in or register to reply here.

Similar threads

D
Proper VPN Policy Rules
Replies
2
Views
459
Dougj
D
MegaMango
XrayUI – A Simple Way to Manage Xray-Core on the ASUS Router
Replies
4
Views
397
Tech9
Tech9
RMerlin
  • Locked
Beta Asuswrt-Merlin 3006.102.2 Beta is now available for Wifi 7 devices
2 3 4
Replies
70
Views
13K
RMerlin
RMerlin
RMerlin
Release Asuswrt-Merlin 3006.102.2 is now available for Wifi 7 devices
4 5 6
Replies
101
Views
18K
RMerlin
RMerlin
J
pros and cons for the two common DNS setups for a local adblocker - adguard home
2
Replies
25
Views
5K
Tech9
Tech9

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 554 (members: 20, guests: 534)
Back
Top