I want to make it so only OpenDNS 208.67.222.123 and 208.67.220.123 DNS servers can be used; attempting to use anything else via manual configuration on the client to something such as 8.8.8.8 or 8.8.4.4 or any other should result without success.
Under Administration --> Commands --> Firewall I had
Under Services --> Services --> DNSMasq --> DNSMasq = Enable
Under Services --> Services --> DNSMasq --> Local DNS = Disable
Under Services --> Services --> DNSMasq --> No DNS Rebind = Enable
Under Setup --> Basic Setup --> WAN Setup --> Connection Type = Static IP
Under Setup --> Basic Setup --> WAN Setup --> WAN IP Address = 192.168.100.2
Under Setup --> Basic Setup --> WAN Setup --> Subnet Mask = 255.255.255.0
Under Setup --> Basic Setup --> WAN Setup --> Gateway = 192.168.100.1
Under Setup --> Basic Setup --> WAN Setup --> Static DNS 1 = 208.67.222.123
Under Setup --> Basic Setup --> WAN Setup --> Static DNS 2 = 208.67.220.123
Under Setup --> Basic Setup --> WAN Setup --> Static DNS 3 = 0.0.0.0
Under Setup --> Basic Setup --> WAN Setup --> STP = Disable
Under Setup --> Basic Setup --> Network Setup --> Local IP Address = 192.168.2.1
Under Setup --> Basic Setup --> Network Setup --> Subnet Mask = 255.255.255.0
Under Setup --> Basic Setup --> Network Setup --> Gateway = 192.168.2.1
Under Setup --> Basic Setup --> Network Setup --> Local DNS = 192.168.2.1
Under Setup --> Basic Setup --> Network Setup --> DHCP Type = DHCP Server
Under Setup --> Basic Setup --> Network Setup --> DHCP Server = Enable
Under Setup --> Basic Setup --> Network Setup --> Start IP Address = 192.168.2.100
Under Setup --> Basic Setup --> Network Setup --> Maximum DHCP Users = 50
Under Setup --> Basic Setup --> Network Setup --> Client Lease Time = 7200 minutes
Under Setup --> Basic Setup --> Network Setup --> WINS = 0.0.0.0
Under Setup --> Basic Setup --> Network Setup --> Use DNSMasq for DHCP = True
Under Setup --> Basic Setup --> Network Setup --> Use DNSMasq for DNS = True
Under Setup --> Basic Setup --> Network Setup --> DHCP-Authoritative = True
I would be very very happy if someone could help me with achieving my desire.
EDIT: Ok, I'm throwing a wrench in here too. I followed this guide at http://www.howtogeek.com/51477/how-to-remove-advertisements-with-pixelserv-on-dd-wrt/ to remove advertisements via pixelserv. For this to work, the DNS server clients use would be my router's IP address 192.168.2.1. So what do I need to do to have the router retrieve its DNS queries from 208.67.222.123 and 208.67.220.123, force clients to be unable to use any other DNS, and use pixelserv-based adblocking at the same time?
EDIT2: So right now for Additional DNSMasq Options I have the following:
(The last line appeared in the Commands for Firewall via automation due to the adblocking pixelserv, so I put my stuff before it to keep the 'prerouting' statements together)
EDIT3: That didn't work (couldn't browse the internet), so I modified it to be this:
Joined: 01 Jun 2010 Posts: 9 Location: Missouri, US
Posted: Tue Jul 30, 2013 1:50 Post subject:
So what exactly would I have to modify in the configs you provided me, and could you explain those items you say I would need to change to fit my scenario and why? (So that I may understand what I and the functions are doing.)
Well, the static DNS are there to inform your connected devices that they have to call the DNS server of the router, otherwise call an invalid DNS server. Then the beginning of the firewall script is specific to OTRW2, the last lines matter for you. For the DNSMasq options see the DNSMasq manual. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
I have found that if you go into access restrictions and block DNS that it won't allow anyone to use DNS on the computer except for what the router provides. Be sure to use DNSMasq for DNS under setup.
Or do you mean I should examine each option in your DNSMasq config?
Quote:
For the DNSMasq options see the DNSMasq manual.
Again, you may use another server than 192.168.2.1#40, namely 208.67.222.222 or 208.67.220.220 or more than one server.
The pixelserv lines are meaningful only if you run pixelserv (part of OTRW2).
dhcp-boot instructs DNSMasq to do TFTP boot, provided there is a TFTP server active at that IP (if it is router's IP, you have to run the TFTP server on your router).
dhcp-option is there to disable NetBIOS.
local=/thenameofyourlocaldomain/ instructs DNSMasq to use a local domain.
bogus-priv, no-resolv and domain-needed enhance security.
user=root is just in case that DNSMasq refuses to start. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
Joined: 06 Feb 2010 Posts: 7401 Location: Little Rock
Posted: Thu Oct 17, 2013 10:47 Post subject:
One important piece of info that is seemingly left out here, or i just simply didn't see it is that it looks like the unit you are setting up to configure in this manner is some kind of repeater or client bridge? _________________ Wireless N Config | Linking Routers | DD-WRT Wiki | DD-WRT Builds | Peacock - Broadcom FAQ