Posted: Tue Apr 26, 2016 8:28 Post subject: Re: Forced DNS Redirection
Brewder wrote:
Can someone explain to me what this setting does? It's found on the Setup | Basic Setup tab in the DHCP section.
I'm confused what enabling/disabling does.
//Brew
I don't know either. I have just looked on my 1900ACS and the box, which I had not really noticed before, is unchecked. Despite this, I do successfully use specified Static DNS in order. I think that I shall leave it as it is until you and I are enlightened!
Regards, lim _________________ WRT1900ACS v1
WRT3200ACM
Regulatory Domain: UK
Joined: 11 Feb 2016 Posts: 198 Location: South London
Posted: Tue Apr 26, 2016 9:00 Post subject:
Think if forces other device connected to the router to use what DNS is setup within the Router ie Google or OpenDNS even when they are setup to use a different one
Think if forces other device connected to the router to use what DNS is setup within the Router ie Google or OpenDNS even when they are setup to use a different one
Correct. I used opendns and have some level of filtering at the DNS level. (porn filtering, for example) The forced DNS setting means my family (or people using my network) will not be able to easily circumvent the DNS based filtering.
OK.. so if I enable it, that means the static DNS entries I have typed in are not even given out, and the DNS setting on the router (same config page just higher up), are used instead?
Seems very strange... if I want to FORCE a DNS setup, why wouldn't I just code them in the Static box?
Posted: Fri Apr 29, 2016 16:53 Post subject: Re: Forced DNS Redirection
Brewder wrote:
Seems very strange... if I want to FORCE a DNS setup, why wouldn't I just code them in the Static box?
Having just seen your thoughts and read the other comments I decided to be bold and try checking and unchecking this box.
As previously stated I have three Static DNSs specified which I know do work as required. Altering the setting had no discernible effect at all; so perhaps in the FW builds that we are using it is a redundant setting - I know that some such do exist.
Regards, lim _________________ WRT1900ACS v1
WRT3200ACM
Regulatory Domain: UK
I believe it simply means this... We all know if a client connects with DHCP like 99% normally would, the router will deliver all the necessary IP/DNS/Gateway info they need to get out to the net.
Craftier users can get around this by configuring a static IP (still in the same range), and would be able to set your own DNS settings... which could theoretically get you past OpenDNS filtering restrictions, possibly even webfiltering appliances, onto proxies, VPN, etc.
By checking this box, I believe that all DNS traffic is overridden, no matter what you entered into your client settings on your PC/Device, and that your router will redirect all traffic to the DNS servers you have configured under Basic -> Basic Setup.
That's my hunch. I've enabled it too, and will do some testing later on this evening to see if my hunch might be right. _________________ Device: Linksys WRT1900AC V1
Firmware: Kong Build 31100 1/8/2017
Kong Links: http://www.desipro.de/ddwrt/K3-AC-MVEBU/
BS Links: ftp://ftp.dd-wrt.com/betas/
Joined: 14 Dec 2015 Posts: 774 Location: 127.0.0.1
Posted: Fri Apr 29, 2016 22:32 Post subject:
vnvjeep wrote:
I believe it simply means this... We all know if a client connects with DHCP like 99% normally would, the router will deliver all the necessary IP/DNS/Gateway info they need to get out to the net.
Craftier users can get around this by configuring a static IP (still in the same range), and would be able to set your own DNS settings... which could theoretically get you past OpenDNS filtering restrictions, possibly even webfiltering appliances, onto proxies, VPN, etc.
By checking this box, I believe that all DNS traffic is overridden, no matter what you entered into your client settings on your PC/Device, and that your router will redirect all traffic to the DNS servers you have configured under Basic -> Basic Setup.
That's my hunch. I've enabled it too, and will do some testing later on this evening to see if my hunch might be right.
Yep, you are right. See this article about 3/4 of the way down.
I use an internal DNS server because I run a Windows active directory domain. So via DHCP on the router I hand out the internal DNS server first, then my ISP servers. The internal server is configured with forwarders to my ISP DNS servers.
When I click Use Forced DNS, then test name resolution, I receive timeouts and huge delays in name resolution. This makes surfing the web painful.
When I unclick it, name resolution is instant.
I test by changing the setting on the router then flushing my local dns cache (ipconfig /flushdns), releasing (ipconfig /release) the current address, then renewing (ipconfig /renew), then testing again (nslookup www.google.com)...
I guess for now I just keep it unchecked, and stop worrying about it!
Well, to me it doesn't seem like it really works. I know what it's intended to do, and it would be pretty cool if it did work. My router has DNS pointing to OpenDNS... I changed my PC to use Google's DNS servers. I checked the box, and rebooted the router. I've done flushdns, release, renew, etc...
I'm still able to resolve names with nslookup and it shows that Google's DNS servers are the ones making the response. I would have thought that this would have bombed out, or at least showed that OpenDNS was responding.
I'm still able to resolve names with nslookup and it shows that Google's DNS servers are the ones making the response.
It shows a Google's DNS response, yes. But that is not true, (because i have blocked all access to Google's DNS at my WAN Box ) it seems working perfectly.
I'm still able to resolve names with nslookup and it shows that Google's DNS servers are the ones making the response.
It shows a Google's DNS response, yes. But that is not true, (because i have blocked all access to Google's DNS at my WAN Box ) it seems working perfectly.
Posted: Mon Jan 30, 2017 2:40 Post subject: Forced DNS Redirection
Just to confirm for anyone who is wondering if this really does "capture" DNS requests - it does indeed appear to function as implied, at least in 30880.
On my router I have this option enabled. On a Windows host I manually entered DNS to Google DNS servers.
Yes, nslookup still tells me I am connecting to a google server, however the response is really coming from the OpenDNS server I have setup in the router.
If I disable the Force DNS option, then the client really does connect to the Google DNS server and get its DNS answers from there.
Joined: 11 Feb 2016 Posts: 198 Location: South London
Posted: Mon Jan 29, 2018 20:28 Post subject:
Every time i've tried using my internet grinds to a halt _________________ | Netgear Nighthawk X4S R7800 | Linksys WRT1900ACS V1 | Huawei Echolife HG612 3B |