- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just received and setup the latest Verzion wireless router, walking through all the options, turning off uPNP, etc.
However, I see no way to assert alternatIve DNS service, e.g. OpenDNS with this router and the manual only privides Prrimary/Secondary DNS settings for default disabled IPv6.
Does anyone know how specific IPv4 DNS Primary/Secondary IPs for the router (and therefore Clients) can be asserted- specifically for OpenDNS?
Solved! Go to Correct Answer
Correct answers
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have OpenDNS configured on the Quantum Gateway. It's easy.
- Log in to the router.
- Click "My Network."
- On the left side click "Network Connections."
- Click on "Broadband Connection"
- Click the "Settings" button at the bottom of the screen.
- Enter the OpenDNS server's in the primary and secondary DNS server boxes.
- Click Apply.
Enjoy faster DNS lookups and/or web site filtering.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have OpenDNS configured on the Quantum Gateway. It's easy.
- Log in to the router.
- Click "My Network."
- On the left side click "Network Connections."
- Click on "Broadband Connection"
- Click the "Settings" button at the bottom of the screen.
- Enter the OpenDNS server's in the primary and secondary DNS server boxes.
- Click Apply.
Enjoy faster DNS lookups and/or web site filtering.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This works, but how can I force all traffic through the Gateway to use the Open DNS servers? I went to my iPad, asked it to use Goggle's DNS, instead of the routeur-provided DNS, and it worked, meaning that my iPad "escaped" Open DNS.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To do this, set the Firewall on the router to Custom. Then, you'll need to create rules which follow this methodology.
"Allow Port 53 TCP/UDP Outbound to OpenDNS IPs 208.67.220.220 and 208.67.222.222, Source Port Any, Source IP any"
"Deny Port 53 TCP/UDP Outbound to all IP addresses, Source Port Any, Source IP Any"
Although I don't have a FIOS G1100 or MI424WR handy to do a walk-through on this, the rule of thumb is to create your deny rule to precede the rule to only allow OpenDNS. Then, to test as you've done, the changes. Make sure that making queries against the router (192.168.1.1 or whatever you have it's IP set to) continue to work, and also be sure that you can query OpenDNS directly as well (eg: nslookup www.google.com 208.67.220.220). While queries sent to Google DNS for example (eg: nslookup www.google.com 8.8.8.8) time out.
Here's an example of some rules I have set up on Ubiquiti UniFi networks I manage. to restrict DNS traffic to OpenDNS only. I also have rules for IPv6 because these networks are on an IPv6 capable ISP and are IPv6 functional as well.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much.
I didn't do all you said but it look like it is working, meaning that when I manualy set 8.8.8.8 as the DNS on my iPad, instead of "Automatic", my iPad doesn't access internet at all, whereas when I let the DNS as "Automatic", it accesses internet but gets blocked by Open DNS where it should.
On the routeur settings, I went to Firewall, Access Control, Add rule, and I created a rule that applies to any device or networked Computer, and which forces any TCP or UDP request, from any port, to go to port 53. It doesn't look like my router allows more "sophisticated" rules where I could specify OpenDNS address here.
Screenshots:
:
I also manualy forced my server to use Open DNS as DNS provider as per the post above. With that, when I do the nslookup queries as you suggest, I time out for 8.8.8.8 and also for 208.67.220.220, but not for my router's IP address. I seem to be able to access the internet fine.