Forcing a specific DNS Server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Forcing a specific DNS Server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Forcing a specific DNS Server
Forcing a specific DNS Server
2023-07-11 12:03:20 - last edited 2023-07-12 21:33:16
Model: Archer VR600v  
Hardware Version: V2
Firmware Version: 0.7.0 0.9.1 v0075.0 Build 200616 Rel. 36749n

Hi I need some help with my Routerconfiguration at home. I run Pihole on an AWS Server, which Acts as DNS. I changed the Router settings so that it is the standard DNS. Had to change Primary and Secondary Server In Lan settings and disable ipv6 there. Works fine. Now I tried several things to force the router to use only Pihole as dns. With portfiltering I had created a setup which worked almost. So all DNS Servers I set up on the devices provided no internet with exception of the Pihole ip (which was good) and the router ip (which was super bad). With the setup after that I had problems with blocking dns servers at all. Is there a possibility to do that in the TP link setting and if not is there the possibility to run other software with that router  ( something which Akts as a more advanced firewall) or general other solutions?

  0      
  0      
#1
Options
1 Accepted Solution
Re:Forcing a specific DNS Server-Solution
2023-07-12 13:23:58 - last edited 2023-07-12 21:33:16

  @heilrichst

 

There's no mechanism to block certain DNSs on VR600v. If a client device is configured with a static IP address and manually set DNSs it will bypass your PiHole.

A pfSense firewall is a possible solution since it has the features which you may use for the purpose.

One of the possible scenario is to use the VR600v in bridge mode and pfSense box behind it as a main router.

If you have a VoIP service configured on your VR600v you may need to use the VR600v as you do now, but that's not a culprit since you can configure a DMZ to the pfSense box behind.

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
Recommended Solution
  0  
  0  
#6
Options
10 Reply
Re:Forcing a specific DNS Server
2023-07-11 16:54:17

  @heilrichst

 

You can force custome DNS for your router internet connection here:

 

 

Click on Advanced and scroll down:

 

 

Keepn in mind that if your PiHole is with a private IP address - the WebGUI would probably give you an error message if you try to set its IP address there.

Normally a private PiHole IP address should be set in LAN => DHCP settings (as you did for Primary & Secondary DNS) to be used by the router client devices.

 

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  1  
  1  
#2
Options
Re:Forcing a specific DNS Server
2023-07-11 23:05:10

  @terziyski 

hi thanks for your answer. Sry I forgot to say this setting you discribet is part of my current setup too. I have set the public ip address of the Pihole In the Lan and internet settings. And with that I can access the internet with all devices with any given DNS Server when I manualy set it up.

  0  
  0  
#3
Options
Re:Forcing a specific DNS Server
2023-07-11 23:30:10

  @heilrichst 

 

These two DNS related settings (for Internet connection and LAN=>DHCP server) are the only onse which you could set in VR600v.

That's a home grade modem router and it doesn't have configurable firewall policies as the business grade devices like ER605.

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  1  
  1  
#4
Options
Re:Forcing a specific DNS Server
2023-07-12 09:13:35

  @terziyski 

ok thank you this underlines my assumption that this is not possible in the tp link Menü. (But there reamains some last hope) if I was able to block all dns exept the Pihole and the router dns. Is there no way to block the router ip as dns too?

and If not I heard that so could run a firewall like pfsence(only a example) on a pc; permanently connected with the router with a LAN cable to do that. Is this a possible scenario where the is acces point and remains it's features as dsl, voice ip, tp link settingsmenu?

  0  
  0  
#5
Options
Re:Forcing a specific DNS Server-Solution
2023-07-12 13:23:58 - last edited 2023-07-12 21:33:16

  @heilrichst

 

There's no mechanism to block certain DNSs on VR600v. If a client device is configured with a static IP address and manually set DNSs it will bypass your PiHole.

A pfSense firewall is a possible solution since it has the features which you may use for the purpose.

One of the possible scenario is to use the VR600v in bridge mode and pfSense box behind it as a main router.

If you have a VoIP service configured on your VR600v you may need to use the VR600v as you do now, but that's not a culprit since you can configure a DMZ to the pfSense box behind.

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
Recommended Solution
  0  
  0  
#6
Options
Re:Forcing a specific DNS Server
2023-07-12 18:46:58

  @terziyski 

ok thank you, so mabey I'm going to run this setup in the near future. Nice if this possible together with the tp link router in bridging mode. Are you Sure that this works?( yes I know that you mabey don't know the details, but I mean in general from your experience :) )

  0  
  0  
#7
Options
Re:Forcing a specific DNS Server
2023-07-12 21:10:50

  @heilrichst 

 

Yes, that will work. I know that from a personal experience - search for "Blocking External Client DNS Queries | pfSense Documentation".

There's a guide that will give you more details on how to add a PiHole to the pfSense if you want to - search "Add Pi Hole to PfSense: How to".

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  1  
  1  
#8
Options
Re:Forcing a specific DNS Server
2023-07-12 21:32:20

  @terziyski 

ah nice 

i found this one:

 

Blocking External Client DNS Queries - Netgate Documentation

 

when you have experience. Do you have a recommendation for cheap hardware to realize that. A old secondary marked notebook or so?

  0  
  0  
#9
Options
Re:Forcing a specific DNS Server
2023-07-12 21:46:49

  @terziyski 

well i try to summon possible solutions now.

I have two ideas more:

1. Is it possible to expand the functionality's of the vr600v with the described er600 when using the bridgemode too. I think this could be the easiest solution to force dns for a newby.

2. cheapest solutions could be to install pfsence on the aws server is that possible?

  0  
  0  
#10
Options
Re:Forcing a specific DNS Server
2023-07-12 23:40:40

  @heilrichst 

 

These two scenarios are possible solutions.There is pfSense Plus for AWS.

It's possible to use an old PC or laptop with two ethernet network cards as well.

Keep in mind that pfSense box would turned on 24/7 so minimizing noise an electricity consumption is essential.

A good approach would be to buy a third party hardware on which you will install the pfSense software image.

There's a lot of manufacturers that provide such - for example check this video.

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  0  
  0  
#11
Options

Information

Helpful: 0

Views: 1526

Replies: 10

Related Articles