Forcing a specific DNS Server
Hi I need some help with my Routerconfiguration at home. I run Pihole on an AWS Server, which Acts as DNS. I changed the Router settings so that it is the standard DNS. Had to change Primary and Secondary Server In Lan settings and disable ipv6 there. Works fine. Now I tried several things to force the router to use only Pihole as dns. With portfiltering I had created a setup which worked almost. So all DNS Servers I set up on the devices provided no internet with exception of the Pihole ip (which was good) and the router ip (which was super bad). With the setup after that I had problems with blocking dns servers at all. Is there a possibility to do that in the TP link setting and if not is there the possibility to run other software with that router ( something which Akts as a more advanced firewall) or general other solutions?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
There's no mechanism to block certain DNSs on VR600v. If a client device is configured with a static IP address and manually set DNSs it will bypass your PiHole.
A pfSense firewall is a possible solution since it has the features which you may use for the purpose.
One of the possible scenario is to use the VR600v in bridge mode and pfSense box behind it as a main router.
If you have a VoIP service configured on your VR600v you may need to use the VR600v as you do now, but that's not a culprit since you can configure a DMZ to the pfSense box behind.
- Copy Link
- Report Inappropriate Content
You can force custome DNS for your router internet connection here:
Click on Advanced and scroll down:
Keepn in mind that if your PiHole is with a private IP address - the WebGUI would probably give you an error message if you try to set its IP address there.
Normally a private PiHole IP address should be set in LAN => DHCP settings (as you did for Primary & Secondary DNS) to be used by the router client devices.
- Copy Link
- Report Inappropriate Content
hi thanks for your answer. Sry I forgot to say this setting you discribet is part of my current setup too. I have set the public ip address of the Pihole In the Lan and internet settings. And with that I can access the internet with all devices with any given DNS Server when I manualy set it up.
- Copy Link
- Report Inappropriate Content
These two DNS related settings (for Internet connection and LAN=>DHCP server) are the only onse which you could set in VR600v.
That's a home grade modem router and it doesn't have configurable firewall policies as the business grade devices like ER605.
- Copy Link
- Report Inappropriate Content
ok thank you this underlines my assumption that this is not possible in the tp link Menü. (But there reamains some last hope) if I was able to block all dns exept the Pihole and the router dns. Is there no way to block the router ip as dns too?
and If not I heard that so could run a firewall like pfsence(only a example) on a pc; permanently connected with the router with a LAN cable to do that. Is this a possible scenario where the is acces point and remains it's features as dsl, voice ip, tp link settingsmenu?
- Copy Link
- Report Inappropriate Content
There's no mechanism to block certain DNSs on VR600v. If a client device is configured with a static IP address and manually set DNSs it will bypass your PiHole.
A pfSense firewall is a possible solution since it has the features which you may use for the purpose.
One of the possible scenario is to use the VR600v in bridge mode and pfSense box behind it as a main router.
If you have a VoIP service configured on your VR600v you may need to use the VR600v as you do now, but that's not a culprit since you can configure a DMZ to the pfSense box behind.
- Copy Link
- Report Inappropriate Content
ok thank you, so mabey I'm going to run this setup in the near future. Nice if this possible together with the tp link router in bridging mode. Are you Sure that this works?( yes I know that you mabey don't know the details, but I mean in general from your experience :) )
- Copy Link
- Report Inappropriate Content
Yes, that will work. I know that from a personal experience - search for "Blocking External Client DNS Queries | pfSense Documentation".
There's a guide that will give you more details on how to add a PiHole to the pfSense if you want to - search "Add Pi Hole to PfSense: How to".
- Copy Link
- Report Inappropriate Content
ah nice
i found this one:
Blocking External Client DNS Queries - Netgate Documentation
when you have experience. Do you have a recommendation for cheap hardware to realize that. A old secondary marked notebook or so?
- Copy Link
- Report Inappropriate Content
well i try to summon possible solutions now.
I have two ideas more:
1. Is it possible to expand the functionality's of the vr600v with the described er600 when using the bridgemode too. I think this could be the easiest solution to force dns for a newby.
2. cheapest solutions could be to install pfsence on the aws server is that possible?
- Copy Link
- Report Inappropriate Content
These two scenarios are possible solutions.There is pfSense Plus for AWS.
It's possible to use an old PC or laptop with two ethernet network cards as well.
Keep in mind that pfSense box would turned on 24/7 so minimizing noise an electricity consumption is essential.
A good approach would be to buy a third party hardware on which you will install the pfSense software image.
There's a lot of manufacturers that provide such - for example check this video.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1435
Replies: 10
Voters 0
No one has voted for it yet.