My Router uses DD-WRT Firmware. Can I still use OpenDNS?

Comments

15 comments

  • Avatar
    sirbigspur

    thanks!

    0
  • Avatar
    rotblitz

    Worth to read: http://www.dd-wrt.com/wiki/index.php/OpenDNS

    Commenting on:

    1. Depending on the behavior you want, set Static DNS 3 set to:
      1. 0.0.0.0 to fall back to your ISP DNS if OpenDNS is unresponsive
      2. 10.0.0.0 (a non-usable IP) if you don't want to use any other servers
      3. Another DNS server of your choice (Do not duplicate one of the first two DNS's or it will default to 0.0.0.0) - Note: OpenDNS also has these DNS IP's that can be used for the 3rd Static DNS: 208.67.222.220 and 208.67.220.222 - To ensure that all devices are restricted by OpenDNS Web Content Filtering you should configure all 3 Static DNS entries using the OpenDNS IP's.

    Use only option 3 with the additional OpenDNS resolver addresses 208.67.222.220 or 208.67.220.222, else you will not be using OpenDNS and your dashboard settings reliably, but randomly only.

    0
  • Avatar
    Brian Gregory

    For best results enter 208.67.222.222 as the first resolver address and any two of 208.67.220.220, 208.67.222.220 and 208.67.220.222 as the next two. Add strict-order to additional dnsmasq options so that the router tries 208.67.222.222 first. This is best since 208.67.222.222 seems to be updated with new dns information much more often than the other opendns resolvers.

    0
  • Avatar
    phantomcharlie309

    I used Brian Gregory's way and worked great!

    Static DNS 1
    ...
    Static DNS 2
    ...
    Static DNS 3
    ...
    Additional DNSMasq Options
    strict-order

     

    0
  • Avatar
    phantomcharlie309

    208.67.220.222

    208.67.222.220

    208.67.220.222

    0
  • Avatar
    Brian Gregory

    You always want 208.67.222.222 first and you always want to query it first because it's the most up to date. OpenDNS can take quite a while to pass DNS changes on the other secondary DNS servers.

    0
  • Avatar
    Brian Gregory

    Oh and I should add that in the latest dd-wrt builds you should not manually put in 'strict-order' because you can just enable 'Query DNS in Strict Order' just above there on the 'Services' page.

    0
  • Avatar
    murraykj709
    iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

    I used the usual dns ip entries as above.

    However, if you also want to do them from the cli here is what you need to add:

    This is from the ddwrt website.

    0
  • Avatar
    Brian Gregory

    >> iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr) 

    >> iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

     

    I don't see why you would need anytrhing like that.

    I'd be inclined to ignore this unless murrykj709 can provide more info that just that he found them somewhere on the dd-wrt website.

    0
  • Avatar
    murraykj709
    Telnet ssh administration without Web gui.
    0
  • Avatar
    mattwilson9090

    @murraykj709 What is it that you are trying to accomplish with these commands, and how are they different from other examples offered in here.

    Also, you said you found them on the dd-wrt website. Could you provide a link to the reference so that others may evaluate it for themselves and look at other information that is there.

    0
  • Avatar
    murraykj709
    http://www.dd-wrt.com/wiki/index.php/OpenDNS

    Same as above address.

    full details are at .

    0
  • Avatar
    murraykj709
    Intercept DNS Port

    You can prevent users from using their own DNS servers (and hence get around content filtering) by intercepting DNS queries and forcing them to use the DNS servers you specify.

    0
  • Avatar
    Brian Gregory

    It would be pretty stupid to have to telnet in and issue them again every time you booted up the router.

    Plus there is a checkbox for forced DNS redirection in the web interface of recent versions of dd-wrt anyway.

    The dd-wrt website is such a mixture of assorted old and out of date stuff it's dangerous to just quote a couple of lines from it.

    0
  • Avatar
    aande

    @Brian Gregory

    You are right in that it would be lame to have to implement those iptables every time you booted the router. They can be saved on the Adminstration>Commands tab in the web interface as Firewall (paste them in the Commands text box and click Save Firewall at the bottom). This will save those rules in memory to be implemented during every startup. 

    However, you're offered solution of check the "Forced DNS Redirection" checkbox on the Setup>Basic Setup tab is definitely the typical user's best way to go. There is also a similar checkbox ("Forced DNS Redirection") and separate DNS configuration for any Virtual Access Points (VAPs) that might be used as a guest wifi network. I use OpenDNS for both my network and my guest network and have both boxes checked. The necessary rules to force DNS are installed in the PREROUTING iptable chain. For those who want to see those rules, you can run "iptables -t nat -vnL PREROUTING" (without the quotes) on the command line interface of your router or the Administration>Commands tab on the web interface after checking the boxes, saving the changes, and applying the changes.

    0

Please sign in to leave a comment.