Quick note for the Draytek 2830
Disclaimer:
Due to the wide variety of devices available and potential variations in their firmware, the information presented below may or may not be accurate. For this same reason, OpenDNS support will generally not be able to provide device-specific assistance beyond what is provided below. If you need further assistance specific to your device, please contact either the manufacturer's support team, or your ISP if you are using leased equipment.
Below is the direct URL for the device's manual. This will assist with logging into your router on page 15. The second PDF outlines the steps to configure OpenDNS and force all DNS through our resolvers. This will prevent a user from using a different DNS server on their computer and automatically update your account when your public IP address changes. This will help keep the filters applied to your network.
- http://www.draytek.co.uk/download/support/userguides/Vigor2830%20User%20Guide%20V1.01.zip
- https://support.opendns.com/attachments/token/V26cuDR3N843ZCtv2siUc43j7/?name=draytek_2830_opendns.pdf
Let's get started!
1. Log into the router's configuration page by typing the IP address into your address bar 192.168.1.1. Type in the username and password the word admin and login.
2. In the left menu, click LAN -> GENERAL SETUP -> DETAILS PAGE for your network
3. Use the IP addresses 208.67.222.222 and 208.67.220.220 for the PRIMARY and SECONDARY DNS
4. If you have more than one internal LAN then check the box marked “Force router to use "DNS server IP address" settings specified in” and select the LAN you configured for OpenDNS (usually LAN1).
5. Click OKAY
Setting up DNS to only go to OpenDNS (block all others)
The problem is that if you manually type in DNS settings in your computer network settings it will bypass the Open DNS settings. So what we need to do now is to help your router not to allow any other DNS settings through. To do this go to the firewall settings on your router (not your computer) and block all outgoing TCP and UDP requests on port 53 that are not going to Open DNS.
1. Go to FIREWALL -> FILTER SETUP
2. The firewall settings are set up under default data filter.
Quick Note: These are the rules that will be set on your router
- allow DNS lookups that are going to open DNS 208.67.222.222
- allow DNS lookups that are going to open DNS 208.67.220.220
- block any other DNS lookups.
This is what the rules will look like after we are finished. Filter rule 1 will already be entered, so we will create rules 2 - 4.
3. RULE 2:
a. Click "Check to enable the filter rule"
b. Comments: Pass OpenDNS #1
c. Direction: LAN/RT/VPN->WAN
d. Source IP: Any
e. Destination IP: 208.67.222.222
f. Service Type: Click EDIT ->
f1. Protocol: TCP/UDP
f2. Source Port: = 53 in first box, 65535 in second box
f3. Destination Port: = 53 in first box, 53 in second box
f4. Remaining options: none
f5. click OK
g. Click OK
4. RULE 3: Repeat the above steps for rule 2, but change the comment to Pass OpenDNS #2
5. RULE 4: This will block all other DNS requests.
a. Comments: Block other DNS
b. Source IP and Destination IP: any
c. Service Type: see step F above
d. Click OK
Quick Note: The following screenshots are examples of what the rules will look like when configuring them.
Rule 2 and 3:
Rule 4:
Setting Dynamic DNS updates for OpenDNS
Set for the appropriate WAN interface (WAN2 = Fibre). Click APPLICATIONS -> DYNAMIC DNS
- WAN interface = WAN2 only
- Service Provider = Customised
- Provider host = updates.dnsomatic.com
- Service API = /nic/update?hostname=
- Auth Type = basic
- Connection type = http
- Server response = <empty>
- Login Name = OpenDNS Username
- Password = OpenDNS Password
- Wildcards = <unchecked>
- Backup MX = <unchecked>
- Mail Extender <empty>
- Determine Real WAN IP = WAN IP