Reply

ORBI RBR40 Block DNS Bypass

kproth
Tutor

ORBI RBR40 Block DNS Bypass

Would like to block direct access to external DNS servers -- requiring all users on my home network to flow DNS through the Orbi router.  Found the Advanced option to block Services, and tried blocking access to "DNS" for all hosts except the router itself (i.e. starting at ".2" and ending at ".254").  But that also prevents access to the router's own DNS service.  That doesn't seem right, as the Block Service help screen says it blocks access out to the internet only.  Also found this page (https://community.netgear.com/t5/Orbi/Preventing-circumvention-of-OpenDNS/m-p/1300593) where someone described the same thing I tried as if it works.  If it worked for them, then what did I do wrong?  Can anyone suggest something I might have done wrong?  Or, can I not use this feature to do what I'm trying to do?

Model: RBK40| Orbi AC2200 WiFi System
Message 1 of 11
FURRYe38
Guru

Re: ORBI RBR40 Block DNS Bypass

I would contact @OrbiPhilip via PM and have help help you...If what he mentioned in that linked post doesn't work for you...

My Setup (Cable 1Gbps/50Mbps)>CM1200 v2.02.03(LAG Disabled)>RBK853 v3.2.18.223/SRK30 V3.2.33.106)
Additional NG HW: C7800/CM1100/CAX80/CM2000, Orbi CBK40, RBK50, R7800, R7960P, EX7500/EX7700, XR450(v2.3.2.120) and WNHDE111
Message 2 of 11
OrbiPhilip
Luminary

Re: ORBI RBR40 Block DNS Bypass

I am not running it now (v2.1.4.16), but I was at the time.  I set my block range equal to my DHCP scope, which was x.x.x.100-200.

Message 3 of 11
OrbiPhilip
Luminary

Re: ORBI RBR40 Block DNS Bypass

I am not running it now (v2.1.4.16), but I was at the time.  I set my block range equal to my DHCP scope.


P.S. This message editor is awful

Model: RBR50| Orbi AC3000 Tri-band WiFi (Router Only)
Message 4 of 11
kproth
Tutor

Re: ORBI RBR40 Block DNS Bypass

I tried again. Used a narrower block range, encompassing just my DHCP scope. Still no bueno -- it blocks *all* DNS access, including requests sent to the router's IP address. I only want to block requests being sent out to the internet. But since there's nowhere to specify which *DESTINATION* IP range I want to block (or which destination IP's I don't want to block) this doesn't appear to be an option. @Netgear: please make the service blocking smart enough not to block services that the router is providing...
Message 5 of 11
thorax
Aspirant

Re: ORBI RBR40 Block DNS Bypass

Has anyone found a way around this yet?  Blocking Services prevents devices from even communicating with the router over port 53.

Message 6 of 11
FURRYe38
Guru

Re: ORBI RBR40 Block DNS Bypass

Have you tried the methods mentioned in this thread? 

Might ask @OrbiPhilip for more help. 


@thorax wrote:

Has anyone found a way around this yet?  Blocking Services prevents devices from even communicating with the router over port 53.


 

My Setup (Cable 1Gbps/50Mbps)>CM1200 v2.02.03(LAG Disabled)>RBK853 v3.2.18.223/SRK30 V3.2.33.106)
Additional NG HW: C7800/CM1100/CAX80/CM2000, Orbi CBK40, RBK50, R7800, R7960P, EX7500/EX7700, XR450(v2.3.2.120) and WNHDE111
Message 7 of 11
thorax
Aspirant

Re: ORBI RBR40 Block DNS Bypass

Sorry, I assumed that would be clear.  Yes, I have.  It blocks *all* DNS requests, just as was stated up thread.

Message 8 of 11
FURRYe38
Guru

Re: ORBI RBR40 Block DNS Bypass

DNS is assigned to port 53. So any configuration to block DNS will be bloced on port 53. 

My Setup (Cable 1Gbps/50Mbps)>CM1200 v2.02.03(LAG Disabled)>RBK853 v3.2.18.223/SRK30 V3.2.33.106)
Additional NG HW: C7800/CM1100/CAX80/CM2000, Orbi CBK40, RBK50, R7800, R7960P, EX7500/EX7700, XR450(v2.3.2.120) and WNHDE111
Message 9 of 11
thorax
Aspirant

Re: ORBI RBR40 Block DNS Bypass

That's not what the help page says.  It says it blocks *internet* access.  So therefore I should still be able to communicate on port 53 on the LAN, but I cannot.

Message 10 of 11
FURRYe38
Guru

Re: ORBI RBR40 Block DNS Bypass

You might send @OrbiPhilip a PM to see if he can comment on this..


@thorax wrote:

That's not what the help page says.  It says it blocks *internet* access.  So therefore I should still be able to communicate on port 53 on the LAN, but I cannot.


 

My Setup (Cable 1Gbps/50Mbps)>CM1200 v2.02.03(LAG Disabled)>RBK853 v3.2.18.223/SRK30 V3.2.33.106)
Additional NG HW: C7800/CM1100/CAX80/CM2000, Orbi CBK40, RBK50, R7800, R7960P, EX7500/EX7700, XR450(v2.3.2.120) and WNHDE111
Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 2150 views
  • 0 kudos
  • 4 in conversation
Announcements