Expired

XII. Firewall/Security Features

Expired

LAN DNS

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2763
Show all

Keywords:
Block DNS
DNS Proxy
LAN DNS

The [Applications] > [LAN DNS] function allows the router to resolve domain name queries with an entry from the locally configured profile instead of relaying the query to a DNS server. This feature can be useful as an easy way to add a hostname that would be only for local usage or to control the IP Address entry for a specific hostname for CSM purposes.

The LAN DNS settings configured will affect all DNS lookups, regardless of whether the router's IP address is being used as the DNS server on a client machine, as long as the DNS query goes through the router as a gateway.

It can also be set to only modify the DNS only for clients in the same subnet, for example there are two subnets configured on a Vigor 2830 router using VLANs; 192.168.1.x and 192.168.2.x. The LAN DNS profile of "www.businessname.net" would have two IP address entries configured, 192.168.1.254 (with Same Subnet Reply enabled) and 198.51.100.124.
Clients on the 192.168.1.x network would get the local address of 192.168.1.254 as the response because of the Same Subnet Reply option.
Clients on the 192.168.2.x network would receive the public address of 198.51.100.124 because they're not in the same subnet as the local IP address entry.

From firmware 3.7.6 onwards, the Domain Name specified can use a wildcard of *, for instance www.google.* could be used to affect DNS lookups for all of the different country TLDs (Top Level Domains) without needing a separate LAN DNS profile for each.

Firmware 3.6.6 to 3.7.8

  1. Go to [Applications] > [LAN DNS] and choose a profile.

    Key:
    Profile: Name of the profile, just for reference
    Domain Name: The domain name that will be filtered
    IP Address List: Each entry will create an A Record (Address Record)for the domain name

  2. To add an A Record click the Add button. Enter the host's IP Address into the box that pops up. To restrict the DNS so that it only applies to DNS queries originating from the same subnet tick the

    "Only responds to the DNS request when the sender is in the same subnet." tick box.

  3. Make sure that the profile is set to "Enabled"

A DNS query for the domain name set will now result in a reply with the A Record that's been set.

Note: If setting records for local hostnames, the DNS suffix of the machine needs to be considered. For example a DNS query that is not a fully qualified domain will typically have the DNS suffix appended to it, so the entry on the router should include the DNS suffix as well. The DNS Suffix can be checked using the 'ipconfig /all' command on a Windows machine but the topic is outside the scope of this article to go into in detail.




How do you rate this article?

1 1 1 1 1 1 1 1 1 1

First Published: 18/03/2013
Last Updated: 22/04/2021

Comments

From: Daniel
25/06/2019

This only works for multi level domains/hosts. e.g. server.local will not resolve but server.blah.local does.