D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-850L => Topic started by: cacatnow on April 08, 2018, 11:37:51 AM

Title: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 08, 2018, 11:37:51 AM
I saw a post on other site you can block Google DNS by using "access control". Now how do I access it on B1 hardware?
I tried using static route option that just does not work.
I saw screenshot of A1 router page they have that orange UI which includes access control settings. Am I missing something or is it not possible on B1?
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: FurryNutz on April 08, 2018, 12:59:10 PM
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)


Is there anything under Firewall or Port Forwarding?

Rev B models have different UI and them. Some features were removed in Rev B models.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 08, 2018, 05:22:37 PM
No such thing as "status". It is listed at the top of the page. It is FW2.09. I am in Asia. It came from my ISP.

Some features were removed in B models? That sucks. I need to block Google DNS.

I tried using Firewall to block it but it does not work. I don't know if it is my settings or it just refuses to work I'm not good at these things.

Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: FurryNutz on April 08, 2018, 08:41:55 PM
You might ask your ISP if they can help you block Google DNS.
if this router came from them, they maybe handling the FW on the router. Some ISPs do this, which D-Links stock FW may not work on it.

Another suggestion, find a DDNS service and use it's DNS IP addresses on the router and enable DNS Relay. This will use specific DNS for all connected devices. You can set up blocking of sites and such with the DDNS service.

Last resort, you might try some 3rd party FW like DD-WRT or OpenWRT if they support his model router.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 08, 2018, 09:45:10 PM
Unfortunately I don't think my ISP offers this kind of service. I tried asking them once they ask me to contact DLink support instead.

DDNS? I don't know how to set it up. Also I don't think it will work on chromecast as this is the only device I want to block Google DNS from as chromecast always use hardcoded DNS. Blocking Google DNS from the router is the only way to bypass this.

DD-WRT and OpenWRT do not support this router.

Anyway thanks for the reply.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: FurryNutz on April 08, 2018, 10:15:49 PM
Just curious, why are you wanting to block Googles DNS on ChormeCast? Wont that break it's operation?

If the router has stock fW, you can try loading D-Links FW on it however I don't think you'll still be able to block DNS.

Under firewall, have you tried setting up a IPv4 rule and input the Google DNS address(s) in and try this? Try using a local IP address or give same address as the CC to feed back on. Not sure if this would work either.

Enter a Name for the new rule.
Enter the Source IP Address Range that the rule applies to. Using
the drop-down menu, specify whether it is a WAN or LAN IP address.
Enter the Destination IP Address Range that the rule applies to.
Using the drop-down menu, specify whether it is a WAN or LAN IP
address.
Select the protocol of the traffic to allow or deny (Any, TCP, or UDP)
and then enter the range of ports that the rule will apply to.
Use the drop-down menu to select a Schedule when the rule will
be enabled. The schedule may be set to Always Enable, or you can
create a schedule from the Schedules section (refer to page 71 of the user manual).
Click Apply when you are done.
The IPv4/IPv6 Rules section allows you to specify the kind of traffic that is allowed to pass through the network.

You can set a schedule to not allow or disable this.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 08, 2018, 11:28:52 PM
If you block Google DNS the chromecast will fall back to the DNS set up on the router.

I don't know if the FW is stock or not. It has blue/white UI.

I already tried IPv4 rule but I don't know exactly what values to enter. I tried a lot of numbers/IP into the box but it does not seem to work.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: FurryNutz on April 09, 2018, 10:08:59 AM
You'll have to find out the DNS addresses the CC uses. I would run wireshark and see if you can see what the CC is using. Might do a search on line and see if there is any information on this. Then input those addresses in to the rules. Try to point them to fake local IP address or change WAN to both LAN. Not sure if this will work or not. Worth a try.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 09, 2018, 11:15:10 AM
Obviously chromecast only uses Google DNS, which I'm trying to block. Unless there are other DNS it uses which I don't know. But I'm fairly certain it only uses Google DNS.

Input those address on which box? How to even point them to fake local IP? Sorry I'm totally sucks at this.

Here is an image on my firewall page for your reference.

 (https://i.imgur.com/zFldiVy.jpg)
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: FurryNutz on April 09, 2018, 01:00:02 PM
In put the DNS IP address into source box change to LAN and set 192.168.0.254 as the destination and change to LAN. Port set to any or udp.

see if this works.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 09, 2018, 04:03:32 PM
So I put the values like you suggested. I put 53 into port range because it does not let me leave it empty and set it to any. When I click save, it does not prompt me to reboot router. Tried to ping Google DNS, I still get replies. Rebooted the router, guess what? Still get replies from Google DNS.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: FurryNutz on April 09, 2018, 04:25:20 PM
Probably not going to work then.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 09, 2018, 04:33:47 PM
Welp. Thanks for the replies. I guess I'll just have to live with it or buy a new router
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: FurryNutz on April 09, 2018, 04:35:00 PM
So if you have DNS relay enabled on the router and you input manual DNS into the routers Internet section, Does the CC still use it's own DNS or will it use the routers DNS?
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 10, 2018, 12:48:54 AM
CC will always use hardcoded Google DNS unless it is blocked. I have disabled DNS Relay since Day 1. I also experimented the firewall by inputing my current DNS and my laptop's IP address, then used wireshark. I still get DNS responses. As of now I am certain this firewall refuses to work no matter what values I put in.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: GreenBay42 on April 10, 2018, 07:05:03 AM
Try setting a static route. Let us know if this works.

Go in to your router Features > Static Route. Click Add Route.

Name: chromecast1 (or whatever)
Destination Network:  8.8.8.8
Mask:  255.255.255.255   or   255.255.255.252
Gateway: IP address of the router (192.168.0.1)
Metric: 1
Interface:  WAN

Save settings.

Repeat with 8.8.4.4, 208.67.222.222 and 209.244.0.3.

Flush the DNS on your computer --> https://techwiser.com/flush-dns-cache/ (https://techwiser.com/flush-dns-cache/)

Try pinging 8.8.8.8. It should not return replies...hopefully






Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 10, 2018, 08:55:00 AM
Actually I already tried using static route method before it came to asking for help here. There is a site stating that the if the interface is locked to WAN it will not work. Unfortunately this router can't set the interface to LAN.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: GreenBay42 on April 10, 2018, 09:17:41 AM
I tested this, seemed to work

Features > Firewall > IPv4

Select Turn IPv4 Filtering ON and DENY rules listed

Add Rule:

Name: CC1
Source IP Address Range:  LAN  (the IP address of your chromecast) or put the IP range of your LAN (e.g. 192.168.0.1-192.168.0.254). Putting in the router IP or 192.168.0.255 will not work
Destination IP Address Range:  WAN   8.8.8.8
Protocol & Port Range: ANY
Schedule: Always Enable

Click APPLY and then click Save.

Create 3 more rules with 8.8.4.4, 208.67.222.222 and 209.244.0.3.

Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 10, 2018, 11:54:56 AM
Did you reboot the router? I did a quick test (a bit busy atm) without rebooting it (no prompt to reboot after saving either) did not work. What am I supposed to put into the port range? It does not let me leave it empty. I did put 53 as thats the usual port for DNS query but it did not work. CC is still using Google DNS
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: GreenBay42 on April 10, 2018, 12:03:37 PM
Put nothing in the port box. Click the drop-down where it says TCP and select ANY.  If you not have that option, enter 1-65535

You may not get prompted to reboot. Mine didn't and it worked. After you click Save, the button should be grayed-out unless you make a change. I am using a different model router though but has same GUI.

I will see if a tech has an 850L rev B to test.

Also, you are blocking the IP address, not the port.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: GreenBay42 on April 10, 2018, 12:17:07 PM
The 850L GUI is the same as what I am using.

Here is what I entered:

(http://images.dlink.com/new/articles/forum/firewall_rule.png)

(http://images.dlink.com/new/articles/forum/firewall_rule2.png)
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 10, 2018, 12:27:41 PM
I entered the values exactly like you did except IP address and Port Range. I put my CC's IP address (reserved it too) and 1-65535 as port range because I can't leave it empty. My CC is still using Google DNS.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: GreenBay42 on April 10, 2018, 12:28:44 PM
So you do not have a drop-down next to protocol & port range that gives you TCP, UDP, or ANY?

Also, create a second rule blocking 8.8.4.4.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 10, 2018, 12:36:41 PM
Posted screenshot

https://imgur.com/a/1RnRJ
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: GreenBay42 on April 10, 2018, 12:46:29 PM
hmm strange. That should work. 

Just to test, edit the 8.8.8.8 rule and put in 192.168.0.1-192.168.0.254 as the source range. Apply. Make sure Turn IPv4 filtering is ON and DENY.... is selected. Click save. Should take like 5 seconds and then ping 8.8.8.8 from your computer and see if you get replies.

What firmware are you using and what brower? I used IE 11.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 10, 2018, 12:50:33 PM
I still get replies from 8.8.8.8 FW 2.09 browser Google Chrome
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: GreenBay42 on April 10, 2018, 01:01:32 PM
I just saw 2.09 from your first post  ::)

You may want to update the firmware. The latest global release is 2.21. Maybe try that and see if it fixes it.

I see 2.09 is the latest in your region - http://www.dlink.com.my/dir-850l-msia/#firmware (http://www.dlink.com.my/dir-850l-msia/#firmware)

I do not know if the world wide (WW) firmware will work with your router. 2.21 is on the US site as well as tsd.dlink.com.tw (global releases). You may want to contact tech support and report the issue and see if using the 2.21 firmware will work. Your rules are set up properly but looks like the router is not blocking the traffic.

Link to WW firmware - ftp://FTP2.DLINK.COM/PRODUCTS/DIR-850L/REVB/DIR-850L_REVB_FIRMWARE_v2.21B01.zip (ftp://FTP2.DLINK.COM/PRODUCTS/DIR-850L/REVB/DIR-850L_REVB_FIRMWARE_v2.21B01.zip)
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: cacatnow on April 10, 2018, 01:05:45 PM
Lol I'm afraid to update to this WW firmware. It might broke the router altogether. Anyway thanks for the support.
Title: Re: Is it even possible to block Google DNS on 850L B1?
Post by: GreenBay42 on April 10, 2018, 01:10:50 PM
Sorry that didn't work for you. Definitely contact tech support because your settings are correct.

This firmware is a 2 step process. The first firmware encrypts the firmware so you will not be able to downgrade if it doesn't work. (you will have to do an emergency firmware recovery to go back to 2.09) so I do understand your hesitation.  :)