If you have an ASUS router you have the good fortune of being able to use the Merlin image for your router. This image is built on DD-WRT, and exposes a number of really cool features that isn’t always available with vanillas Router OS’.
A couple of cool features include:
- Prevent DNS changes on local devices, and force your preferred DNS on your network.
- Forcing DNS-over-TLS for secure DNS communication;
Prevent Local DNS Changes
One of the really cool features is your ability to force the DNS of your choice on your LAN. You do this via the LAN > DNSFilter settings page.
Here you want to turn ON the “Enable DNS-based Filtering” option, choose “Router” as your filter mode, and enter the DNS pairs we provide in your dashboard.
Apply the settings and it should reset your connection.
What’s really cool about this feature is it doesn’t just kill the DNS connection, it redirects it. The user doesn’t experience interrupted service, instead it responds as you would expect but with your predefined settings.
Nifty!
Encrypt your DNS with DNS-over-TLS (DOT)
Another really neat feature is the ability to use DOT for encrypted DNS communciation.
You configure this via this settings page: WAN > Internet Connection
From there, scroll down until you get to the WAN DNS Setting section. Here you want to make sure to a few options are selected:
- Connect to DNS Server automatically: NO
- Enter Primary and Secondary IP’s (provided in dashboard)
- Forward local domain queries to upstream: YES
- DNS Privacy Protocol: DNS-over-TLS (DoT)
Add your DOT server to the table under “Preset Servers”, and leave the drop down empty.
You will use the DOT stamp provided in your dashboard that reads: DNS over TLS (Private DNS for Android)
The IP you want to use is the IP of the domain, not the one in your account. You can find it by doing a basic host lookup:
host custom79xxxxxxxxxxxxxxx5.dot.cleanbrowsing.org
custom79xxxxxxxxxxxxxxx5.dot.cleanbrowsing.org has address 185.228.168.199
Which would give you an output like this: