Sorry if I’ve missed this in the documentation but is it possible to choose different DNS Servers for clients on different VLANs please?
Can you also have content filtering rules apply to one VLAN/network and not the other? Reason I ask is I’d like at least 2 different networks. One locked down and content filtered network for kids, the other for grown ups.
Hope someone can help!
Hello @brill,
Yes you can have different DNS Servers for each VLAN.
When setting up or editing your VLAN, just un-tick the “Assign DNS server automatically” and then enter up to two DNS Servers as you need.
Note: This option needs to be done within the device, DNS Servers can not be edited from the VLAN settings within InControl2 (well not yet).
Happy to Help,
Marcus 
That’s great Marcus thanks! Is it possible to achieve content filtering based on VLAN please? Or is it a case of content filtering for all hosts on the router, barring exceptions?
Thanks again!
@brill, sure - this is possible. When you configure the Content Blocking you can define exempted Subnets:
Thanks!
Bumping an old thread…with an extension of the question.
Is it possible to define specific DNS server IPs at the WAN level, but then define a different set of DNS servers at the VLAN level for just one of the VLANs?
My specific case - I’d like to use a pi-hole for just one of my VLANs and use a standard commercial DNS server (e.g., Google, Quad 9) for all of the other VLANs without having to set the DNS addresses for each of those VLANs.
I tried specifying DNS IPs at the WAN level and then defining a different set for just one VLAN, but that VLAN setting seemed to be ignored and DNS requests from clients on that VLAN were seemingly being addressed by the DNS servers defined at the WAN settings level.
Am I missing something…or are my expectations flawed? Thanks.
Would you able to share your configuration screenshot here ? A bit confuse base on the explanation given above.
Sure, but I wouldn’t blame you if you don’t believe what I am seeing because I hardly believe it myself.
.
First, start with my setup, which is a Balance One that controls two AP One Enterprise APs.
The Balance One has 4 defined VLANs, some of which are available wirelessly. The VLAN in question is called “Trusted Clients” in the screen shots below. This VLAN is bound to a physical port and is also available wirelessly via an associated SSID bound to the VLAN. And I want it to use a unique DNS server (a pi-hole installed on the same VLAN).
.
So, here are the screenshots…
.
I only have one WAN in use, and it is configured for the Google DNS servers:
.
As noted, I have several VLANs, but for this presentation, I will only show two:
.
First, the “Trusted Clients” VLAN, which has its own DNS servers defined, the primary of which is a local DNS server on the VLAN (a pi-hole):
^ (and Quad 9 as the secondary DNS in case it drops to secondary, so I can tell it is still not using the Google DNS servers defined on WAN screen)
.
All of the other VLANs are configured to use the default DNS servers (“Assign DNS server automatically” checked), as shown below for the “Untrusted Clients” VLAN:
.
And what I see:
All VLANs other than “Trusted Clients” use the primary DNS server defined on the WAN screen (8.8.8.8) - GOOD
All wireless clients of the “Trusted Clients” VLAN use the primary VLAN defined defined on that VLAN screen (192.168.2.5) - GOOD
All wired clients of the “Trusted Clients” VLAN use the primary VLAN defined on the WAN screen (8.8.8.8) - Huh?
.
And yes, I have flushed all the DNS caches 
Hello @scuba_steve,
We regualrly configure different DNS settings for different VLANs, we set these all up using InControl2 and they work a treat, the WAN is normally left on the ISPs default, so try using on the WAN the ISPs default and then setting up the Navtive LAN and the VLANs with the required different DNS settings, if we can do this though InControl2 it certianly can be done locally on the device.
One other note, if your ISP blocks DNS except for the ISPs DNS or approved list of DNS servers, then you have to use what they allow, several of our clients have DNS traffic blocked at the WAN level, only approved DNS servers are allowed.
Happy to Help,
Marcus
Thanks Marcus. I debated setting DNS explicitly for all of the VLANs, but was hoping to avoid it to facilitate maintenance (i.e., if I decide to switch DNS providers in the future). That said, it wouldn’t be that hard and that may be what I do, but what I am seeing with my current config seems a bit bizarre, so I was curious if I am missing something.
On the positive side, the ISP allows the switch.
Cheers!
Do you mean Wired Client getting DHCP DNS server IP as 8.8.8.8 ? If yes, this is not a expected results.
