Sorry if I’ve missed this in the documentation but is it possible to choose different DNS Servers for clients on different VLANs please?
Can you also have content filtering rules apply to one VLAN/network and not the other? Reason I ask is I’d like at least 2 different networks. One locked down and content filtered network for kids, the other for grown ups.
That’s great Marcus thanks! Is it possible to achieve content filtering based on VLAN please? Or is it a case of content filtering for all hosts on the router, barring exceptions?
Bumping an old thread…with an extension of the question.
Is it possible to define specific DNS server IPs at the WAN level, but then define a different set of DNS servers at the VLAN level for just one of the VLANs?
My specific case - I’d like to use a pi-hole for just one of my VLANs and use a standard commercial DNS server (e.g., Google, Quad 9) for all of the other VLANs without having to set the DNS addresses for each of those VLANs.
I tried specifying DNS IPs at the WAN level and then defining a different set for just one VLAN, but that VLAN setting seemed to be ignored and DNS requests from clients on that VLAN were seemingly being addressed by the DNS servers defined at the WAN settings level.
Am I missing something…or are my expectations flawed? Thanks.
Sure, but I wouldn’t blame you if you don’t believe what I am seeing because I hardly believe it myself.
.
First, start with my setup, which is a Balance One that controls two AP One Enterprise APs.
The Balance One has 4 defined VLANs, some of which are available wirelessly. The VLAN in question is called “Trusted Clients” in the screen shots below. This VLAN is bound to a physical port and is also available wirelessly via an associated SSID bound to the VLAN. And I want it to use a unique DNS server (a pi-hole installed on the same VLAN).
.
So, here are the screenshots…
.
I only have one WAN in use, and it is configured for the Google DNS servers:
^ (and Quad 9 as the secondary DNS in case it drops to secondary, so I can tell it is still not using the Google DNS servers defined on WAN screen)
.
All of the other VLANs are configured to use the default DNS servers (“Assign DNS server automatically” checked), as shown below for the “Untrusted Clients” VLAN:
Hello @scuba_steve,
We regualrly configure different DNS settings for different VLANs, we set these all up using InControl2 and they work a treat, the WAN is normally left on the ISPs default, so try using on the WAN the ISPs default and then setting up the Navtive LAN and the VLANs with the required different DNS settings, if we can do this though InControl2 it certianly can be done locally on the device.
One other note, if your ISP blocks DNS except for the ISPs DNS or approved list of DNS servers, then you have to use what they allow, several of our clients have DNS traffic blocked at the WAN level, only approved DNS servers are allowed.
Happy to Help,
Marcus
Thanks Marcus. I debated setting DNS explicitly for all of the VLANs, but was hoping to avoid it to facilitate maintenance (i.e., if I decide to switch DNS providers in the future). That said, it wouldn’t be that hard and that may be what I do, but what I am seeing with my current config seems a bit bizarre, so I was curious if I am missing something.