DNS and AccessRestriction

Discussion in 'Tomato Firmware' started by Meffy, May 21, 2007.

  1. Meffy

    Meffy LI Guru Member

    I currently have fixed dns ips set up in my router.
    Im having trouble explaining so I'll give an example instead

    Under accessrestriction,i have www.example.com blocked.I typed it in my browser and indeed it was blocked,but when i checked my ISP's DNS log,I noticed that www.example.com was resolved and thus leading me to believe that even thou it was blocked,bandwidth was still spent in checking the IP of www.example.com before it attempted to connect

    After these series of events,I was wondering if this was intended or a bug?Since its access is restricted..why does it bother to resolve the IP for it still,or is it a specific setting in tomato that can be toggled?
  2. Talon88

    Talon88 LI Guru Member


    At the rule setting, which keyword you put?

    www.example.com or
    example.com or
    example. or

    Try put example. only

  3. Roimeister

    Roimeister LI Guru Member

    when you type a url into a browser, DNS resolution happens before you actually attempt to access the site... so, the router first sees a DNS query just like any other DNS query and processes it, then it sees the attempt to access the site and blocks the attempt
  4. affer

    affer LI Guru Member

    You are using access restriction. So the address may well be resolved or data may reach your modem before being dropped. What you want to do is better done using the hosts file in /etc or (god knows where) in windows. Your OS will check hosts against the hosts file before attempting to resolve the name, so it won't even go out to a dns server if you restrict by way of the hosts file instead.
  5. Meffy

    Meffy LI Guru Member

    I've used that before in the past but Im trying my best to prevent bandwidth from being wasted as my router is being used by my roommates too and Im probably unable to modify files on their computer

    I've been using example. for testing..thanks tho:p

    EDIT:Does anyone know if its possible to add entries like "example." into dnsmasq and make it direct to an ip like to prevent it from resolving the address?If so..Please teach:O
  6. Talon88

    Talon88 LI Guru Member


    Meffy, I think you don't need to worry too much,
    DNS Resolve will not take you many Bandwidth,
    just a very very very little.....!

    So, Try to use "access restriction" & it will
    work for you.

  7. Roimeister

    Roimeister LI Guru Member

    in the Basic-->Static DHCP settings, you can add mac address 00:00:00:00:00:00 IP Address x.x.x.x (the actual ip address of the site you're trying to block) and hostname example.com. This will allow dns resolution to be performed over the LAN only, then access restrictions will block the access attempt.

    but like Talon said, dns resolution takes very little bandwidth, or, very very very little :grin:
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice