Stopping Open DNS - ZyXEL P660R-C: Difference between revisions
|  Created page with "=660R-61C=  This is an older router, and it's a bit more tricky to disable WAN side DNS lookups. This will need a filter added, via the telnet interface. AAISP have seen route..." | mNo edit summary | ||
| (13 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| [[File:P660rd1.png]] | |||
| =660R-61C= | =660R-61C= | ||
| This is an older router, and it's a bit more tricky to disable WAN side DNS lookups.  | This is an older router, and it's a bit more tricky to disable WAN side DNS lookups.  | ||
| '''We would suggest that you purchase a new router, the P660R-D1 is available from [http://aa.net.uk/broadband-accessories.html AAISP]. ''' | |||
| This will need a filter added, via the telnet interface. AAISP have seen routers needing to be factory reset and re-configured before adding this rule. Generally, AAISP would suggest replacing this router, with a ZyXEL P660R-D1 or a Technicolor. | |||
| Add two filters, one to block DNS to your WAN IP address, and the other to your LAN Address: | Add two filters, one to block DNS to your WAN IP address, and the other to your LAN Address: | ||
|  1 Y IP Pr=0, SA=0.0.0.0, DA=[YOUR WAN ADDRESS], DP=53 N D N |  1 Y IP Pr=0, SA=0.0.0.0, DA=[YOUR WAN ADDRESS], DP=53 N D N | ||
|  1 Y IP Pr=0, SA=0.0.0.0, DA=[YOUR LAN ADDRESS], DP=53 N D F |  1 Y IP Pr=0, SA=0.0.0.0, DA=[YOUR LAN ADDRESS], DP=53 N D F | ||
| i.e.: | |||
| ie: | |||
| e.g., create a new filter set with the following information: | |||
|  Filter #: 6,1 |  Filter #: 6,1 | ||
|  Filter Type= TCP/IP Filter Rule |  Filter Type= TCP/IP Filter Rule | ||
| Line 26: | Line 32: | ||
|  Action Not Matched= Check Next Rule |  Action Not Matched= Check Next Rule | ||
| Add a second filter in the set that uses Destination: IP Addr as the LAN address of your router, and set the Action Not Matched to Forward. | Add a second filter in the set that uses Destination: IP Addr as the LAN address of your router, and set the Action Not Matched to Forward. e.g. | ||
|                     Filter #: 6,2 | |||
|                     Filter Type= TCP/IP Filter Rule | |||
|                     Active= Yes | |||
|                     IP Protocol= 0     IP Source Route= No | |||
|                     Destination: IP Addr= 81.187.245.141 | |||
|                                  IP Mask= 255.255.255.255 | |||
|                                  Port #= 53 | |||
|                                  Port # Comp= Equal | |||
|                          Source: IP Addr= | |||
|                                  IP Mask= | |||
|                                  Port #= | |||
|                                  Port # Comp= None | |||
|                     TCP Estab= N/A | |||
|                     More= No           Log= None | |||
|                     Action Matched= Drop            | |||
|                     Action Not Matched= Forward | |||
| Then add the filter number to the Remote Node (Menu 11, then edit filter set, AAISP Node, then go to Edit Filter Sets and change it to Yes. Pressing Enter will then take you to a screen where you can enter in the Filter rule number you created.) | Then add the filter number to the Remote Node (Menu 11, then edit filter set, AAISP Node, then go to Edit Filter Sets and change it to Yes. Pressing Enter will then take you to a screen where you can enter in the Filter rule number you created.) | ||
| The router will restart, but may need a powercycle. | The router will restart, but may need a powercycle. | ||
| *Then re-test from the Control Pages: https://clueless.aa.net.uk/dnsresolvers.cgi | |||
| [[Category:Open DNS Resolvers]] | |||
| [[Category:AA Routers]] | |||
| [[Category:3rd Party Routers]] | |||
Latest revision as of 15:33, 6 March 2015
660R-61C
This is an older router, and it's a bit more tricky to disable WAN side DNS lookups.
We would suggest that you purchase a new router, the P660R-D1 is available from AAISP.
This will need a filter added, via the telnet interface. AAISP have seen routers needing to be factory reset and re-configured before adding this rule. Generally, AAISP would suggest replacing this router, with a ZyXEL P660R-D1 or a Technicolor.
Add two filters, one to block DNS to your WAN IP address, and the other to your LAN Address:
1 Y IP Pr=0, SA=0.0.0.0, DA=[YOUR WAN ADDRESS], DP=53 N D N 1 Y IP Pr=0, SA=0.0.0.0, DA=[YOUR LAN ADDRESS], DP=53 N D F
i.e.:
e.g., create a new filter set with the following information:
Filter #: 6,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 IP Source Route= No Destination: IP Addr= [YOUR WAN ADDRESS] IP Mask= 255.255.255.255 Port #= 53 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= None TCP Estab= N/A More= No Log= None Action Matched= Drop Action Not Matched= Check Next Rule
Add a second filter in the set that uses Destination: IP Addr as the LAN address of your router, and set the Action Not Matched to Forward. e.g.
                   Filter #: 6,2
                   Filter Type= TCP/IP Filter Rule
                   Active= Yes
                   IP Protocol= 0     IP Source Route= No
                   Destination: IP Addr= 81.187.245.141
                                IP Mask= 255.255.255.255
                                Port #= 53
                                Port # Comp= Equal
                        Source: IP Addr=
                                IP Mask=
                                Port #=
                                Port # Comp= None
                   TCP Estab= N/A
                   More= No           Log= None
                   Action Matched= Drop           
                   Action Not Matched= Forward
Then add the filter number to the Remote Node (Menu 11, then edit filter set, AAISP Node, then go to Edit Filter Sets and change it to Yes. Pressing Enter will then take you to a screen where you can enter in the Filter rule number you created.)
The router will restart, but may need a powercycle.
- Then re-test from the Control Pages: https://clueless.aa.net.uk/dnsresolvers.cgi
