blocking specific DNS with CGN3

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
I've Been Here Awhile
Posts: 4

blocking specific DNS with CGN3

Hello,

Forgive me if this has been answered already, searched the Rogers forums and also the (non-existant) Hitron support section. 

Was wondering if anyone has had any luck with the CGN3 gateway telling it to bypass a specific DNS address.

I've picked up a Chromecast, and its hard-set to Google's DNS, regardless of what the gateway settings are. If i've read correctly, you can teach your gateway/router to ignore/refuse a specific DNS, I just for the life of me can;t figure out where in the software to do this.

 

running firmware 4.2.4.1.

 

thanks a bunch!

 

 

***edited labels***

Solved! Go to Solution.
Resident Expert
Resident Expert
Posts: 13,951

Re: blocking specific DNS with CGN3

Normally.. from MY experience.. IF there is any setting on a device for the DNS, it will always take presidence over anything in the gateway.

Normally.. if you have a device set up via DHCP.. it will get an IP address, the gateway address... and then often either specifically assigned DNS thats stored in the gateway, or will just take the gateways IP address as the DNS, and the gateway does forwarding of the DNS through what it has stored.

But.. if you have a DNS specified on the Device itself.. it will use that.  (i have my PCs set up this way).

 

I am guessing that you are trying to use a 3rd party DNS to use US netflix, etc?

Unfortunately, from what i can find.. there is only one way to do this.
You need to use a 3rd party router, using something like DD-WRT on it... which allows some pre-routing commands done, to change where those google DNS requests go to.

 

Alternatively, it looks like you can ROOT your chromecast, to a version which allows DNS changes as well



I've Been Here Awhile
Posts: 4

Re: blocking specific DNS with CGN3

yeah thats pretty much exactly what im trying to use it for. I've got conflicting reports saying i can do it (through static routing or blocking by firewall, which im completely lost on) and others that i need the dd-wrt modem. Hoping its the former, but not too confident. 

 

Unfortunately, it seems like you can only root the chromecast if it hasnt been updated out of the box, I made the mistake of doing this (you've basically got to shut your wireless off so it wont update on first insertion). I suppose it might come down to what's cheaper in the long run, buying a new chromecast + cables for flashing it or buying a new router. 

 

thanks for the help. 🙂

Resident Expert
Resident Expert
Posts: 13,951

Re: blocking specific DNS with CGN3

There is no way to adjust the firewall on the CGN3 (or most devices) other than setting forwarding, which ALLOWS port access, etc.
There are usually no ROUTING functions on any gateway, or even MOST 3rd party routers, unless you put the custom firmware on them.

(when you get up to the corporate level stuff, sure, but your talking $1k routers/switches :P)

But yeah.. those look like your options..

A ) see if there is a way to still root your current one.

B ) get a new one

C ) get a 3rd party DD-WRT compatable router

 

(i am running into similar types issues at home on my setup.  I am looking at a full VPN based solution, not just a DNS based for US access.  Thats fine for PC's, even my PHONES.  But my smart TV, which is what i use for netflix.. while i CAN change the DNS on it no issues.. NO VPN 😞  )



I've Been Here Awhile
Posts: 4

Re: blocking specific DNS with CGN3

ah thanks for the tips. 

ive returned it, picked up another, tried doing the root with the powered usb ports and a flashdrive and to my surprise, i find deep in a topic on it, anything with a serial number past a certain point (which essentially include all the ones available from Canada on) can't be rooted.  Looks like im going the modem route. 

 

thanks for all the help, i appreciate it.

 

Resident Expert
Resident Expert
Posts: 13,951

Re: blocking specific DNS with CGN3

No prob.

Just make sure you get a good enough one that is compatible.
You don't want one which is 10/100 only on the wan ports, etc.


Resident Expert
Resident Expert
Posts: 13,951

Re: blocking specific DNS with CGN3

Or alternatively... Get a different device which does similar to the chromecast which does support changing of the DNS


I've Been Here Awhile
Posts: 3

Re: blocking specific DNS with CGN3

To put it short, you'll have to put your hard earned money into something that should be granted upon you just for signing up.

Resident Expert
Resident Expert
Posts: 13,951

Re: blocking specific DNS with CGN3

Um... This issue has nothing to do with the Rogers service itself.

It's the DEVICE which has the restriction, and forces the work arounds to get it working.

90% of the routers out there can not do what the OP wants done without custom software on it.


I'm a Reliable Contributor
Posts: 348

Re: blocking specific DNS with CGN3

What you have to enter in this instance is some iptables command, likely what I show below.  Note that this can often be done by telnetting (or SSHing) into your modem.  The default Asus firmware allows you to do this.  However these commands are likley volatile in that they will need to be redone if your router loses power.   I am guessing that many routers will actually allow this, assuming that they are configured to do so, since telnet is a much lower level UI then something like a web interface and pretty much all of the SoCs that are in routers run a simplified version of Linux that should run a telnet daemon.  But soemtimes this is turned off by default as it can be a security risk.

 

My recommendation is to buy your own router and put the CGN3 in bridge mode.  I like Asus routers but there are lots of options.  Then install third party firmware like Merlin or dd-wrt and you will be good to go for this and many other things, like running an OpenVPN server on your router.

 

iptables -I PREROUTING -t nat -p udp -s 192.168.1.200 -d 8.8.8.8 --dport 53 -j DNAT --to-destination 208.122.23.22
iptables -I PREROUTING -t nat -p udp -s 192.168.1.200 -d 8.8.4.4 --dport 53 -j DNAT --to-destination 208.122.23.23