How to Block Google Public DNS

A common technique to circumvent geographical content barriers is smart DNS. Smart DNS re-routes your traffic via smart DNS servers and virtually places you in a region where the content you want is available. Using smart DNS is as easy as changing your DNS settings, and compared to using VPN is the simplest way to bypass those pesky geo-fencing restrictions.

However, many Netflix users have recently found their smart DNS services ceased working; this problem affected mostly those customers using the latest version of Netflix’s Android app, leaving many people wondering why?

It turns out that Netflix’s latest Android app uses Google’s DNS servers as a fail-safe in case a user’s DNS server stops working. Once the Android app begins querying Google’s DNS servers it bypasses the Smart DNS servers, leaving you in the lurch.

Similarly, Chromecast has Google’s DNS servers hard-coded into it. By forcing traffic through its own DNS servers, Google knows it can prevent people from using smart DNS services to gain access to content not available in their regions.

The solution to both examples of this problem is simple:

Block Google DNS Servers on your Router

In the following steps I will show you how to block Google’s public DNS server allowing you to continue using smart DNS services to access the content you want.

Because your router regulates all the traffic transiting your home network you can use it to set up traffic filters that restrict devices from querying Google’s DNS servers. You set up traffic filters on your router using the “Network Service Filter” feature found within the “Firewall” section.

Below is a demo of how to prevent Chromecast from querying Google Public DNS on an Asus RT AC68R router. For most other routers the procedures are the same, or similar.

  1. Login to the “Admin” portal of your router.
  2. Look for the “Network Services Filter” (or similar). Generally, it’s under the “Firewall” section, which is a feature available on most routers.
  3. Next, we’ll add four entries/filters to the “Network Service Filter Table”, like the following:
    Source IP Port Range Destination IP Port Range Protocol
    LAN IP/Blank 53 8.8.8.8 53 TCP
    LAN IP/Blank 53 8.8.8.8 53 UDP
    LAN IP/Blank 53 8.8.4.4 53 TCP
    LAN IP/Blank 53 8.8.4.4 53 UDP

    For each filter there are 5 fields to be filled; here are explanations of each field’s purpose.

    • “Source IP”: Enter the LAN IP of the device you want to block; leave it blank if you want to apply the filer to all LAN devices. Here, I want to block only Chromecast from querying Google’s DNS, so I entered the LAN IP of my Chromecast device: 192.168.1.100.
    • “Port Range”: Enter the local port range the service uses. We chose 53 here since that’s the port range utilized by DNS services.
    • “Destination IP”: Enter the IP address the service is trying to reach. Google DNS servers use IP “8.8.8.8” and IP “8.8.4.4”. We need to block both.
    • “Protocol”: Identify the protocol a specific service uses – because DNS uses both TCP and UDP, we need to block both. This means we’ll need to create 2 filters for each IP address, one for TCP, the other for UDP.
  4. Enable Network Services Filter

Your settings should look like the settings in the picture below.
AC68R Firewall Network Services Filter Settings
That’s it. That’s how you block Google DNS servers on your router.

References:

Image credit: https://flic.kr/p/5moCVF

4 Comments

  1. kevin October 28, 2015
  2. SSR April 26, 2016
  3. csk May 30, 2016
  4. Faisal June 29, 2016

Leave a Reply

Shares
Share This

Share This

Share this post with your friends!

Share This

Share this post with your friends!