- Home »
- FAQ »
- Security »
- Content Security Management (CSM) »
- The difference between DNS Filter Profile and DNS Filter Local Setting
The difference between DNS Filter Profile and DNS Filter Local Setting
DNS Filter is a feature to filter the websites by examining the DNS queries. In CSM >> DNS Filterpage, there are two parts of the settings, which are DNS Filter Profile and DNS Filter Local Setting (as the following image shows). We only need to use one of them to make DNS filter work, and the choice depends on what DNS server is the client using.
When to use DNS Filter Profile?
If LAN client is using an external DNS server, which means the DNS queries are sent to WAN interface, then we should set up DNS Filter Profile and use the profile in a Firewall Filter Rule. (See “How to use URL Filter with DNS Filter to Block a HTTPS website?” for detailed instructions.)
You may check the DNS server of a network adapter by the command “ipconfig/all”. Below is an example when LAN client is using an external DNS server.
When to use DNS Filter Local Setting?
If LAN client is using the Vigor Router as DNS server, which means the DNS queries are sent to the router itself, then we should use DNS Filter Local Setting instead. DNS Filter Local Setting checks the DNS queries that destined to the router, but it does not filter the source IP; therefore, please note that once DNS Filter Local Setting is enabled, it will apply to all the LAN clients who use Vigor Router as their DNS server.
Below is an example result of "ipconfig/all" command when LAN client is using the router as DNS server.
Vigor routers also support Blacklist/Whitelist on Local DNS Filter to specify firewall for different users.