25Feature request: Custom DNS setup for guest profile
I would like to make a feature request. Please add the option to set up a guest network with custom DNS setup.
This is badly missed. For instance, I need to block Google DNS and Open DNS on router level. This breaks the guest network functionality, as these DNS servers for some reason or other are required by the Eero to provide Internet access to clients. When Google's DNS servers are blocked, the Eero guest network only offers (isolated) local connections.
Thank you!
-
Why do you need to block Google DNS and OpenDNS?
Eero, like all routers, need external DNS servers so that they can connect to the internet and other networks outside your private network in your home/office. If you block those external DNS servers (Google, OpenDNS, etc), you will lose all connectivity to the internet.
I don't know if DNS can be done just on the guest network or not. Most routers don't have that kind of functionality.
-
There are many reasons for blocking these dns servers. One is privacy. Another is security guidelines from an employer. A third is the need to prevent rogue applications from sending hidden data back home to try and bypass application policies. There are probably many more. A fourth, which comes in handy on a guest network, is the ability to set up a personal dns server to have more control over what kind of traffic is permitted on my guest network.
Google and OpenDNS are not the only DNS providers on the planet. Since the functionality to bypass the DNS servers I use are obviously present (since Google'sDNS server address is written into the guest functionality, my main/home network functions perfectly even when these servers are blocked on router level), I struggle to understand why this is difficult to implement, since all it would take is for the user to be able to (a) replace 8.8.8.8/8.8.4.4 with another ip address, and (b) make that functionality available in the app. Perhaps there's just stuff I don't understand?
-
I would like to echo this request and add to it. In addition to being able to specify the DNS, I'd like to be able to specify what subnet the guest network uses.
-
I'll second this. I use OpenDNS and was surprised to find with guest network turned on, it was locked into using google dns servers. I'm not sure how this makes any sense.
-
With my eero I have the issue that it actually provides the same nameserver like the main network, even though the private network has an internal nameserver which handles local services. The guest network should use open dns / umbrella nameserves but I cant seem to define that separately for the guest network. This is problematic, because the guest network has no access to the internal nameserver of the private network and therefor guest cannot access anything at the moment, because the dns is not answering.
Is there any way to circumvent this?
-
I concur with the request to customize DNS for the Guest network. We have a 5 eero set-up at our church, and I came very close to returning the eeros when I realized that we lose the OpenDNS logging and protection for the guest network. I have OpenDNS configured to block inappropriate and malicious content, and that's extremely appropriate to have on our guest network as well as the primary internal network.
-
Adding my vote for this as well. Guest network needs custom DNS especially since the Plus features don't apply to it. Leaves a huge hole in what the kids can access, honestly rendering the whole Plus security thing useless.
-
Use case:
Main network: Use a DNS provider such as Google, CloudFlare, whatever.
Secondary network: Use a paid DNS provider with parental controls so I can block the 300 or so web comics sites my child is addicted to. Notice that this requires a custom blacklist because it is not covered by the various categories that paid parental control DNS typically offers.
Or you could reverse the scenario. The need for the uncontrolled network is to make it easy to inspect a site so that it can be re-allowed on the parental controls site.
Incidentally, this would be an interesting feature for the Eero itself.
-
Thanks for sharing your interest in this feature jgn, and welcome to the Community! We currently allow custom DNS configuration on the main eero network, so you can configure your DNS-based parental controls with eero, no problem. The Guest Network is hard-coded to use Google DNS (8.8.8.8/8.8.4.4) so you can use that as your control group to check sites as needed. The only potential thing to keep in mind when using the Guest network is that it doesn't interface with the main network in any way, so you'll lose out on LAN connectivity with other devices. Please let me know if you have any other questions and I'd be happy to advise!
Kindly,
Drew, eero Community Team -
Drew And parental control DNS settings don't apply to all users on the non-guest network? (Are the parental controls tied to Mac addresses or something?)
-
jgn As long as the parental controls are at the DNS level, then they should apply to all devices on the main network after being configured as your chosen DNS servers in the eero app. We don't currently offer the ability to configure specific DNS settings to devices by MAC address. Hope this helps!
Kindly,
Drew, eero Community Team
-
-
I need this because I have users on the guest network who are in my house... and anyone in my house can inadvertently expose kids to content. I'd simply like to send my network through Plus protection, and the guest network through either Plus or a safe DNS of my choosing.
-
A recent update has changed this from using Google's DNS to a mix of ISP DNS + user defined DNS, with the ISP DNS higher on the list. Hopefully we can flip the priority, or maybe have an option to simply define the guest network directly.
-
We subscribe to CleanBrowsing and have our own IPs for our custom DNS settings to block objectionable sites. We would like to set our eero guest network to use these same custom DNS servers.
Thank you!
-
Is there any update to this feature? Still would be helpful to specify DNS for all the networks.
-
I've not heard anything. It would be nice to be able to change the Guest Network DNS to something other than Google DNS (8.8.8.8/8.8.4.4). I prefer CleanBrowsing, but OpenDNS Family Shield would be a better option than Google for us.
-
+1, not sure why this is not an option. Hard coding DNS and forcing use of non privacy centric specific servers is not a good security practice.
